Analysis, Cybersecurity and Libraries - Information Management Today

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Security Affairs

JANUARY 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Libraries

Libraries IT Cybersecurity Risk

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The experts have found more than 60 applications in Google Play that were containing the malicious library.

Libraries

Libraries Data collection Education Security

Researchers disclosed a remote code execution flaw in Fastjson Library

Security Affairs

JUNE 16, 2022

Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.

Libraries

Libraries Cybersecurity Security IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory.

Security

Security Authentication Libraries Passwords

AI & ML Cybersecurity: The Latest Battleground for Attackers & Defenders

eSecurity Planet

FEBRUARY 11, 2022

Machine learning (ML) and artificial intelligence (AI) have emerged as critical tools for dealing with the ever-growing volume and complexity of cybersecurity threats. Statistical analysis on large datasets allows the ability to predict a computer’s behavior and anticipate actions that haven’t even been programmed.

Cybersecurity

Cybersecurity Phishing Analytics Risk

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms. x before 0.2.1 x before 0.3.1.

IT

IT Libraries Cybersecurity Passwords

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 22, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added MinIO, PaperCut, and Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023.

IT

IT Libraries Cybersecurity Education

OrBit, a new sophisticated Linux malware still undetected

Security Affairs

JULY 7, 2022

Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected. ” reads the analysis published by the experts. ” continues the experts.

Libraries

Libraries Cybersecurity Authentication Access

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

eSecurity Planet

APRIL 1, 2024

Horizon3 published an analysis and proof of concept to exploit Fortinet’s FortiClient Enterprise Management Server (EMS). The US Cybersecurity & Infrastructure Security Agency (CISA) added this exploit to their vulnerability catalog indicating active exploitation in the wild. Upgrade versions 7.2.0 through 7.2.2 to version 7.2.3

Libraries

Libraries Authentication Artificial Intelligence Cloud

Google fixed the second actively exploited Chrome zero-day of 2023

Security Affairs

APRIL 19, 2023

The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-12 [$1000][ 1430644 ] Medium CVE-2023-2137: Heap buffer overflow in sqlite.

Libraries

Libraries Education Access Cybersecurity

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

Security Affairs

MARCH 16, 2023

“Actors were then able to upload malicious dynamic-link library (DLL) files (some masqueraded as portable network graphics [PNG] files) to the C:WindowsTemp directory.” The joint alert recommends network defenders review the Malware Analysis Report, MAR-10413062-1.v1 ” reads the advisory. ” reads the MAR.

Libraries

Libraries Government Ransomware Cybersecurity

HackerGPT 2.0 Unveils New AI Cyber Defense Strategies

eSecurity Planet

MARCH 15, 2024

HackerGPT, first launched in 2023, is a ChatGPT-powered tool that merges AI technology with cybersecurity-focused expertise. in February 2024, it serves as an extensive repository of hacking tools and techniques to actively assist users in managing complex cybersecurity protection strategies. Launch of HackerGPT 2.0

Cybersecurity

Cybersecurity Education Privacy Access

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js.

Mining

Mining Libraries Cybersecurity Security

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its Known Exploited Vulnerabilities Catalog. The attacking server that is defined as the master uses this connection to download the shared library exp_lin.so This library allows for exploitation of the vulnerability and runs arbitrary commands later.

Libraries

Libraries Honeypots Communications Cybersecurity

Meet The Team Behind Mayhem: Come See Us At These Upcoming June 2023 Events

ForAllSecure

JUNE 7, 2023

We have 4 upcoming events planned for June 2023: Mayhem Unleashed Webinar: Discover our Next Generation Security Testing Solution DevSecOps Roundtable CyberSecurity Summit Hartford ForAllSecure APFT (Adversary, Penetration, and FuzzTesting) Training Read on to learn more about June’s events. We hope to see you there!

Libraries

Libraries Sales Cybersecurity Education

Google fixed the first Chrome zero-day of 2023

Security Affairs

APRIL 14, 2023

The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11” reads the advisory published by Google. The vulnerability is a Type Confusion issue that resides in the JavaScript engine V8.

Libraries

Libraries Education Cybersecurity Security

Raspberry Robin spotted using two new 1-day LPE exploits

Security Affairs

FEBRUARY 11, 2024

Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The analysis of the samples before October, revealed that the operators also used an exploit for CVE-2023-29360. The vulnerability is triggered when one of the following IOCTLs.

Communications

Communications Manufacturing Libraries Cybersecurity

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

IT Governance

NOVEMBER 6, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Library branches remain open, Wi-Fi is still available and materials can still be borrowed. As of the publication of this blog post, the Library’s website remains offline.

Data Privacy

Data Privacy Privacy Libraries Security

Iran-linked threat actors compromise US Federal Network

Security Affairs

NOVEMBER 16, 2022

“CISA obtained four malicious files for analysis during an on-site incident response engagement at a Federal Civilian Executive Branch (FCEB) organization compromised by Iranian government sponsored advanced persistent threat (APT) actors.” ” reads the Malware Analysis Report (AR22-320A) published by CISA.

Mining

Mining Government Cybersecurity Libraries

IcedID malware campaign targets Zoom users

Security Affairs

JANUARY 7, 2023

” reads the analysis published by Cyble. The analysis conducted by the experts revealed that the file was a version of the IcedID malware. The “maker.dll” is a malicious libraries used to perform various malicious activities and load the IcedID malware, while “ikm.msi” is a legitimate installer of the Zoom application.

Phishing

Phishing Libraries Cybersecurity IT

Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware

Security Affairs

DECEMBER 19, 2022

Cybersecurity researchers at ReversingLabs have discovered a new malicious package, named ‘SentinelOne,’ on the Python Package Index (PyPI) repository that impersonates a legitimate software development kit (SDK) for SentinelOne. . ” reads the analysis published by ReversingLabs. ” continues the post.

Data collection

Data collection Libraries Access Cybersecurity

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

Cybersecurity company Check Point uncovered a malicious activity, tracked as Stayin’ Alive , that is targeting high-profile government and telecom entities in Asian countries, including Vietnam, Uzbekistan, Pakistan, and Kazakhstan. ” reads the analysis published by Checkpoint.

Government

Government IT Encryption Libraries

Fleckpe Android malware totaled +620K downloads via Google Play Store

Security Affairs

MAY 5, 2023

Upon executing one of the infected apps, it loads a heavily obfuscated native library containing a dropper that decrypts and runs malicious code from the app assets. This move makes hard the analysis and the detection of the malware. The payload is only used to intercept notifications and view web pages.

Libraries

Libraries Cybersecurity Security IT

Threat actors target the infoSec community with fake PoC exploits

Security Affairs

MAY 22, 2022

The expert discovered a post where a researcher were sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library Remote Code Execution flaw ( CVE-2022-26809 CVSS 9.8). The analysis of the malware revealed that it is a.Net binary packed with ConfuserEX , a free, open-source protector for.NET applications.

Libraries

Libraries Information Security Cybersecurity Security

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e. images, audio, and videos).

Libraries

Libraries Paper Security Cybersecurity

Uncovering the link between PrivateLoader PPI service and RisePro stealer

Security Affairs

DECEMBER 27, 2022

” reads the analysis published by Flashpoint. Flashpoint report highlights that RisePro uses dropped dynamic link library (DLL) dependencies also used by the stealer Vidar. . Researchers from cybersecurity firm SEKOIA also published an analysis of RisePro and discovered partial source code overlaps with PrivateLoader.

Marketing

Marketing Libraries Cybersecurity IT

CISA warns about SUBMARINE Backdoor employed in Barracuda ESG attacks

Security Affairs

JULY 29, 2023

Cybersecurity and Infrastructure Security Agency (CISA) warns of threat actors deploying the SUBMARINE Backdoor in Barracuda ESG attacks. CISA’s Malware Analysis Report (MAR) includes technical details about the backdoor, including Indicators of Compromise (IoCs) and Yara Rule for its detection. ” reads the alert.

Cleanup

Cleanup Libraries Cybersecurity Access

NginRAT – A stealth malware targets e-store hiding on Nginx servers

Security Affairs

DECEMBER 2, 2021

” reads the analysis published by the experts. One of the commands is dwn that downloads a Linux system library to /dev/shm/php-shared. Another trick that makes the analysis of the malware challenging is that the library code is only written in memory and cannot be examined after its launch. Then, CronRAT launches.

Libraries

Libraries Access Security IT

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

Security Affairs

MAY 25, 2023

Then the library is executed via the Windows IIS web server process. ” reads the analysis published by ASEC. ” reads the analysis published by ASEC. Once discovered a vulnerable ISS server, the attackers leverage the DLL side-loading ( T1574.002 ) technique to execute a malicious DLL (msvcr100.dll) The msvcr100.dll

Libraries

Libraries Security Cybersecurity Government

Microsoft: Raspberry Robin worm already infected hundreds of networks

Security Affairs

JULY 3, 2022

Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. continues the analysis. Microsoft announced that the Windows worm Raspberry Robin has already infected the networks of hundreds of organizations. exe to execute a malicious command.

Manufacturing

Manufacturing Libraries Communications Cybersecurity

Weekly Vulnerability Recap – October 9, 2023 – Zero-Days Strike Android, Microsoft, Apple, Cisco & More

eSecurity Planet

OCTOBER 9, 2023

Researchers from Google’s Threat Analysis Group (TAG) and Project Zero uncovered the weakness, which is connected to unauthorized access to freed memory, possibly allowing attackers to corrupt or change sensitive data. The fix: Users should upgrade to TorchServe 0.8.2, published on August 28, 2023.

Libraries

Libraries Ransomware Access Security

China-linked APT31 targets Russia for the first time

Security Affairs

AUGUST 4, 2021

. “The main objective of the dropper, the appearance of the main function of which is shown in Figure 1, is the creation of two files on the infected computer: a malicious library and an application vulnerable to DLL Sideloading (this application is then launched). ” reads the analysis published by the experts.

Libraries

Libraries Security IT Cybersecurity

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Security

Security IoT Ransomware Libraries

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

” reads the analysis published by Cybereason. Most recent versions of EventBot also include a ChaCha20 library that can improve performance, but it is not currently being used, a circumstance that suggests authors are actively working to optimize EventBot. ” concludes the report.

Financial Services

Financial Services Libraries Encryption Authentication

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

The Last Watchdog

MARCH 29, 2022

By no means has the cybersecurity community been blind to the complex security challenges spinning out of digital transformation. I’ve recently had several deep-dive discussions with cybersecurity experts at Juniper Networks, about this. Log4j, for instance, is a ubiquitous logging library. The Sunnyvale, Calif.-based

Security

Security Cloud Digital transformation Cybersecurity

Samsung fixes a zero-click issue affecting its phones

Security Affairs

MAY 7, 2020

. “A possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution. The vulnerability resides in the Skia Android graphics library and affects the way Android OS running on Samsung devices handles the custom Qmage image format (.qmg). system libraries.” or libhwui.so

IT

IT Libraries Security Access

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

The Last Watchdog

JUNE 3, 2022

Log4J, aka Log4Shell, refers to a gaping vulnerability that exists in an open-source logging library that’s deeply embedded within servers and applications all across the public Internet. President Biden’s cybersecurity executive order, issued in May, includes a detailed SBOM requirement for all software delivered to the federal government.

Systems administration

Systems administration Libraries Risk Authentication

Weekly Vulnerability Recap – January 2, 2024 – Barracuda ESG, Apache OfBiz Vulnerabilities Persist

eSecurity Planet

JANUARY 2, 2024

On December 24, when Barracuda released the security notice, there was no remediation or patch available for CVE-2023-7101 , the Spreadsheet::ParseExcel vulnerability, within the open-source library. The technique that threat actors can use is Dynamic Link Library (DLL) search order hijacking. 1020000 1.26.10-gke.1235000 1235000 1.27.7-gke.1293000

Authentication

Authentication Libraries Cybersecurity Security

Microsoft June 2021 Patch Tuesday addresses 6 zero-days actively exploited

Security Affairs

JUNE 9, 2021

Eight of the flaws fixed by Microsoft were reported by the Zero Day Initiative (ZDI), other issues were reported by Google’s Threat Analysis Group, Google Project Zero, Check Point Research, FireEye, Kaspersky, and Nixu Cybersecurity. . CVE-2021-33739 : Microsoft DWM Core Library Elevation of Privilege Vulnerability, CVSS 8.4

Libraries

Libraries Cybersecurity Security IT

Magecart attacks are still around but are more difficult to detect

Security Affairs

JUNE 22, 2022

net/static/counter.js [link] #infosec #cybersecurity #malware pic.twitter.com/F6LJ6CBCCA — Luke Leal (@rootprivilege) June 13, 2022. Malwarebytes researchers observed the use of 3 different themes by the threat actor to hide their skimmer, named after JavaScript libraries: hal-data[.]org/gre/code.js staticounter[.]net

Cleanup

Cleanup CMS Libraries Phishing

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Security Affairs

JULY 29, 2022

Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. ” reads the analysis published by Microsoft. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware.

Manufacturing

Manufacturing Libraries Access Communications

Mockingjay Attack Evades EDR Tools with Code Injection Technique

eSecurity Planet

JUNE 30, 2023

“ Behavioral analysis , anomaly detection, and machine learning techniques can enhance the ability to identify process injection techniques and detect malicious activities within the memory space of trusted processes.” They detailed two such attack techniques in their blog post.

Libraries

Libraries Analytics Security IT

3CX voice and video conferencing software victim of a supply chain attack

Security Affairs

MARCH 30, 2023

The products from multiple cybersecurity vendors started detecting the popular software as malware suggesting that the company has suffered a supply chain attack. ” reads the analysis published by SentinelOne. “Unfortunately this happened because of an upstream library we use became infected.”

File names

File names Manufacturing Libraries Cybersecurity

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

” reads the analysis published by Kaspersky researcher Denis Legezo. ” continues the analysis. “This launcher, dropped into the Tasks directory by the first stager, proxies all calls to wer.dll and its exports to the original legitimate library. The code is quite unique, with no similarities to known malware.

Encryption

Encryption Libraries Archiving Communications

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

New Android malicious library Goldoson found in 60 apps +100M downloads

Webinars

Trending Sources

Researchers disclosed a remote code execution flaw in Fastjson Library

Webinars

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

AI & ML Cybersecurity: The Latest Battleground for Attackers & Defenders

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

OrBit, a new sophisticated Linux malware still undetected

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

Google fixed the second actively exploited Chrome zero-day of 2023

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

HackerGPT 2.0 Unveils New AI Cyber Defense Strategies

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

New Go-based Redigo malware targets Redis servers

Meet The Team Behind Mayhem: Come See Us At These Upcoming June 2023 Events

Google fixed the first Chrome zero-day of 2023

Raspberry Robin spotted using two new 1-day LPE exploits

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

Iran-linked threat actors compromise US Federal Network

IcedID malware campaign targets Zoom users

Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Fleckpe Android malware totaled +620K downloads via Google Play Store

Threat actors target the infoSec community with fake PoC exploits

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Uncovering the link between PrivateLoader PPI service and RisePro stealer

CISA warns about SUBMARINE Backdoor employed in Barracuda ESG attacks

NginRAT – A stealth malware targets e-store hiding on Nginx servers

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

Microsoft: Raspberry Robin worm already infected hundreds of networks

Weekly Vulnerability Recap – October 9, 2023 – Zero-Days Strike Android, Microsoft, Apple, Cisco & More

China-linked APT31 targets Russia for the first time

Security Affairs newsletter Round 364 by Pierluigi Paganini

EventBot, a new Android mobile targets financial institutions across Europe

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

Samsung fixes a zero-click issue affecting its phones

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

Weekly Vulnerability Recap – January 2, 2024 – Barracuda ESG, Apache OfBiz Vulnerabilities Persist

Microsoft June 2021 Patch Tuesday addresses 6 zero-days actively exploited

Magecart attacks are still around but are more difficult to detect

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Mockingjay Attack Evades EDR Tools with Code Injection Technique

3CX voice and video conferencing software victim of a supply chain attack

Malware campaign hides a shellcode into Windows event logs

Stay Connected