Security Affairs

DECEMBER 29, 2021

version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. version to address a recently discovered arbitrary code execution flaw, tracked as CVE-2021-44832, affecting Log4j 2.17.0. CVE-2021-44832 is the fifth vulnerability discovered in the popular library in the last weeks.

Libraries 125

Libraries Security IT Information Security 125

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library.

Libraries 140

Libraries IT Cloud Data breaches 140

Security Affairs

MARCH 2, 2022

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library. on February 24, 2022.

Libraries 89

Libraries Communications Security IT 89

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? According to Bloomberg , CNA Financial opted to pay the ransom two weeks after the security breach because it was not able to restore its operations. The pipeline allows carrying 2.5

Ransomware 112

Ransomware Cybersecurity Access Insurance 112

Security Affairs

OCTOBER 31, 2022

VMware warned of the existence of a public exploit targeting a recently addressed critical remote code execution (RCE) vulnerability, tracked as CVE-2021-39144 (CVSS score of 9.8), in NSX Data Center for vSphere (NSX-V). The remote code execution vulnerability resides in the XStream open-source library. Pierluigi Paganini.

Libraries 108

Libraries Cloud Security IT 108

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. It’s also the crypto library used by systemd for DNSSEC. The team recommends users to stop using the vulnerable version of the library. which we released last week.

Libraries 137

Libraries Encryption Privacy IT 137

IT Governance

JANUARY 10, 2022

For many, 2021 was a year to forget. The cyber security landscape offered similarly familiar topics: there were huge data breaches at Facebook and LinkedIn, while the threat of ransomware reached catastrophic levels. 2021 got off to an inauspicious start when cyber security researchers reported a huge leak of Brazilian residents’ data.

Security 115

Security Data breaches Ransomware Phishing 115

Security Affairs

NOVEMBER 5, 2021

Two popular npm libraries, coa and rc. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. Two npm libraries that have a total of 23 million weekly downloads, a data that is worrisome. 2/3] — npm (@npmjs) November 4, 2021. The post npm libraries coa and rc.

Libraries 100

Libraries Passwords Access Security 100

Security Affairs

JUNE 9, 2021

Microsoft’s June 2021 Patch Tuesday addressed 50 vulnerabilities, including six zero-day issues that are being actively exploited in the wild. Five vulnerabilities fixed by Microsoft’s June 2021 Patch Tuesday are rated Critical and 45 are rated Important in severity. Follow me on Twitter: @securityaffairs and Facebook.

Libraries 111

Libraries Cybersecurity Security IT 111

Security Affairs

OCTOBER 19, 2022

Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. ” wrote the security team. Pierluigi Paganini.

Libraries 98

Libraries IT Security Information Security 98

CILIP

JUNE 13, 2023

Connecting town and gown through the library How to help a community explore its slave-trading history: Lesley English, Head of Library Engagement at Lancaster University Library, explains how the library plays a key role in building bridges between town and gown. We connect, we innovate, we include.”

Libraries 52

Libraries Access Agriculture Education 52

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021. Pierluigi Paganini.

Government 86

Government Access Libraries Education 86

Security Affairs

FEBRUARY 9, 2021

Microsoft February 2021 Patch Tuesday addresses 56 vulnerabilities, including a flaw that is known to be actively exploited in the wild. The CVE-2021-1732 zero-day is an elevation of privilege issues that resides in the Windows Win32k component. ” reads a blog post published by Microsoft.

IoT 98

IoT Libraries Encryption Security 98

CILIP

JUNE 30, 2021

Independent Review of Public Library Financing Panel announcement. CILIP is delighted to announce the expert members of the recently established Independent Review of Public Library Financing Panel. Public libraries are a vital part of the fabric of daily life for millions of people across the UK every day. community management?

Libraries 52

Libraries Risk Government Security 52

Krebs on Security

JANUARY 11, 2022

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. In May 2021, Microsoft patched a similarly critical and wormable vulnerability in the HTTP Protocol Stack; less than a week later, computer code made to exploit the flaw was posted online. .” ” Quickly indeed.

Libraries 238

Libraries Security Access IT 238

The Texas Record

JULY 12, 2021

This event is organized by the Texas State Library and Archives Commission (TSLAC) and co-sponsored with the Texas Department of Information Resources (DIR) to promote electronic records management in Texas government. For more information about the 2021 e-Records conference, check out the conference website.

Records Management 78

Records Management Government Communications Libraries 78

The Texas Record

SEPTEMBER 22, 2021

Registration for the 2021 e-Records Conference is now open to state agencies and local governments. About e-Records 2021. Driven by new technologies and demands, Texas government is rapidly adapting to deliver easier, more secure, and constantly connected access to its external and internal stakeholders.

Records Management 52

Records Management Libraries Archiving Government 52

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library.

Libraries 130

Libraries Ransomware Access Security 130

IT Governance

DECEMBER 1, 2021

In November, we discovered 81 publicly disclosed cyber security incidents, accounting for 223,615,390 breached records. With one month left in 2021, the annual total running total of compromised records is to just shy of 5 billion. Cyber attacks. Ransomware. Data breaches. Financial information. In other news….

Data breaches 141

Data breaches Ransomware Computer and Electronics Healthcare 141

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. v1: Pulse Connect Secure MAR-10334057-3.v1:

Security 129

Security Authentication Libraries Passwords 129

CILIP

FEBRUARY 25, 2021

Public Libraries as part of the HM Government ?roadmap? CILIP welcomes the recognition of libraries as essential services and library staff as ?key s pandemic response, demonstrating the vital role public libraries have to play in our national recovery. Although many library services have been ?open? COVID-secure?

Libraries 52

Libraries Government Access Security 52

Security Affairs

DECEMBER 18, 2021

Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library a third security vulnerability made the headlines.

Libraries 143

Libraries Security Ransomware IT 143

Security Affairs

DECEMBER 12, 2021

Quebec shut down nearly 4,000 of its sites in response to the discovery of the Log4Shell flaw in the Apache Log4j Java-based logging library. Quebec shut down nearly 4,000 of its sites as a preventative measure after the disclosure of a PoC exploit for the Log4Shell flaw ( CVE-2021-44228 ) in the Apache Log4j Java-based logging library.

Libraries 111

Libraries Digital transformation Education Government 111

Security Affairs

JANUARY 2, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 347 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Security 92

Security Ransomware Libraries Data breaches 92

CILIP

JANUARY 5, 2021

Information professionals and the power of literature celebrated in 2021 New Year Honours list. The list featured a number of awards recognising the central role of knowledge, information and data in securing national resilience. The list also celebrated the contribution of the wider library and information community.

Libraries 52

Libraries Education Digital transformation Security 52

Data Protection Report

DECEMBER 13, 2021

On December 9, 2021 a critical vulnerability (CVE-2021-44228) was reported within the Apache Log4j Java logging framework. Confirm that your security operations center is monitoring external-facing systems for indicators of compromise. This is a critical vulnerability of very high significance to government and industry groups.

Libraries 58

Libraries Ransomware Cloud Risk 58

Security Affairs

DECEMBER 22, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of an open-source scanner for identifying web services impacted by Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. ” reads the description for the project. Pierluigi Paganini.

Libraries 115

Libraries Cybersecurity Security Government 115

CILIP

JULY 27, 2021

2021 CILIP Elections. CILIP is developing a new 5-year strategy which will see us continue the process of modernisation begun during our last 5-year Action Plan, Securing the Future. Published: 28 July 2021. Call-for-nominations ? More from Information Professional. This reporting is funded by CILIP members.

Libraries 52

Libraries Government Security 52

CILIP

MARCH 8, 2021

Feminist leadership, libraries and Covid-19. s Library which was established in 1991 and now has more than 20 paid staff ? s was Roly Keating, Chief Executive of the British Library. I have been a lifelong library lover, but have no formal training as an information professional. s Library were sown.? Adele said:

Libraries 52

Libraries Communications IT Archiving 52

Security Affairs

MARCH 11, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in VMware’s Cloud Foundation, tracked as CVE-2021-39144 (CVSS score: 9.8), to its Known Exploited Vulnerabilities Catalog. CISAgov added #CVE -2020-5741 & CVE-2021-39144 to the Known Exploited Vulnerabilities Catalog.

Cloud 89

Cloud Libraries Cybersecurity Risk 89

Security Affairs

DECEMBER 14, 2021

US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. beta9 to 2.14.1. ” reads the announcement published by CISA.

Libraries 97

Libraries Cybersecurity Security Risk 97

eSecurity Planet

AUGUST 5, 2021

Open source security has been a big focus of this week’s Black Hat conference, but no open source security initiative is bolder than the one proffered by the Open Source Security Foundation (OpenSSF). ” OpenSSF was formed a year ago by the merger of Linux Foundation, GitHub and industry security groups.

Security 143

Security Big data Libraries Communications 143

IT Governance

SEPTEMBER 1, 2021

If you find yourself facing a cyber security disaster, IT Governance is here to help. Hackers still $600m from Chinese cryptocurrency firm Poly Network (unknown) Japanese Exchange Liquid Global suffers cyber attack (unknown) Cream Finance loses $25 million in another security breach (unknown).

Data breaches 140

Data breaches Ransomware Insurance Data migration 140

Security Affairs

AUGUST 10, 2021

Microsoft released patch Tuesday security updates for August that address 120 CVEs in Microsoft products including a zero-day actively exploited in the wild. The post Microsoft patch Tuesday security updates fix PrintNightmare flaws appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook.

Security 99

Security Libraries IT 99

Security Affairs

SEPTEMBER 6, 2023

Microsoft discovered that the MSA key was accidentally leaked into a crash dump after a consumer signing system crashed in April 2021. The investigation revealed that the system crash in April of 2021 resulted in a snapshot of the crashed process (“crash dump”). ” reads the analysis published by Microsoft.

Authentication 109

Authentication Libraries Access Government 109

Security Affairs

DECEMBER 31, 2021

Below is the list of flaws discovered by the researchers: CVE-2021-20173 : Post Authentication Command Injection via SOAP Interface. CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). CVE-2021-23147 : Insufficient UART Protection Mechanisms.

Communications 124

Communications Libraries Encryption Authentication 124

Security Affairs

JULY 8, 2023

Google released July security updates for Android that addressed tens of vulnerabilities, including three actively exploited flaws. July security updates for Android addressed more than 40 vulnerabilities, including three flaws that were actively exploited in targeted attacks. ” reads the security bulletin. .

Libraries 95

Libraries Security Access IT 95