Cybersecurity, Education, Information Security and Libraries

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. It is important to highlight that the library was not developed by the authors of the apps.

Libraries

Libraries Data collection Education Security

Researchers disclose critical sandbox escape bug in vm2 sandbox library

Security Affairs

APRIL 9, 2023

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. servers, it has approximately four million weekly downloads and its library is part of 722 packages. servers, it has approximately four million weekly downloads and its library is part of 722 packages.

Libraries

Libraries File names Education Cybersecurity

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 22, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added MinIO, PaperCut, and Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023.

IT

IT Libraries Cybersecurity Education

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Meet The Team Behind Mayhem: Come See Us At These Upcoming June 2023 Events

ForAllSecure

JUNE 7, 2023

We have 4 upcoming events planned for June 2023: Mayhem Unleashed Webinar: Discover our Next Generation Security Testing Solution DevSecOps Roundtable CyberSecurity Summit Hartford ForAllSecure APFT (Adversary, Penetration, and FuzzTesting) Training Read on to learn more about June’s events. We hope to see you there!

Libraries

Libraries Sales Cybersecurity Education

Avast released a free decryptor for the Windows version of the Akira ransomware

Security Affairs

JULY 1, 2023

Cybersecurity firm Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom. This Linux version is 64-bit and also uses the Boost library, it uses the Crypto++ library instead of Windows CryptoAPI. The authors used Microsoft Linker version 14.35.

Ransomware

Ransomware Encryption Libraries Education

Google fixed the second actively exploited Chrome zero-day of 2023

Security Affairs

APRIL 19, 2023

The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023. Google rolled out emergency fixes to address another actively exploited high-severity zero-day flaw, tracked as CVE-2023-2136 , in its Chrome web browser.

Libraries

Libraries Education Access Cybersecurity

Google fixed the first Chrome zero-day of 2023

Security Affairs

APRIL 14, 2023

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” ” concludes the advisory.

Libraries

Libraries Education Cybersecurity Security

The first iPhone Rapid Security Response update released by Apple fails to install

Security Affairs

MAY 2, 2023

. “They deliver important security improvements between software updates — for example, improvements to the Safari web browser, the WebKit framework stack, or other critical system libraries. “New Rapid Security Responses are delivered only for the latest version of iOS, iPadOS and macOS — beginning with iOS 16.4.1,

Security

Security Libraries Education Cybersecurity

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. It is one of the largest libraries in the world. ” reads the announcement.

Libraries

Libraries Ransomware Manufacturing Education

House Passes Two Cybersecurity Bills

Hunton Privacy

MAY 1, 2012

3523), which is aimed at facilitating the exchange of cyber threat intelligence information between the government and certain private entities. In addition, the House approved the Federal Information Security Amendments Act of 2012 (H.R. Federal Information Security Amendments Act.

Cybersecurity

Cybersecurity Information Security Libraries Sales

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

In March, the FBI issued an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom. In March 2020, CERT France cyber-security agency warned about a new wave of ransomware attack that was targeting the networks of local government authorities.

Ransomware

Ransomware Encryption Government Retail

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

Recently, the Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. Last week, FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks. The gang will publicly release the data over the seven days following the announcement.

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

The group also claimed the hack of the British Library and China Energy Engineering Corporation. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

Recently, the Rhysida ransomware gang added the British Library and China Energy Engineering Corporation to the list of victims on its Tor leak site. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors.

Ransomware

Ransomware Manufacturing Education Libraries

Researchers released a free decryption tool for the Rhysida Ransomware

Security Affairs

FEBRUARY 12, 2024

Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an implementation vulnerability in the source code of the Rhysida ransomware. The Rhysida ransomware uses CSPRNG, which is based on the ChaCha20 algorithm provided by the LibTomCrypt library.

Ransomware

Ransomware Encryption Paper Manufacturing

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? When it comes to what can you do today? David Brumley: My name is David Brumley. I think that's a good start.

Security

Security Artificial Intelligence Computer and Electronics Libraries

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? When it comes to what can you do today? David Brumley: My name is David Brumley. I think that's a good start.

Security

Security Artificial Intelligence Computer and Electronics Libraries

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? When it comes to what can you do today? David Brumley: My name is David Brumley. I think that's a good start.

Security

Security Artificial Intelligence Computer and Electronics Libraries

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Security Affairs

APRIL 13, 2023

The HTLM files are hosted on a legitimate online library website that was likely compromised by the threat actors sometime between the end of January 2023 and the beginning of February 2023. One of them was a Windows shortcut (LNK) file pretending to be a document but actually running a hidden DLL library with the actor’s tools.”

Libraries

Libraries Military Education Phishing

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 26, 2023

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software New InfectedSlurs Mirai-based botnet exploits two zero-days SiegedSec hacktivist group hacked Idaho National Laboratory (INL) CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog Enterprise software provider TmaxSoft leaks 2TB of data (..)

Security

Security Ransomware Data breaches Libraries

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

I’m Robert Vamosi and in this episode I’m talking about our right to repair, how some high tech companies might want to limit that right, and how there’s a group of information security professionals who are volunteering their free time to fight for those rights in local legislation. It’s not.

Manufacturing

Manufacturing Agriculture IT Access

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

I’m Robert Vamosi and in this episode I’m talking about our right to repair, how some high tech companies might want to limit that right, and how there’s a group of information security professionals who are volunteering their free time to fight for those rights in local legislation. It’s not.

Manufacturing

Manufacturing Agriculture IT Access

Information Management Today

New Android malicious library Goldoson found in 60 apps +100M downloads

Researchers disclose critical sandbox escape bug in vm2 sandbox library

Webinars

Trending Sources

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

Webinars

Meet The Team Behind Mayhem: Come See Us At These Upcoming June 2023 Events

Avast released a free decryptor for the Windows version of the Akira ransomware

Google fixed the second actively exploited Chrome zero-day of 2023

Google fixed the first Chrome zero-day of 2023

The first iPhone Rapid Security Response update released by Apple fails to install

Rhysida ransomware gang is auctioning data stolen from the British Library

House Passes Two Cybersecurity Bills

PYSA ransomware gang is the most active group in November

Rhysida ransomware gang claimed China Energy hack

Rhysida ransomware group hacked Abdali Hospital in Jordan

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Researchers released a free decryption tool for the Rhysida Ransomware

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

The Hacker Mind Podcast: The Right To Repair

The Hacker Mind Podcast: The Right To Repair

Stay Connected