2016 and Libraries - Information Management Today

Apache Struts users have to update FileUpload library to fix years-old flaws

Security Affairs

NOVEMBER 6, 2018

Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. Struts 2.3.x

Libraries

Libraries Access Security IT

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The new malware implement new and improved rootkit and worm capabilities, it continues to target cloud applications by exploiting known vulnerabilities such as Oracle WebLogic ( CVE-2017-10271 ) and Apache ActiveMQ ( CVE-2016-3088 ) servers. One of the ways to use LD_PRELOAD is to add the crafted library to /etc/ld.so.preload.”

Cloud

Cloud Libraries Mining IT

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The advisory fixed the CVE-2016-1000031 flaw, a remote code execution (RCE) bug in the Apache Commons FileUpload, disclosed in November last year. The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable.

Financial Services

Financial Services Libraries Mining Retail

Webinars

Agent Tooling: Connecting AI to Your Tools, Systems & Data

Automation, Evolved: Your New Playbook for Smarter Knowledge Work

From Curiosity to Competitive Edge: How Mid-Market CEOs Are Using AI to Scale Smarter

MORE WEBINARS

INFRA:HALT flaws impact OT devices from hundreds of vendors

Security Affairs

AUGUST 4, 2021

IN FRA:HALT is a set of vulnerabilities affecting a popular TCP/IP library commonly OT devices manufactured by more than 200 vendors. NicheStack (aka InterNiche stack) is a proprietary TCP/IP stack developed originally by InterNiche Technologies and acquired by HCC Embedded in 2016. ” states the report.

Manufacturing

Manufacturing Libraries Cloud Security

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs

JULY 30, 2024

The original Mandrake campaign had two major infection waves, in 2016–2017 and 2018–2020. These included relocating malicious functions to obfuscated native libraries, using certificate pinning to secure C2 communications, and determine if it was running on a rooted device or in an emulated environment.

Libraries

Libraries Communications Encryption IT

EU launches bug bounty programs for 15 software

Security Affairs

DECEMBER 31, 2018

Bug bounties for other nine products ( FLUX TL , KeePass , 7-zip , Digital Signature Services (DSS) , Drupal , GNU C Library ( glibc ) , PHP Symfony , Apache Tomcat , and WSO2 ) are arranged through the Intigrity platform. GNU C Library (glibc). Digital Signature Services (DSS). 25.000,00 € 30/01/2019. 15/10/2019.

Libraries

Libraries Privacy Security IT

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. According to the report published by the US-CERT, Hidden Cobra has been using the FASTCash technique since at least 2016, the APT group targets bank infrastructure to cash out ATMs.

Retail

Retail Libraries Government Phishing

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. “Both Mac and Linux variants use the WolfSSL library for SSL communications. This library has been used by several threat actors.” ” continues the report.

Libraries

Libraries Communications Encryption Authentication

The Emotet botnet is back and hits 100K recipients per day

Security Affairs

DECEMBER 26, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot). since August.

Ransomware

Ransomware Libraries Cybersecurity Security

After 2 years under the radars, Ratsnif emerges in OceanLotus ops

Security Affairs

JULY 1, 2019

“Compared to the 2016 variants this sample introduces a configuration file and does not rely on C2 for operation. The experts analyzed four different samples of the Ratsnif RAT, three dated back 2016, and the fourth created in H2 2018. of the wolfSSL library , formerly known as CyaSSL. ” continues the analysis.

Manufacturing

Manufacturing Libraries Security Communications

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Security Affairs

APRIL 13, 2023

APT29 along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections. One of them was a Windows shortcut (LNK) file pretending to be a document but actually running a hidden DLL library with the actor’s tools.”

Libraries

Libraries Military Education Government

75% of medical infusion pumps affected by known vulnerabilities

Security Affairs

MARCH 3, 2022

High) 52.11% 3 CVE-2016-9355 5.3 Medium) 50.39% 4 CVE-2016-8375 4.9 Palo Alto Networks reported that some issues are related to third-party cross-platform libraries used by the devices, such as network stacks. CVE Severity (Score) % of analyzed pumps with CVEs 1 CVE-2019-12255 9.8 Critical) 52.11% 2 CVE-2019-12264 7.1

IoT

IoT Risk Libraries Security

Security Affairs newsletter Round 222 – News of the week

Security Affairs

JULY 13, 2019

Backdoor mechanism found in Ruby strong_password library. Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016. Prototype Pollution flaw discovered in all versions of Lodash Library. Customers of 7-Eleven Japan lost $500,000 due to a flaw in the mobile app. Kali Linux is now available for Raspberry Pi 4.

Security

Security Libraries Data breaches Ransomware

Experts warn of two flaws in popular open-source software ImageMagick

Security Affairs

FEBRUARY 2, 2023

Vulnerabilities on open-source libraries like ImageMagick are very dangerous and can be exploited by attackers in the wild. The two vulnerabilities affect ImageMagick version 7.1.0-49 49 of the software, they were addressed in with the release of version 7.1.0-52 52 on November 2022.

Metadata

Metadata Libraries Security IT

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Security Affairs

JULY 25, 2019

STC) has been sanctioned for interfering with the 2016 U.S. Monokle has been used in highly targeted attacks at least since March 2016, it supports a wide range of spying functionalities and implements advanced data exfiltration techniques. Petersburg, Russia-based company, Special Technology Centre, Ltd. ( Presidential election.

Cleanup

Cleanup Passwords Communications Libraries

Security Affairs newsletter Round 249

Security Affairs

FEBRUARY 2, 2020

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros. Hackers penetrated NEC defense business division in 2016. Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM. A vulnerability in Zoom platform allowed miscreants to join Zoom meetings. Magento 2.3.4 Report: Threat of Emotet and Ryuk.

Security

Security Military Ransomware Libraries

Mobile Libraries: Culture on the Go

Unwritten Record

APRIL 14, 2020

National Bookmobile Day is April 22, part of National Library Week (April 19-25). . A library is a place that stores information, a place where people from all walks of life have the opportunity to obtain textual and audiovisual material for education, entertainment, and enlightenment. Libraries, Mobile — Third Army La.

Libraries

Libraries Education Access Agriculture

Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA

Security Affairs

JANUARY 15, 2020

Microsoft Patch Tuesday updates for January 2020 address a total of 49 vulnerabilities in various products, including a serious flaw, tracked as CVE-2020-0601, in the core cryptographic component of Windows 10, Server 2016 and 2019 editions. Microsoft confirmed that it is not aware of attacks in the wild exploiting the CVE-2020-0601 flaw.

Libraries

Libraries Encryption Security Risk

Chronicle experts spotted a Linux variant of the Winnti backdoor

Security Affairs

MAY 20, 2019

” The technical analysis of the Linux version of Winnti backdoor revealed the presence of two files, the main backdoor (libxselinux) and a library (libxselinux.so) used to avoid the detection. ” In 2016, the Winniti hackers also hit German heavy industry giant ThyssenKrupp to steal company secrets.

Healthcare

Healthcare Communications Libraries Access

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

The newest firmware revision is bated back 2016 and its known to be affected by several bugs that can be exploited to compromise the device. At the time of the discovery, the malicious ELF binary showed a minimum detection rate on VirusTotal. We received confirmation about these details from the Cr1ptT0r group member we talked to.”

Ransomware

Ransomware Encryption File names Libraries

Russia-linked APT28 targets government Polish institutions

Security Affairs

MAY 10, 2024

jpg.exe , which pretends to be a photo and is used to trick the recipient into clicking on it, script.bat (hidden file), fake library WindowsCodecs.dll (hidden file). The group was involved also in the string of attacks that targeted 2016 Presidential election. The attack chain includes the download of a ZIP archive file from webhook[.]site,

Government

Government Military Libraries Archiving

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Triada Trojan was spotted for the first time in 2016 by researchers at Kaspersky Lab that considered it the most advanced mobile threat seen to the date of the discovery. The experts discovered a system library called libandroid_runtime.so that was tampered to inject a snippet code into a function called println_native.

Libraries

Libraries Communications Big data Security

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server

Security Affairs

JULY 31, 2020

The motion picture acquisition agreements, tax ID requests, and contract addendum scans all date between 2013 and 2016. The vast majority of the files stored in the unsecured bucket are film thumbnail pictures and various promotional materials. What to do if you’ve been affected?

Access

Access Authentication Marketing Security

How Libraries Can Support Those with Dementia

CILIP

JANUARY 19, 2023

How Libraries Can Support Those with Dementia Libraries are often considered the heart of the community, but not everyone understands just how much they have to offer. When it comes to dementia services, libraries have enormous potential to support people with dementia and their carers.

Libraries

Libraries Education Access IT

Trends in the library technology market ? a UK perspective

CILIP

FEBRUARY 17, 2021

Trends in the library technology market ? Ken Chad looks at the underlying issues and trends that are shaping library technology. His piece focuses on public libraries and libraries in higher education institutions. In public libraries the LMS is no longer the central piece of library technology it was.

Libraries

Libraries Marketing e-Discovery Education

CILIP announces Honorary Fellowships including Library Champion Bobby Seagull

CILIP

OCTOBER 5, 2020

CILIP announces Honorary Fellowships including Library Champion Bobby Seagull. Bobby Seagull and CILIP are delighted to announce that he will be continuing in the role of CILIP Library Champion for 2020-21. My family were thrilled when they found out, as libraries have been an important part of the fabric of our family life.

Libraries

Libraries Government IT

Community hubs keep libraries in the heart of local users

CILIP

JANUARY 14, 2020

Community hubs keep libraries in the heart of local users. Community hubs keep libraries in the heart of local users. It is no secret that public libraries have been hit hard by austerity. Library Authorities have had to find their own way through, making difficult decisions that affect staff and customers.

Libraries

Libraries IT Education Government

UNCOVERING VULNERABILITIES IN CRYPTOGRAPHIC LIBRARIES: MAYHEM, MATRIXSSL, AND WOLFSSL

ForAllSecure

MAY 19, 2020

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? Fuzzing MatrixSSL. We chose to look at parsing x509 certificates. Fuzzing WolfSSL.

Libraries

Libraries IoT Security Passwords

Turning over new leaves: Can outdoor spaces help libraries grow?

CILIP

FEBRUARY 17, 2020

Turning over new leaves: Can outdoor spaces help libraries grow? Turning over new leaves: Can outdoor spaces help libraries grow? ?IF IF you have a garden and a library, you have everything you need,? If you have a garden in your library, everything will be complete!? their library. The Sir Alex Ferguson Library?s

Libraries

Libraries Education Access IT

APT34: Glimpse project

Security Affairs

MAY 2, 2019

According to Duo, “ OilRig delivered Trojans that use DNS tunneling for command and control in attacks since at least May 2016. Whoever is leaking the toolset also has been dumping information about the victims OilRig has targeted, as well as data identifying some of the servers the group uses in its attacks.

Computer and Electronics

Computer and Electronics Communications Government Security

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

FEBRUARY 21, 2020

The Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. The two dll are legit windows library and are used in support of the malicious behaviour. Introduction.

Military

Military Communications Encryption IT

Library and Archives Canada’s journey of discovery: modernising our digital preservation infrastructure using Preservica

Preservica

NOVEMBER 29, 2018

On World Digital Preservation Day 2018, Sylvain Bélanger, Director General of Digital Operations and Preservation at Library and Archives Canada (LAC) discusses operating at scale, the challenges of preserving high volume born-digital content, and giving Canadians greater access to Canada’s continuing memory.

Digital preservation

Digital preservation Archiving Libraries Government

August 2018 Microsoft Patch Tuesday fixes two flaws exploited in attacks in the wild

Security Affairs

AUGUST 15, 2018

A buffer overflow vulnerability affects Microsoft SQL Server 2016 and 2017, a remote attacker could exploit it to execute arbitrary code on an affected system in the context of the SQL Server Database Engine service account. .” Below the description for some of the RCE flaws addressed by Microsoft. ” states the advisory.

Libraries

Libraries Security IT

Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)

ForAllSecure

MAY 19, 2020

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? Fuzzing MatrixSSL. We chose to look at parsing x509 certificates. Fuzzing WolfSSL.

Libraries

Libraries IoT Security Passwords

Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)

ForAllSecure

MAY 19, 2020

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? Fuzzing MatrixSSL. We chose to look at parsing x509 certificates. Fuzzing WolfSSL.

Libraries

Libraries IoT Security Passwords

Backdoor Built into Android Firmware

Schneier on Security

JUNE 21, 2019

Triada first came to light in 2016 in articles published by Kaspersky here and here , the first of which said the malware was "one of the most advanced mobile Trojans" the security firm's analysts had ever encountered. The attackers used the backdoor to surreptitiously download and install modules.

Manufacturing

Manufacturing Libraries Security IT

Community Webs to bring web archiving to public libraries

Archive-It

JUNE 30, 2017

The Internet Archive is accepting applications from public librarians to participate in a program of continuing education, training, and services to enable public libraries to build collections of historically-valuable, web published materials documenting their local communities. This is where the Community Webs project comes in.

Archiving

Archiving Libraries Education Access

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Security Affairs

AUGUST 23, 2018

In June 2016, researchers from Kaspersky reported that the Turla APT had started using rootkit), Epic Turla (Wipbot and Tavdig) and Gloog Turla. The backdoor is a standalone DLL (dynamic link library) that interacts with Outlook and The Bat! The only requirement is that it includes a container in the right format.”.

Metadata

Metadata Military Libraries Access

Friends, Feedback and the Future of Digital Preservation: Preservica Global User Group 2016

Preservica

APRIL 18, 2016

To ensure everyone had the best experience possible we held this year’s meeting at Queens College, steeped in history and with an enviable archive and library of its own it was the perfect location to host our users. The 2016 User Group was a brilliant learning opportunity, and much enjoyed by all who attended.

Digital preservation

Digital preservation Libraries Archiving IT

News alert: Introducing Mayhem Security — ForAllSecure unveils name change, fresh focus

The Last Watchdog

OCTOBER 1, 2024

Today, the Mayhem platform has been integrated into thousands of open-source projects, building a library of behavioral tests, identifying new zero-days, and helping defend against software supply chain threats. In 2016, the company won DARPA’s cyber grand challenge focused on autonomous security.

Security

Security Education Cybersecurity Libraries

Through the Looking-Glass, and What Bonnie Will Find There

The Texas Record

MAY 25, 2021

Amarillo Training Trip 2016. I had many great relationships with current and former TSLAC colleagues over the years, but there’s one in particular that inspired me to stay curious and to apply the traditional library science to records and information management.

Records Management

Records Management Libraries Government IT

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

eSecurity Planet

APRIL 1, 2024

The fix: Apply the emergency fixes issued by Microsoft for: Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Attackers Actively Exploit Fortinet Enterprise Management Server SQLi Flaw Type of vulnerability: SQL injection (SQLi) flaw. The fix: Update affected versions ASAP: FortiClient EMS 7.2: through 7.2.2

Libraries

Libraries Authentication Artificial Intelligence Cloud

Crowley Company Honored with Modern Library Awards, Office of Economic Development Top 50 Ranking

Info Source

JANUARY 9, 2020

. – The Crowley Company (Crowley), a worldwide leader in digitization scanning solutions and conversion services, is pleased to announce two honors bestowed this week: three platinum Modern Library (MLA) awards and a place on the Frederick County Top 50 Workplaces list. These include: Crowley Imaging.

Libraries

Libraries Manufacturing Records Management Paper

MY TAKE: Poorly protected local government networks cast shadow on midterm elections

The Last Watchdog

SEPTEMBER 14, 2018

During 2016, 39 states were hacked. If they can do that by stealing personally identifiable information or any of the other valuable things from a government institution, whether it’s a library or a court system, they’ll do just that.”. They are going to attack wherever they can because they can make a buck off it.

Government

Government Digital transformation Mining Insurance

Apache Struts users have to update FileUpload library to fix years-old flaws

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Webinars

Trending Sources

Oracle critical patch advisory addresses 284 flaws, 33 critical

Webinars

INFRA:HALT flaws impact OT devices from hundreds of vendors

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

EU launches bug bounty programs for 15 software

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

The Emotet botnet is back and hits 100K recipients per day

After 2 years under the radars, Ratsnif emerges in OceanLotus ops

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

75% of medical infusion pumps affected by known vulnerabilities

Security Affairs newsletter Round 222 – News of the week

Experts warn of two flaws in popular open-source software ImageMagick

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Security Affairs newsletter Round 249

Mobile Libraries: Culture on the Go

Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA

Chronicle experts spotted a Linux variant of the Winnti backdoor

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Russia-linked APT28 targets government Polish institutions

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server

How Libraries Can Support Those with Dementia

Trends in the library technology market ? a UK perspective

CILIP announces Honorary Fellowships including Library Champion Bobby Seagull

Community hubs keep libraries in the heart of local users

UNCOVERING VULNERABILITIES IN CRYPTOGRAPHIC LIBRARIES: MAYHEM, MATRIXSSL, AND WOLFSSL

Turning over new leaves: Can outdoor spaces help libraries grow?

APT34: Glimpse project

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Library and Archives Canada’s journey of discovery: modernising our digital preservation infrastructure using Preservica

August 2018 Microsoft Patch Tuesday fixes two flaws exploited in attacks in the wild

Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)

Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)

Backdoor Built into Android Firmware

Community Webs to bring web archiving to public libraries

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Friends, Feedback and the Future of Digital Preservation: Preservica Global User Group 2016

News alert: Introducing Mayhem Security — ForAllSecure unveils name change, fresh focus

Through the Looking-Glass, and What Bonnie Will Find There

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

Crowley Company Honored with Modern Library Awards, Office of Economic Development Top 50 Ranking

MY TAKE: Poorly protected local government networks cast shadow on midterm elections

Stay Connected