Outpost24

MARCH 17, 2022

Opensource from hell: malicious JavaScript distributed via opensource libraries, again. Thu, 03/17/2022 - 08:01. In this blog our CSO explores why distribution of malicious scripts via libraries is causing a stir amongst the open-source community and how you can defend against it. Florian Barre. Ghost Labs.

Libraries 97

Libraries IT 97

Security Affairs

OCTOBER 25, 2022

A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database library, which was introduced in October 2000. on July 21, 2022.

Libraries 80

Libraries Security IT Information Security 80

Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The experts have found more than 60 applications in Google Play that were containing the malicious library.

Libraries 97

Libraries Data collection Education Security 97

Security Affairs

JANUARY 10, 2023

The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken ( JWT ) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS score: 7.6), that could lead to remote code execution. addressed the issue.

Libraries 82

Libraries Security awareness Authentication Security 82

Security Affairs

APRIL 9, 2023

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. servers, it has approximately four million weekly downloads and its library is part of 722 packages. servers, it has approximately four million weekly downloads and its library is part of 722 packages.

Libraries 75

Libraries File names Education Cybersecurity 75

Security Affairs

JUNE 16, 2022

Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.

Libraries 80

Libraries Cybersecurity Security IT 80

CILIP

FEBRUARY 20, 2024

Library buyers’ role in tech start-ups Frode Opdahl, CEO of Keenious explains the origins of an AI-driven start-up and how its success depends on library buyers keeping the sector attractive to start-ups that wish to innovate the research experience. It was later that we saw it as a tool for libraries.”

Libraries 52

Libraries Education Artificial Intelligence Sales 52

CILIP

DECEMBER 14, 2022

£135,000 funding for Anti-racist library collections in Wales. 14 December 2022. The investment will fund a new project – Anti-racist Library Collections: a training plan for public libraries in Wales with the purpose of raising the profile of libraries. Phase 1 - November 2022-April 2023.

Libraries 52

Libraries Government Security IT 52

Security Affairs

MAY 3, 2022

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. ” continues the advisory.

Libraries 105

Libraries IoT Cybersecurity Security 105

Security Affairs

JULY 4, 2022

Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. ” Google added.

Libraries 106

Libraries Communications Access IT 106

CILIP

JANUARY 10, 2023

Libraries and sanctuary. John Vincent has been actively tackling social exclusion in libraries and other cultural and heritage organisations through The Network (www.seapn.org.uk) and the Libraries of Sanctuary project, that evolved from the Cities of Sanctuary.

Libraries 52

Libraries IT Access 52

Security Affairs

MARCH 2, 2022

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library. on February 24, 2022.

Libraries 94

Libraries Communications Security IT 94

CILIP

OCTOBER 20, 2023

Learning from our Past: Celebrating Black History Month with Lancaster University Library Slavery Banner in Lancaster Universit Library (to Sunita Abraham) Lancaster University Library takes the lead in decolonisation to reach staff and students of the university, with a diverse range of engaging, and enriching activites, initiatives, and projects.

Libraries 65

Libraries Access Communications IT 65

Security Affairs

APRIL 11, 2022

Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings.

Security 88

Security Cybersecurity Libraries Access 88

CILIP

SEPTEMBER 25, 2023

Download Now: Making the Difference - an Excellence Framework for Prison Libraries Making the Difference - an Excellence Framework for Prison Libraries supports prison library providers and prison library staff to develop, deliver and promote prison library services. Every prison library is different.

Libraries 52

Libraries Education Access IT 52

Security Affairs

FEBRUARY 9, 2022

Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products, including a zero-day bug. Microsoft February 2022 Patch Tuesday also addressed a publicly disclosed Elevation of Privilege zero-day in Windows Kernel tracked as CVE-2022-21989. both received a CVSS score of 8.8.

Security 84

Security Libraries Access IT 84

CILIP

AUGUST 8, 2023

The horizon scanning department for public libraries THE appetite for horizon scanning among public librarians is huge – as we have recently seen at the CILIP Conference – but the number of public librarians paid to do it is minimal. For me the next progression would have been outside of the library world. “For

Libraries 52

Libraries Access Artificial Intelligence IT 52

CILIP

JUNE 13, 2023

Connecting town and gown through the library How to help a community explore its slave-trading history: Lesley English, Head of Library Engagement at Lancaster University Library, explains how the library plays a key role in building bridges between town and gown. We connect, we innovate, we include.”

Libraries 52

Libraries Access Agriculture Education 52

Security Affairs

APRIL 12, 2022

Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities, including an actively exploited zero-day reported by NSA. One of these flaws, tracked as CVE-2022-24521 (CVSS score 7.8), is a Windows Common Log File System Driver Elevation of Privilege issue that is actively exploited. Pierluigi Paganini.

Libraries 97

Libraries Cybersecurity Security IT 97

Security Affairs

JULY 4, 2022

Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. ” Google added.

Libraries 80

Libraries Communications Access IT 80

Security Affairs

OCTOBER 19, 2022

Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. ” reads the post published by Munoz.

Libraries 98

Libraries IT Security Information Security 98

Security Affairs

APRIL 7, 2022

Palo Alto Networks addressed a high-severity OpenSSL infinite loop vulnerability, tracked as CVE-2022-0778 , that affects some of its firewall, VPN, and XDR products. According to Palo Alto Networks, the CVE-2022-0778 vulnerability can be exploited by remote attackers to trigger a denial of service condition and crash vulnerable devices.

Libraries 97

Libraries Cybersecurity Authentication Cloud 97

CILIP

NOVEMBER 7, 2022

New book highlights the importance of libraries to those seeking sanctuary in the UK. However, libraries can provide refuge and support for people in these situations, whether directing them to local groups or in-house help. Published: November 2022. ?. ?. ?. From CILIP.

Libraries 52

Libraries Archiving Access IT 52

CILIP

APRIL 20, 2023

Controversial materials in libraries and what to do about them Controversy is never far away from Professor Louise Cooke – it is a subject that has informed her work, research and teaching since she began life as a librarian. She says: “It is one of the greatest challenges facing libraries today.

Libraries 52

Libraries Access Analytics IT 52

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543 , in Redis (Remote Dictionary Server) servers. In March 2022, the U.S. Attackers loads the library file exp_lin.so

Libraries 143

Libraries Honeypots Communications Cybersecurity 143

Security Affairs

OCTOBER 21, 2022

GitHub’s threat analyst Alvaro Munoz this week disclosed a remote code execution vulnerability, tracked as CVE-2022-42889 (CVSS score 9.8), in the open-source Apache Commons Text library. Apache Commons Text is a library focused on algorithms working with strings. ” reads the post published by Wordfence.

Libraries 51

Libraries Security IT Information Security 51

Preservica

DECEMBER 29, 2022

From academic institutions and government agencies to corporate businesses and the health sector, 2022 was full of world events that will shape our history forever. 2022 drove rapid growth in the adoption of Preservica’s software with the user community climbing by over 60%, including more than 3,500 users of our Preservica Starter edition.

Digital preservation 75

Digital preservation Archiving Records Management e-Discovery 75

Security Affairs

SEPTEMBER 3, 2022

Google on Friday released emergency fixes to address a vulnerability, tracked as CVE-2022-3075, in the Chrome web browser that is being actively exploited in the wild. The CVE-2022-3075 flaw is caused by insufficient data validating in Mojo. The vulnerability was reported by an anonymous researcher on August 30, 2022.

Libraries 118

Libraries Communications Security IT 118

Security Affairs

OCTOBER 28, 2022

Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723. šek, Milánek, and Przemek Gmerek of Avast on October 25, 2022.

IT 116

IT Libraries Communications Access 116

IT Governance

JANUARY 3, 2023

As tempting as it is turn our backs on 2022 and look forward to the new year, let’s take a moment to consider the security incidents that occurred, for better or worse, at the back end of last year. In total, we found 78 publicly recorded data breaches in December 2022, which accounted for 31,586,757 breached records.

Data breaches 115

Data breaches Ransomware e-Discovery Insurance 115

Security Affairs

NOVEMBER 2, 2022

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library.

Libraries 107

Libraries Encryption Authentication Communications 107

Security Affairs

JULY 7, 2022

The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue , tracked as CVE-2022-2274 , affecting the popular library. released on June 21, 2022.

Libraries 113

Libraries Encryption Communications Security 113

Preservica

SEPTEMBER 16, 2022

So, imagine my delight when CoSA partnered with BPE for their 2022 conference. As a former archivist at the Texas State Library and Archives Commission, the Council of State Archivists (CoSA) will forever be on my radar. the websites and physical spaces in libraries and archives. This was finally my year for BPE/CoSA!

Digital preservation 52

Digital preservation Metadata Archiving Libraries 52

Security Affairs

MARCH 31, 2024

ESET first discovered a new Linux version of DinodasRAT in October 2023, but experts believe it has been active since 2022. The campaign seems active since at least early 2022 and focuses primarily on government organizations. The library uses the Tiny Encryption Algorithm ( TEA ) in CBC mode to cipher and decipher the data.

Libraries 135

Libraries Encryption Communications Government 135

IT Governance

JUNE 1, 2022

Welcome to our May 2022 review of data breaches and cyber attacks. The post List of data breaches and cyber attacks in May 2022 – 49.8 We identified 77 security incidents during the month, resulting in 49,782,129 compromised records. You can find the full list below, with incidents affecting UK organisations listed in bold. Ransomware.

Data breaches 126

Data breaches Ransomware Phishing Education 126

IT Governance

AUGUST 1, 2022

Welcome to our July 2022 review of data breaches and cyber attacks. The post List of Data Breaches and Cyber Attacks in July 2022 – 99.2 We identified 85 security incidents during the month, resulting in 99,243,757 compromised records. You can find the full list below, broken into categories.

Data breaches 119

Data breaches Ransomware Insurance Access 119

Security Affairs

NOVEMBER 25, 2022

Google on Thursday released security updates to address a new zero-day vulnerability, tracked as CVE-2022-4135, impacting the Chrome web browser. Google rolled out an emergency security update for the desktop version of the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4135, that is actively exploited.

Libraries 98

Libraries Communications Security Access 98