IT Governance

NOVEMBER 6, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Library branches remain open, Wi-Fi is still available and materials can still be borrowed. Welcome to this week’s round-up of the biggest and most interesting news stories.

Data Privacy 97

Data Privacy Privacy Libraries Security 97

Security Affairs

SEPTEMBER 24, 2020

” reads the analysis published by CheckPoint. The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg. A malicious code could allow the hackers to access a device’s phone contacts, camera, GPS data, and files stored into the device.

Access 119

Access Libraries Communications IT 119

Security Affairs

JULY 8, 2019

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The attacker created a new version of the library (version 0.0.7

Libraries 82

Libraries Passwords Security IT 82

Security Affairs

MARCH 11, 2024

ai have published technical details and a proof-of-concept (PoC) exploit for the critical security flaw CVE-2024-1403 in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security vulnerability in OpenEdge Release 11.7.18 Researchers from Horizon3.ai

Authentication 120

Authentication Passwords Libraries Access 120

Security Affairs

MAY 1, 2024

Since then, it has gained popularity among statisticians and data miners for its powerful features and extensive libraries for data manipulation, visualization, and statistical analysis. ” reads the analysis published by HiddenLayer. ” continues the analysis.

Metadata 116

Metadata Libraries Access IT 116

eSecurity Planet

OCTOBER 18, 2021

But that success and the openness inherent in the community have led to a major challenge – security. Therefore, any security vulnerabilities are disclosed publicly. This has given rise to a large number of open source security tools. The Best Open Source Security Tools. WhiteSource.

Security 136

Security Encryption Compliance Libraries 136

eSecurity Planet

MAY 19, 2023

Application security tools and software solutions are designed to identify and mitigate vulnerabilities and threats in software applications. Their main purpose is to protect applications from unauthorized access, data breaches, and malicious attacks.

Security 96

Security Cloud Compliance Risk 96

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Authentication 121

Authentication Libraries Access Security 121

Security Affairs

DECEMBER 20, 2023

The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day. Reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19” reads the advisory published by the IT giant. ” continues the advisory.

Libraries 119

Libraries Access IT Information Security 119

Security Affairs

APRIL 21, 2024

The threat actors behind the DuneQuixote campaign took steps to prevent collection and analysis the implants through the implementation of practical and well-designed evasion methods. The malware is developed in C/C++ without utilizing the Standard Template Library (STL), and certain segments are coded in pure Assembler.”

Libraries 102

Libraries Communications IT Government 102

Security Affairs

NOVEMBER 29, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser. ” reads the advisory published by Google.

Libraries 119

Libraries Security Access IT 119

ForAllSecure

MAY 19, 2020

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? Fuzzing MatrixSSL. We chose to look at parsing x509 certificates. include "x509.h"

Libraries 52

Libraries IoT Security Passwords 52

eSecurity Planet

APRIL 1, 2024

While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks. March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. Upgrade versions 7.2.0 through 7.2.2

Libraries 94

Libraries Authentication Artificial Intelligence Cloud 94

ForAllSecure

MAY 19, 2020

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? Fuzzing MatrixSSL. We chose to look at parsing x509 certificates. include "x509.h"

Libraries 52

Libraries IoT Security Passwords 52

Security Affairs

DECEMBER 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms.

IT 98

IT Libraries Cybersecurity Passwords 98

ForAllSecure

MAY 19, 2020

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? Fuzzing MatrixSSL. We chose to look at parsing x509 certificates. include "x509.h"

Libraries 52

Libraries IoT Security Passwords 52

Security Affairs

APRIL 19, 2023

Google rolled out emergency security patches to address another actively exploited high-severity zero-day flaw in the Chrome browser. The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023.

Libraries 94

Libraries Education Access Cybersecurity 94

Security Affairs

APRIL 22, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added MinIO, PaperCut, and Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. CVE-2023-27350 (CVSS score – 9.8) – PaperCut MF/NG Improper Access Control Vulnerability. CVE-2023-2136 – Google Chrome Skia Integer Overflow Vulnerability.

IT 94

IT Libraries Cybersecurity Education 94

Security Affairs

SEPTEMBER 6, 2023

Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, data theft, and credential access attacks. The attackers forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key.

Authentication 114

Authentication Libraries Access Government 114

Security Affairs

JULY 7, 2022

OrBit allows operators to achieve remote access capabilities over SSH, harvests credentials, and logs TTY commands. ” reads the analysis published by the experts. “The shared object hooks functions from 3 libraries: libc, libcap and Pluggable Authentication Module (PAM). ” continues the experts.

Libraries 126

Libraries Cybersecurity Authentication Access 126

Security Affairs

JULY 8, 2023

Google released July security updates for Android that addressed tens of vulnerabilities, including three actively exploited flaws. July security updates for Android addressed more than 40 vulnerabilities, including three flaws that were actively exploited in targeted attacks. ” reads the security bulletin. .

Libraries 97

Libraries Security Access IT 97

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, the researchers observed a surge in zero-day vulnerabilities in third-party components and libraries that can impact all products that use them. ” concludes the report.

Government 117

Government Ransomware Libraries Access 117

Security Affairs

JUNE 26, 2023

China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks. CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon , using a novel tradecraft to gain initial access to target networks. ” concludes the report.

Cleanup 85

Cleanup Libraries Access Manufacturing 85

eSecurity Planet

FEBRUARY 13, 2023

Application security is the practice of securing software and data from hackers, whether that application comes from a third party or was developed in house, regardless of where it resides or how it’s accessed. How Does Application Security Work? What Are the Types of Application Security?

Security 85

Security Cloud Risk Computer and Electronics 85

Security Affairs

DECEMBER 9, 2019

Google has released the source code of a tool, dubbed PathAuditor, designed to help developers identify vulnerabilities related to file access. Google decided to release the source code of a tool dubbed PathAuditor designed to help developers identify vulnerabilities related to file access. ” reads the post published by Google.

Access 74

Access Libraries Security IT 74

eSecurity Planet

JUNE 22, 2023

Dynamic Application Security Testing (DAST) combines elements of pentesting, vulnerability scanning and code security to evaluate the security of web applications. By doing this, DAST helps determine how secure the web application is and pinpoint areas that need improvement. How Does DAST Work? How Does DAST Work?

Security 85

Security Risk Libraries IT 85

The Last Watchdog

MARCH 29, 2022

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. By no means has the cybersecurity community been blind to the complex security challenges spinning out of digital transformation. Log4j, for instance, is a ubiquitous logging library.

Security 223

Security Cloud Digital transformation Cybersecurity 223

IBM Big Data Hub

DECEMBER 15, 2023

Open-source AI projects and libraries, freely available on platforms like GitHub, fuel digital innovation in industries like healthcare, finance and education. Leveraging existing libraries and tools, small teams of developers can build valuable applications for diverse platforms like Microsoft Windows, Linux, iOS and Android.

Libraries 71

Libraries Artificial Intelligence Education Access 71

Security Affairs

DECEMBER 2, 2021

Threat actors are targeting e-stores with remote access malware, dubbed NginRAT, that hides on Nginx servers bypassing security solutions. Researchers from security firm Sansec recently discovered a new Linux remote access trojan (RAT), tracked as CronRAT , that hides in the Linux task scheduling system (cron) on February 31st.

Libraries 129

Libraries Access Security IT 129

Security Affairs

JANUARY 28, 2024

The maintainers of the open-source platform have addressed nine security vulnerabilities, including a critical flaw, tracked as CVE-2024-23897 , that could lead to remote code execution (RCE). The vulnerability was reported by the researcher Yaniv Nizry from Sonar who wrote a detailed analysis of the issue.

Libraries 131

Libraries Authentication IT Access 131

Security Affairs

DECEMBER 12, 2021

Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. Pierluigi Paganini.

Honeypots 140

Honeypots Libraries Authentication Passwords 140

Security Affairs

APRIL 14, 2023

Google released an emergency security update to address a zero-day vulnerability in Chrome which is actively exploited in the wild. Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue.

Libraries 89

Libraries Education Cybersecurity Security 89

Security Affairs

DECEMBER 19, 2022

The package claims to offer access the SentinelOne’s APIs , but it actually contains malicious code to harvest sensitive information from development systems, including credentials, configuration data, and SSH keys. . ” reads the analysis published by ReversingLabs. ” continues the post. Pierluigi Paganini.

Data collection 112

Data collection Libraries Access Cybersecurity 112

Security Affairs

NOVEMBER 16, 2022

“CISA obtained four malicious files for analysis during an on-site incident response engagement at a Federal Civilian Executive Branch (FCEB) organization compromised by Iranian government sponsored advanced persistent threat (APT) actors.” ” reads the Malware Analysis Report (AR22-320A) published by CISA.

Mining 119

Mining Government Cybersecurity Libraries 119

Security Affairs

JULY 2, 2022

Security researchers from Horizon3.ai The tool is very attractive to threat actors because of the privileged access they have to Active Directory. The unauthenticated remote code execution vulnerability was discovered by security researcher Naveen Sunkavally at Horizon3.ai ” continues the analysis.

Libraries 98

Libraries Authentication Security Access 98