Troy Hunt

MAY 16, 2018

Just a tad over 5 years ago, I released my first ever Pluralsight course - OWASP Top 10 Web Application Security Risks for ASP.NET. Developers have a huge appetite for OWASP content and I'm very happy to now give them even more Top 10 goodness in the course I'm announcing here - Play by Play: OWASP Top 10 2017.

Libraries 48

Libraries Risk IT Security 48

eSecurity Planet

MAY 19, 2023

Application security tools and software solutions are designed to identify and mitigate vulnerabilities and threats in software applications. These tools play a vital role in ensuring the security, integrity, and confidentiality of sensitive information, such as personal data and financial records.

Security 90

Security Cloud Compliance Risk 90

Hunton Privacy

FEBRUARY 22, 2022

The FTC has long used this authority to take action against companies in the privacy and data security context. According to the complaint , after Equifax was alerted to a critical network security vulnerability in March 2017, the company’s security personnel ordered that vulnerable systems be patched within 48 hours.

Privacy 102

Privacy Libraries Cybersecurity Security 102

Preservica

NOVEMBER 29, 2018

On World Digital Preservation Day 2018, Sylvain Bélanger, Director General of Digital Operations and Preservation at Library and Archives Canada (LAC) discusses operating at scale, the challenges of preserving high volume born-digital content, and giving Canadians greater access to Canada’s continuing memory. Our digital preservation vision.

Digital preservation 58

Digital preservation Libraries Archiving Government 58

Security Affairs

JANUARY 31, 2021

The new malware implement new and improved rootkit and worm capabilities, it continues to target cloud applications by exploiting known vulnerabilities such as Oracle WebLogic ( CVE-2017-10271 ) and Apache ActiveMQ ( CVE-2016-3088 ) servers. One of the ways to use LD_PRELOAD is to add the crafted library to /etc/ld.so.preload.”

Cloud 95

Cloud Libraries Mining IT 95

The Texas Record

DECEMBER 4, 2017

This is the fourth post of a multi-part recap of the 2017 e-Records Conference. Presentation materials from the conference are available on the e-Records 2017 website. When moving records between libraries in SharePoint, the integrity of the document could be altered. Information Governance: Take Control and Succeed.

Information governance 56

Information governance Government Compliance Metadata 56

Schneier on Security

JUNE 21, 2019

In 2017, some Android phones came with a backdoor pre-installed : Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. The attackers used the backdoor to surreptitiously download and install modules.

Manufacturing 100

Manufacturing Libraries Security IT 100

Security Affairs

DECEMBER 13, 2021

Cybersecurity and Infrastructure Security Agency (CISA) added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog , including recently disclosed Apache Log4Shell Log4j and Fortinet FortiOS flaws. The post CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.

CMS 104

CMS Authentication Libraries Risk 104

Security Affairs

JANUARY 7, 2023

IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi , Zeus , and Dridex. The “maker.dll” is a malicious libraries used to perform various malicious activities and load the IcedID malware, while “ikm.msi” is a legitimate installer of the Zoom application.

Phishing 96

Phishing Libraries Cybersecurity IT 96

Security Affairs

MARCH 28, 2022

The bot includes exploits for Oracle WebLogic Server vulnerabilities CVE-2019-2725 and CVE-2017-10271 , and the Drupal RCE flaw tracked as CVE-2018-7600. “Debian and Ubuntu have also released security advisories regarding this matter. It saves it as “/tmp/russ” and executes it. Pierluigi Paganini.

Libraries 97

Libraries IoT Communications Access 97

eSecurity Planet

DECEMBER 10, 2021

A critical vulnerability in the open-source logging software Apache Log4j 2 is fueling a chaotic race in the cybersecurity world, with the Apache Software Foundation (ASF) issuing an emergency security update as bad actors searched for vulnerable servers. Anybody using Apache Struts is likely vulnerable. Enterprises Urged to Apply the Patch.

Risk 133

Risk Libraries Cybersecurity Honeypots 133

Security Affairs

JUNE 15, 2019

The best news of the week with Security Affairs. Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw. Google expert disclosed details of an unpatched flaw in SymCrypt library. Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws. A new round of the weekly SecurityAffairs newsletter arrived!

Security 58

Security Metadata Libraries Data breaches 58

Security Affairs

JULY 8, 2023

The spear-phishing message appears as a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. ” continues the analysis.

Archiving 98

Archiving Cloud File names Metadata 98

Security Affairs

DECEMBER 31, 2018

Bug bounty programs are very important for the security of software and hardware, major tech firms launched their own programs to discover flaws before hackers. The project was renewed in 2017 for three more years including bug bounty programs to improve the security of software used. GNU C Library (glibc). 15/10/2019.

Libraries 103

Libraries Privacy Security IT 103

Security Affairs

FEBRUARY 15, 2019

Security experts at Symantec have discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners. The malicious Monero (XMR) Coinhive cryptomining scripts were delivered leveraging the Google’s legitimate Google Tag Manager (GTM) library.

Mining 98

Mining Libraries Analytics Security 98

Security Affairs

JULY 20, 2023

Lookout first detected WyrmSpy as early as 2017, while it first discovered DragonEgg at the start of 2021. These commands include instructing the malware to upload log files, photos stored on the device, and acquire device location using the Baidu Location library.” Most recent samples of DraginEgg are dated April 2023.

File names 94

File names Libraries Cybersecurity IT 94

The Last Watchdog

SEPTEMBER 2, 2018

Just like the best sourdough bread derives from a “mother” yeast that gets divided, passed around, and used over and over, open-source software applications get fashioned from a “mother” library of code created and passed around by developers. Related: Equifax hack highlights open source attack vectors.

Compliance 129

Compliance Libraries Sales Personal data 129

Thales Cloud Protection & Licensing

MARCH 10, 2021

What’s driving the security of IoT? The Urgency for Security in a Connected World. It’s also enabling manufacturers to respond faster to security vulnerabilities, market demand, and even natural disasters. Device Security is Hard. Guest Blog: TalkingTrust. Thu, 03/11/2021 - 07:39. They're attractive targets.

IoT 77

IoT Security Manufacturing Encryption 77

Security Affairs

JANUARY 18, 2019

The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable. The CVE-2017-5645 flaw resides in the Codehaus versions of Groovy and affected OCA Unified Inventory Management. Pierluigi Paganini.

Financial Services 72

Financial Services Libraries Mining Retail 72

CILIP

OCTOBER 27, 2021

s CILIP honorary fellowships represent the breadth and scope of the information, knowledge management and library profession. He was the interim Government Chief Scientific Adviser from 2017 to 2018, including during the Novichok poisonings. He advocates reading for mental health and actively supports public libraries.

Libraries 52

Libraries Government IT Security 52

Security Affairs

JUNE 13, 2019

A security expert at SEC Consult discovered that some WAGO industrial managed switches are affected by several serious vulnerabilities. A security researcher at consulting company SEC Consult discovered several vulnerabilities in some models of WAGO industrial switches. ” reads the security advisory. Pierluigi Paganini.

Libraries 72

Libraries Passwords IoT Security 72

The Last Watchdog

MARCH 4, 2019

In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT security systems. That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. Fast forward to 2017. Manipulating runtime.

Energy and Utilities 176

Energy and Utilities Systems administration Access Cybersecurity 176

Security Affairs

NOVEMBER 24, 2019

According to Cofense, in the most recent campaign, the message was sent by a compromised email account and passed Symantec Email Security and Microsoft EOP gateways. Unlike past attacks, in the last campaign, attackers attempted to exploit the Microsoft Office remote code execution vulnerability ( CVE-2017-8570 ). Pierluigi Paganini.

Libraries 87

Libraries Sales Phishing IT 87

National Archives Records Express

NOVEMBER 3, 2022

As part of this effort, in 2017 NARA turned the focus to overall strategies, creating a new Digital Preservation Program in the Office of the Deputy Archivist of the United States. The cloud-based ERA 2.0 development.

Digital preservation 98

Digital preservation Archiving Access Libraries 98

Security Affairs

FEBRUARY 19, 2020

Security researchers from TrendMicro have uncovered a cyber espionage campaign carried out by an APT group tracked as DRBControl that employed a new family of malware. The Type 2 backdoor was first released in July 2017, it was employed in a spear-phishing attack distributing a weaponized Microsoft Word document. Pierluigi Paganini.

Libraries 103

Libraries Phishing Passwords IT 103

The Last Watchdog

SEPTEMBER 6, 2019

based security vendor in the thick of helping companies make more of their threat feeds. The company launched in 2013, the brainchild of Ryan Trost and Wayne Chiang, a couple of buddies working as security analysts in a U.S. We spoke at Black Hat USA 2019. ThreatQuotient is a Reston, Virg.-based

Big data 118

Big data Analytics Libraries Digital transformation 118

Security Affairs

OCTOBER 3, 2018

In one incident in 2017, HIDDEN COBRA actors enabled cash to be simultaneously withdrawn from ATMs located in over 30 different countries. “HIDDEN COBRA actors most likely deployed ISO 8583 libraries on the targeted switch application servers. Security Affairs – Hidden Cobra, FastCash ). ” states the report.

Retail 96

Retail Libraries Phishing Authentication 96

Security Affairs

DECEMBER 3, 2018

Security experts at HackenProof are warning Open Elasticsearch instances expose over 82 million users in the United States. Elasticsearch is a Java-based search engine based on the free and open-source information retrieval software library Lucene. ” reads a blog post published by HackenProof. citizens (i.e. citizens (i.e.

Data breaches 105

Data breaches Libraries Analytics Archiving 105

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker been active since at least December 2017, researchers observed a spike in its operations in April and most recent attacks were uncovered in June.

Military 87

Military File names Libraries Government 87

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. It’s interesting to notice it calls some “non-library” functions; functions loaded from the previously referenced dll file. Table 3 – DLL information. Pierluigi Paganini.

Libraries 92

Libraries Phishing Security IT 92

Security Affairs

JUNE 18, 2020

Security researchers at ESET recently uncovered a campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe. . The attack chain begins with the deployment of a TCP downloader that fetches the next stage payload.

Military 89

Military Communications Libraries Encryption 89

CILIP

DECEMBER 11, 2023

He gives an example from his early days at the Department for the Environment: “I remember in April 1986, I was on the library enquiry desk. Decades later his library role has shifted into managing across the full gamut of KIM-related disciplines, but he is still supporting the Government’s information needs in crises.

Government 52

Government Libraries Computer and Electronics Information governance 52

The Security Ledger

JULY 26, 2018

In this Spotlight Podcast, sponsored by Trusted Computing Group*, Dennis Mattoon of Microsoft Research gives us the low-down on DICE: the Device Identifier Composition Engine Architectures, which provides a means of solving a range of security and identity problems on low cost, low power IoT endpoints. Among them: establishing strong device.

IoT 40

IoT Security Military Retail 40

Security Affairs

NOVEMBER 5, 2019

In 2017, a hacker group known as the Shadow Brokers stolen malware and hacking tools from the arsenal of the NSA-Linked Equation Group , then it published online the data dump called “ Lost in Translation.” The DarkUniverse has been active at least from 2009 until 2017. mod and glue30.dll. The updater. Pierluigi Paganini.

Libraries 56

Libraries Phishing Communications Cloud 56

Security Affairs

APRIL 18, 2019

We analyzed this sample two years ago and we linked it to a Sofacy attack operation discovered by FE researchers in the mid of 2017, which hit several hotels in European and Middle Eastern countries. GAMEFISH document dropper (reference sample, 2017). Technical Analysis. exe” system utility. Figure 4: “mrset.bat” file code.

Passwords 71

Passwords Libraries Phishing IT 71

Security Affairs

MAY 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. Further technical details, including IoCs, are reported in the analysis published by inSile.

Libraries 89

Libraries Phishing Government Cloud 89