Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. It is important to highlight that the library was not developed by the authors of the apps.

Libraries 91

Libraries Data collection Education Security 91

Security Affairs

MAY 19, 2022

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. or higher), and Google App Engine. Pierluigi Paganini.

Libraries 106

Libraries Authentication Cybersecurity Security 106

Security Affairs

MAY 26, 2020

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them. ” reads the report.

Libraries 119

Libraries Security Access IT 119

Security Affairs

DECEMBER 27, 2021

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures.

Libraries 120

Libraries Honeypots Security IT 120

Security Affairs

NOVEMBER 3, 2020

The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained malicious code. The tainted JavaScript library was spotted by the researcher Ax Sharma from security firm Sonatype. SecurityAffairs – hacking, npm library). tcp.ngrok[.]io:11425

Libraries 109

Libraries Security IT Information Security 109

Security Affairs

MARCH 2, 2022

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library. on February 24, 2022.

Libraries 85

Libraries Communications Security IT 85

Security Affairs

DECEMBER 1, 2021

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network Security Services (NSS) set of cryptography libraries. and NSS 3.73

Libraries 108

Libraries Security CMS Communications 108

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. It’s also the crypto library used by systemd for DNSSEC. The team recommends users to stop using the vulnerable version of the library. which we released last week.

Libraries 128

Libraries Encryption Privacy IT 128

Security Affairs

JANUARY 22, 2021

Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library. ” reads the advisory.

Libraries 110

Libraries CMS Security IT 110

Security Affairs

MAY 3, 2022

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. ” continues the advisory.

Libraries 93

Libraries IoT Security Cybersecurity 93

Security Affairs

JUNE 16, 2022

Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.

Libraries 70

Libraries Cybersecurity Security IT 70

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library.

Libraries 137

Libraries IT Cloud Data breaches 137

Security Affairs

APRIL 9, 2023

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. servers, it has approximately four million weekly downloads and its library is part of 722 packages. servers, it has approximately four million weekly downloads and its library is part of 722 packages.

Libraries 67

Libraries File names Education Cybersecurity 67

Security Affairs

JANUARY 10, 2023

The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken ( JWT ) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS score: 7.6), that could lead to remote code execution.

Libraries 72

Libraries Security awareness Authentication Security 72

Security Affairs

OCTOBER 19, 2022

Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. ” reads the post published by Munoz.

Libraries 97

Libraries IT Security Information Security 97

Security Affairs

JANUARY 22, 2020

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. 600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches in Daytona Beach, Florida, following a cyberattack.

Libraries 87

Libraries Ransomware Encryption Access 87

Security Affairs

OCTOBER 25, 2022

A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database library, which was introduced in October 2000. through 3.39.1.

Libraries 70

Libraries Security IT Information Security 70

Security Affairs

NOVEMBER 5, 2021

Two popular npm libraries, coa and rc. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. Two npm libraries that have a total of 23 million weekly downloads, a data that is worrisome. The post npm libraries coa and rc. while compromised rc versions are 1.2.9,

Libraries 89

Libraries Passwords Access Security 89

Security Affairs

AUGUST 20, 2019

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. At least a nother 10 projects were found containing the malicious code.

Libraries 86

Libraries Mining Passwords Authentication 86

Security Affairs

JULY 8, 2019

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The attacker created a new version of the library (version 0.0.7

Libraries 76

Libraries Passwords Security IT 76

Security Affairs

JANUARY 4, 2020

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code. SecurityAffairs – library, hacking).

Libraries 63

Libraries Data structuring Security IT 63

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm

Libraries 120

Libraries Authentication Access Risk 120

Security Affairs

JULY 9, 2019

Liran Tal, a developer advocate at open-source security platform Snyk, discovered a high-severity prototype pollution security flaw that affects all versions of lodash. Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. Pierluigi Paganini.

Libraries 58

Libraries Security IT Information Security 58

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. The post Google expert disclosed details of an unpatched flaw in SymCrypt library appeared first on Security Affairs. Pierluigi Paganini.

Libraries 64

Libraries Encryption Security IT 64

Security Affairs

JANUARY 29, 2020

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Libraries 68

Libraries Security IT Information Security 68

Dark Reading

APRIL 19, 2022

Fortress Information Security will expand its Asset to Vendor Library to include hardware bill of materials and software bill of materials information.

Libraries 72

Libraries Security Information Security IT 72

Security Affairs

DECEMBER 20, 2023

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” . “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. ” continues the advisory.

Libraries 102

Libraries Access IT Information Security 102

Security Affairs

DECEMBER 27, 2023

. “In our ongoing investigation, Barracuda has determined that a threat actor has utilized an Arbitrary Code Execution (ACE) vulnerability within a third party library, Spreadsheet::ParseExcel, to deploy a specially crafted Excel email attachment to target a limited number of ESG devices.” ” reads the advisory.

Libraries 100

Libraries Access Cybersecurity Security 100

Security Affairs

JULY 24, 2023

The vulnerability can be exploited only if certain libraries are installed on systems running the vulnerable versions and the SSH authentication agent is forwarded to an attacker-controlled system. 2023-07-14: OpenSSH plans for security-only release on July 19th. 2023-07-14: OpenSSH plans for security-only release on July 19th.

Libraries 85

Libraries Authentication Encryption Communications 85

IT Governance

NOVEMBER 6, 2023

Library branches remain open, Wi-Fi is still available and materials can still be borrowed. Records breached: According to the library’s 4 November update , there is “no evidence that the personal information of our staff or customers has been compromised”. However, public computers and printing services are unavailable.

Data Privacy 97

Data Privacy Privacy Libraries Security 97

Security Affairs

MARCH 31, 2024

The Linux version of DinodasRAT uses Pidgin’s libqq qq_crypt library functions for encryption and decryption of data. The library uses the Tiny Encryption Algorithm ( TEA ) in CBC mode to cipher and decipher the data. “They do not collect user information to manage infections. 0x28 DealLocalProxy Send “ok”.

Libraries 124

Libraries Encryption Communications Government 124

Security Affairs

JULY 7, 2022

“Unlike other threats that hijack shared libraries by modifying the environment variable LD_PRELOAD, this malware uses 2 different ways to load the malicious library. “The shared object hooks functions from 3 libraries: libc, libcap and Pluggable Authentication Module (PAM). ” continues the experts.

Libraries 116

Libraries Cybersecurity Authentication Access 116

Security Affairs

MARCH 26, 2023

On Friday, OpenAI revealed that the recent exposure of users’ personal information and chat titles in its chatbot service was caused by a bug in the Redis open-source library. we had a significant issue in ChatGPT due to a bug in an open source library, for which a fix has now been released and we have just finished validating.

Libraries 97

Libraries IT Security Data breaches 97

IG Guru

JULY 30, 2018

The post ICRM Partners with LIU Post Palmer School of Library and Information Science appeared first on IG Guru.

Libraries 40

Libraries Records Management Archiving Information Security 40

Security Affairs

DECEMBER 1, 2022

The attacking server that is defined as the master uses this connection to download the shared library exp_lin.so MODULE LOAD command – this allows for the loading of a module from the dynamic library downloaded at stage 4 at runtime. This library allows for exploitation of the vulnerability and runs arbitrary commands later.

Libraries 138

Libraries Honeypots Communications Cybersecurity 138

Security Affairs

JULY 7, 2022

The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue , tracked as CVE-2022-2274 , affecting the popular library. which was released on June 21, 2022.

Libraries 105

Libraries Encryption Communications Security 105

The Security Ledger

DECEMBER 29, 2021

In this episode of the podcast (#233) Mark Stanislav, a Vice President at the firm Gemini, joins Paul to talk about what went wrong with disclosure of Log4Shell, the critical, remote code execution flaw in the Log4j open source library. Mark Stanislav is a VP of Information Security at Gemini. Read the whole entry. »

Agriculture 98

Agriculture Libraries Risk Authentication 98