Google Researcher Details Windows Cryptographic Library Bug

Data Breach Today

Flaw Could Cause Denial-of-Service Event in Windows Fleet, Researcher Claims A Google security researcher has disclosed what he calls an unpatched bug in the main cryptographic library used in newer versions of the Windows operating system that he claims could affect an entire fleet of Windows-based devices

Patch Tuesday, December 2019 Edition

Krebs on Security

Handy in that respect is CVE-2019-1468 , a similarly widespread critical issue in the Windows font library that could be exploited just by getting the user to visit a hacked or malicious Web site. Time to Patch Microsoft Patch Tuesday December 2019 Recorded Future

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Patch Tuesday Lowdown, July 2019 Edition

Krebs on Security

” The DHCP weakness ( CVE-2019-0785 ) exists in most supported versions of Windows server, from Windows Server 2012 through Server 2019. CVE-2019-0865 is a denial-of-service bug in a Microsoft open-source cryptographic library that could be used to tie up system resources on an affected Windows 8 computer. Time to Patch CVE-2019-0785 CVE-2019-0865 CVE-2019-0880 CVE-2019-0887 CVE-2019-1132 Microsoft Patch Tuesday July 2019 Windows DHCP flaw

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. The impact of the issue could be severe considering that the jQuery JavaScript library is currently used on 74 percent of websites online, most sites still use the 1.x versions of the library that are affected by the ‘Prototype Pollution’ vulnerability. SecurityAffairs – hacking, jQuery JavaScript library ).

One world, one library network

CILIP

One world, one library network. Working Internationally for Libraries Virtual Conference 2021: A free, virtual conference for Public Libraries in the UK and across the world. Two, look for advocacy ideas and how best to campaign to keep libraries funded and active.?

Two malicious Python libraries were stealing SSH and GPG keys

Security Affairs

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The expert discovered the two libraries on December 1, by the German software developer Lukas Martini.

Mobile Libraries: Culture on the Go

Unwritten Record

National Bookmobile Day is April 22, part of National Library Week (April 19-25). . A library is a place that stores information, a place where people from all walks of life have the opportunity to obtain textual and audiovisual material for education, entertainment, and enlightenment.

Libraries Week 2019 celebrates libraries in a digital world

CILIP

Libraries Week 2019 celebrates libraries in a digital world. Annual Libraries Week celebrations (7-12 October 2019) will showcase how libraries have transformed their digital offer, featuring events and activities in more than 1,000 libraries across the UK. s competition to Build the Library of the Future out of LEGO bricks and win tickets to LEGOLAND Windsor and ?500 500 to donate to a library of your choice. LOVE YOUR LIBRARY? ?

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. The backdoor was used by attackers to inject mining code in Ruby projects using the malicious versions of the libraries. The post A backdoor mechanism found in tens of Ruby libraries appeared first on Security Affairs.

Cisco Talos discovered 2 critical flaws in the popular OpenCV library

Security Affairs

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code.

Backdoor mechanism found in Ruby strong_password library

Security Affairs

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The dangerous code was used to check the password strength of user-chosen passwords when the library was being used in a production environment. The attacker created a new version of the library (version 0.0.7

Prototype Pollution flaw discovered in all versions of Lodash Library

Security Affairs

Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. The flaw could be exploited by hackers to compromise the security of affected services using the library. The popular library is currently used in more than 4 million projects on GitHub. “The popular npm library is used by 4.35 Just shy of 40k GitHub project stars, the library is downloaded over 80 million times each month.

What are libraries worth?

CILIP

What are libraries worth? What are libraries worth? Suffolk Libraries has recently commissioned and published research to do just that: convert the social value of three of its core services into pounds and pence. Bruce Leeke, chief executive of Suffolk Libraries said: ?Talking

Shh! No Hacking the Census in the Library

WIRED Threat Level

Opinion: Millions of folks filling out the 2020 Census on public library computers also are putting themselves at risk. Security Opinion Security / Cyberattacks and Hacks

A flaw in the Libarchive library impacts major Linux distros

Security Affairs

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. . The libarchive library is a multi-format archive and compression library that implements a single interface for reading/writing various compression formats.

Magecart Returns with Advertising Library Tactic

Threatpost

Malware Web Security adverline Advertising Card skimming group 12 Library magecart third party javascriptThe threat group also has a new subsidiary, Magecart Group 12.

Feminist leadership, libraries and Covid-19

CILIP

Feminist leadership, libraries and Covid-19. s Library which was established in 1991 and now has more than 20 paid staff ? In 2019 Adele completed a Clore Leadership Fellowship, a programme set up to develop and strengthen leadership potential across the cultural and creative sectors.

Why presidential libraries are controversial

IG Guru

The post Why presidential libraries are controversial appeared first on IG GURU. Barack Obama’s is dividing opinions, as others have before. Archives Business Record Retention Records Management Risk News

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Security Affairs

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library. The library is named Closure and according to the expert it fails to properly sanitize user input.

The Big Issue and Library Champion Bobby Seagull bring the case for library funding to Parliament

CILIP

The Big Issue and Library Champion Bobby Seagull bring the case for library funding to Parliament. At a Parliamentary event at the House of Lords today, The Big Issue and Library Champion Bobby Seagull will join forces with CILIP, the UK library association, to make the case for long-term sustainable funding for libraries. 250m investment in the Culture Investment Fund, of which 50% is to be allocated to library and museum sector development.

Google expert disclosed details of an unpatched flaw in SymCrypt library

Security Affairs

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. The recently released Microsoft Patch Tuesday security updates for June 2019 failed to address a flaw in SymCrypt , a core cryptographic function library currently used by Windows. Ormandy privately reported the flaw to Microsoft in March 2019, but the tech giant failed into fixing it after 90 days.

Designing Libraries: Making space for makerspaces

CILIP

Recently I heard a librarian say that introducing makerspaces into libraries was one of the riskiest undertakings the service had ever embarked upon. I found this a little odd, since we are all in the information business and a lot of library time is taken up with answering ?how s library buildings are a mixture of ancient and modern. We increasingly share premises with other services, so sensitivity is always required when we adapt library spaces for new purposes ?

The British Library?s International Library Leaders Programme

CILIP

The British Library?s s International Library Leaders Programme. Ilene McKenna is the Lead Archivist, Archival Information System Renewal at Library and Archives Canada. In November 2019, she had the opportunity to take part in British Library?s

Winner of Excellence in Prison Libraries Award 2019

CILIP

The CILIP prison Libraries Group is delighted to announce that the winner of the 2019 Excellence in Prison Libraries Award is HMP/YOI Chelmsford for their ?Family Family Library Time? Family Library Time is an added value family visit which takes place in the Prison Library rather than the visits hall. s a friendly event incorporating an extended Rhymetime session, themed craft activities and library promotions such as Calm Down Boris! TITLE.

Celebrating the Library of the Future for Libraries Week

CILIP

s children build their Library of the Future for Libraries Week. Children, young people and LEGO enthusiasts from age 2 to 85 have been hard at work as part of Libraries Week ? s much-loved libraries. In a CILIP competition to build the Library of the Future out of LEGO bricks, hundreds of entries have highlighted the many different ways in which libraries will support their users in the future. to distribute books to library users. library lates?,

Apprenticeships: supporting new talent in to libraries

CILIP

Apprenticeships: supporting new talent in to libraries. Last summer Kirklees Libraries recruited two new apprentices as part of a council-wide programme to develop and deliver apprentice opportunities. ve worked for Kirklees libraries for 35 years.

The impact of Universal Credit on frontline public library workers

CILIP

The impact of Universal Credit on frontline public library workers. benefit that requires the vast majority of claimants to make and manage their claim online - is having on public library services across the UK. We are conducting this research because the Department for Work and Pensions is encouraging people to use the library to make and manage a claim if they do not have internet access at home and/or they need support with digital skills. Published: 18 October 2019.

Adobe September 2019 Patch Tuesday updates fix 2 code execution flaws in Flash Player

Security Affairs

Adobe September 2019 Patch Tuesday updates address two code execution bugs in Flash Player and a DLL hijacking flaw in Application Manager. Adobe has released September 2019 Patch Tuesday updates that address two code execution vulnerabilities in Flash Player and a DLL hijacking flaw in Application Manager. This update resolves an insecure library loading vulnerability in the installer that could lead to Arbitrary Code Execution.”

The Library of Everything

CILIP

Emerging Technologies: The Library of Everything. Library of Babel ([link] in real life ? a (practically) infinite library. t get rid of your library collections or data centres just yet, but do plan for a future where data will be cheaper and more abundant, and start thinking about the implications of finding needles in haystacks. Published: 15 May 2019. ? CILIP non member newsletter. Close.

Rakuten OverDrive in partnership with CILIP to support Libraries Week 2019

CILIP

Rakuten OverDrive in partnership with CILIP to support Libraries Week 2019. CILIP is proud to announce that Rakuten OverDrive, the leading digital reading platform for libraries and schools worldwide, is supporting Libraries Week 2019 as a sponsor. Libraries Week is a celebration of the nation?s s much-loved libraries with a focus this year on celebrating libraries in a digital age. About Libraries Week. Published: 17 July 2019.

Trends in the library technology market ? a UK perspective

CILIP

Trends in the library technology market ? Ken Chad looks at the underlying issues and trends that are shaping library technology. His piece focuses on public libraries and libraries in higher education institutions. In his 2020 Library Systems anoted, ?Technology

CILIP welcomes Labour Party Manifesto commitment to libraries

CILIP

CILIP welcomes Labour Party Manifesto commitment to libraries. s Library and Information Association, has welcomed the commitment in the Labour Party?s s 2019 General Election manifesto to secure the long-term future of public libraries. Manifesto for Libraries?,

Library-Themed University Phishing Attack Expands to Massive Scale

Threatpost

Cobalt Dickens (a.k.a. Silent Librarian) is now actively targeting 380 universities, bent on stealing credentials and moving deeper into school networks. Breach Web Security cobalt dickens CTU expansion phishing campaign Proofpoint silent librarian student credentials universities

Uncovering vulnerabilities in Cryptographic libraries: Mayhem, Matrixssl, and WolfSSL

ForAllSecure

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Introduction.

Cyber Defense Magazine – March 2019 has arrived. Enjoy it!

Security Affairs

MARCH 2019 EDITION (RSA CONFERENCE PRINT EDITION & E-MAG COMING NEXT WEEK). Cyber Defense eMagazine March 2019 Edition has arrived. Visit our online library by clicking here. INFOSEC AWARDS RESULTS ANNOUNCED MARCH 4, 2019, HERE. . RSA Conference for 2019 takes place in San Francisco, California on March 4, 2019. The post Cyber Defense Magazine – March 2019 has arrived. Cyber Defense Magazine October 2018 Edition has arrived.

e-Records 2019 Call for Presentations

The Texas Record

The annual e-Records Conference will be held Friday, November 15, 2019. We want to you to speak at e-Records 2019. This event is organized by the Texas State Library and Archives Commission (TSLAC) and co-sponsored with the Texas Department of Information Resources (DIR) to promote electronic records management in Texas government. The deadline for submitting presentation proposals is FRIDAY, JULY 19, 2019.

New guide to improving library services using key library assessment methodologies

CILIP

New book on improving library services with assessment data. Facet Publishing announces the publication of Putting Library Assessment Data to Work by Selena Killick and Frankie Wilson. Putting Library Assessment Data to Work takes common sources of data that academic libraries will already be collecting, and presents simple qualitative and quantitative techniques that can be used to evaluate and assess their services, both in detail and overall.

Cyber Defense Magazine – April 2019 has arrived. Enjoy it!

Security Affairs

Cyber Defense eMagazine April 2019 Edition has arrived. Visit our online library by clicking here. . INFOSEC AWARDS 2019 RESULTS HERE – CONGRATS TO WINNERS! The post Cyber Defense Magazine – April 2019 has arrived. We hope you enjoy this month’s edition…packed with over 140 pages of excellent content. InfoSec Knowledge is Power. We have 7 years of eMagazines online with timeless content. CLICK HERE TO DOWNLOAD A HIGH QUALITY PDF VERSION.

How to run a library campaign

CILIP

How to run a library campaign: a work in progress. SAVE Our Libraries Essex. Published: 20 May 2019. Digital doesn't mean technology. Union. CILIP. CILIP. Contributor: Information Professional. More from Information Professional. In depth. Interview. Insight. This reporting is funded by CILIP members. Find out more about the. Benefits of CILIP membership. Sign Up for our non member newsletter. ? CILIP non member newsletter. Close.

Prison library: Bringing children and dads together

CILIP

Prison library: Bringing children and dads together. THE world of the prison library is, by its very nature, hidden from the view of most people. But prison libraries are a statutory requirement (The Prison Rules, 1999 [link] and there is some wonderful work going on in jails around the country, which few people get to hear about. The library is situated fairly near the main gate in one of the Victorian wings, but it looks very much like any small branch library ?