IT, Libraries and Passwords - Information Management Today

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Security Affairs

NOVEMBER 5, 2021

Two popular npm libraries, coa and rc. have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. The post npm libraries coa and rc. while compromised rc versions are 1.2.9,

Libraries

Libraries Passwords Access Security

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 1, 2023

Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms. CVE-2023-49103 – The vulnerability resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL. The vulnerability impacts ownCloud owncloud/graphapi 0.2.x

IT

IT Libraries Cybersecurity Passwords

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

AUGUST 20, 2019

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. The malicious code was included in four versions of rest-client. and 1.6.13

Libraries

Libraries Mining Passwords Authentication

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Threat actors hacked the Dropbox Sign production environment

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Authentication

Authentication Passwords Access Phishing

Backdoor mechanism found in Ruby strong_password library

Security Affairs

JULY 8, 2019

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The attacker created a new version of the library (version 0.0.7 version 0.0.7

Libraries

Libraries Passwords Security IT

Experts released PoC exploit for critical Progress Software OpenEdge bug

Security Affairs

MARCH 11, 2024

. “When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS local authentication provider to grant user-id and password logins on operating platforms supported by active releases of OpenEdge, a vulnerability in the authentication routines may lead to unauthorized access on attempted logins.”

Authentication

Authentication Passwords Libraries Access

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Security Affairs

AUGUST 17, 2019

Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. “ SafeBreach Labs discovered a new vulnerability in Trend Micro Password Manager software.” ” reads the post published by SafeBreach. ” continues the advisory.

Passwords

Passwords Authentication Libraries Security

UNCOVERING VULNERABILITIES IN CRYPTOGRAPHIC LIBRARIES: MAYHEM, MATRIXSSL, AND WOLFSSL

ForAllSecure

MAY 19, 2020

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? We chose to look at parsing x509 certificates. Despite its use in many places, ASN.1

Libraries

Libraries IoT Security Passwords

What Is the CIA Triad and Why Is It Important?

IT Governance

FEBRUARY 14, 2023

This might mean password-protecting files or setting up access controls. You wouldn’t, for instance, keep the customer account details, such as their username and password, in the same files as their other personal data. The second element of the CIA triad is integrity. Confidentiality doesn’t only refer to personal data, though.

IT

IT Risk GDPR Information Security

Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)

ForAllSecure

MAY 19, 2020

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? We chose to look at parsing x509 certificates. Despite its use in many places, ASN.1

Libraries

Libraries IoT Security Passwords

Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)

ForAllSecure

MAY 19, 2020

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? We chose to look at parsing x509 certificates. Despite its use in many places, ASN.1

Libraries

Libraries IoT Security Passwords

Experts warn of critical Zero-Day in Apache OfBiz

Security Affairs

DECEMBER 28, 2023

SonicWall researchers pointed out that the Apache OfBiz is part of the supply chain of prominent software, such as Atlassian’s JIRA (used by over 120K companies ). “As a result, like with many supply chain libraries, the impact of this vulnerability could be severe if leveraged by threat actors.”

Authentication

Authentication Libraries Passwords Information Security

Two Linux botnets already exploit Log4Shell flaw in Log4j

Security Affairs

DECEMBER 12, 2021

Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library.

Honeypots

Honeypots Libraries Authentication Passwords

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

Security Affairs

NOVEMBER 28, 2023

The vulnerability, tracked as CVE-2023-49103 , resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL. The vulnerability, tracked as CVE-2023-49103 , resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL.

Cybersecurity

Cybersecurity Libraries Passwords Access

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

MARCH 13, 2023

In order to compromise a target system, the samples require special conditions on it, such as the use of specific arguments and targeted services already being installed (with weak passwords). For MySQL and Postgres services, the malware scans for open ports 3306 and 5432, then pings the host’s database with a certain username and password.

Passwords

Passwords Libraries Authentication Communications

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Security Affairs

NOVEMBER 2, 2022

The company pointed out that no one’s content, passwords, or payment information were accessed, it also remarked that the issue was quickly resolved. Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. ” reads the advisory published by the company.

Access

Access Phishing Authentication Passwords

Security Affairs most-read cyber stories of 2021

Security Affairs

JANUARY 1, 2022

email and password pairs leaked online. The Largest compilation of emails and passwords (COMB), more than 3.2 A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants. The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. COMB breach: 3.2B

Security

Security Libraries Ransomware Passwords

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

IT Governance

NOVEMBER 6, 2023

Library branches remain open, Wi-Fi is still available and materials can still be borrowed. Records breached: According to the library’s 4 November update , there is “no evidence that the personal information of our staff or customers has been compromised”. However, public computers and printing services are unavailable.

Data Privacy

Data Privacy Privacy Libraries Security

LastPass hack caused by an unpatched Plex software on an employee’s PC

Security Affairs

MARCH 7, 2023

Recently, the password management software firm disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. The hackers installed a keylogger on the DevOp engineer’s computed and captured his master password.

Data breaches

Data breaches Passwords Libraries Authentication

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

eSecurity Planet

APRIL 1, 2024

or above March 25, 2024 Hackers Pollute Python Package Index Open-Source Libraries Type of vulnerability (or attack): Malicious library code. Checkmarx estimates over 170,000 developers use affected libraries and might possess corrupted code. The fix: Update affected versions ASAP: FortiClient EMS 7.2: Upgrade versions 7.2.0

Libraries

Libraries Authentication Artificial Intelligence Cloud

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Libraries

Libraries e-Delivery Risk Authentication

Clasiopa group targets materials research in Asia

Security Affairs

FEBRUARY 25, 2023

The experts noticed that both the Domino and Agile software appear to be using old certificates and the Agile servers use old vulnerable libraries. The attackers used two legitimate software packages, the HCL Domino (formerly IBM Domino) and the Agile DGS and Agile FD servers. Modified versions of the publicly available Lilith RAT.

Passwords

Passwords Libraries Archiving Access

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Security Affairs

SEPTEMBER 28, 2023

Google also addressed this month the following vulnerabilities in the Chrome browser: [$TBD][ 1478889 ] High CVE-2023-5186: Use after free in Passwords. The CVE-2023-5217 is a high-severity heap buffer overflow that affects vp8 encoding in libvpx. “High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx.

Libraries

Libraries Passwords Security IT

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Security Affairs

JANUARY 12, 2024

As a result, like with many supply chain libraries, the impact of this vulnerability could be severe if leveraged by threat actors.” SonicWall researchers pointed out that the Apache OfBiz is part of the supply chain of prominent software, such as Atlassian’s JIRA (used by over 120K companies ). “As reads the report published by SonicWall.

Honeypots

Honeypots Authentication Libraries Passwords

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

It is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and like a parasite infects the machine. Symbiote can be loaded by the linker via the LD_PRELOAD directive before any other shared objects allowing to “hijack the imports” from the other library files loaded for the application.

Libraries

Libraries Passwords Security IT

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Security Affairs

JULY 26, 2022

Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL files. In this campaign, the spam message contains an HTML file that has base64 encoded images and a password-protected ZIP file. The password-protected zip file contains an ISO file (i.e.

Passwords

Passwords File names Libraries Security

Security Affairs newsletter Round 402 by Pierluigi Paganini

Security Affairs

JANUARY 15, 2023

If you want to also receive for free the newsletter with the international press subscribe here. Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4

Security

Security Ransomware Libraries Phishing

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

eSecurity Planet

APRIL 15, 2024

Employ robust password management techniques, two-factor authentication (2FA), and regular backups of essential data. April 9, 2024 Critical Windows Command Injection Vulnerability in Rust Standard Library Type of vulnerability: Command injection. In addition to securing internal assets, you also need to ensure SaaS data is protected.

Libraries

Libraries Risk Cybersecurity Honeypots

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Security Affairs

DECEMBER 31, 2020

The Emotet campaign uses malicious emails that attempt to trick recipients into opening the zipped archive with the password included in the message. Emails accessed in this way require user action: open the file, unzip it with a password. Emails accessed in this way require user action: open the file, unzip it with a password.

Passwords

Passwords Archiving Libraries Government

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 13, 2023

This could be done by setting the server data directory to overlap with the content location for a library on which Camera Upload was enabled.” US CISA added remote code execution vulnerability in Plex Media Server to its Known Exploited Vulnerabilities Catalog. ” reads the advisory published by Plex. in May 2020.

Libraries

Libraries Data breaches Cybersecurity Authentication

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory. Microsoft is warning of threat actors that are actively using the Windows Server Zerologon exploits in attacks in the wild.

Authentication

Authentication Passwords Libraries Analytics

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Security Affairs

MAY 6, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Libraries Data breaches Ransomware

Types of cyberthreats

IBM Big Data Hub

SEPTEMBER 1, 2023

Spyware is a highly secretive malware that gathers sensitive information, like usernames, passwords, credit card numbers and other personal data, and transmits it back to the attacker without the victim knowing. One of the best-known zero-day vulnerabilities is Log4Shell , a flaw in the widely-used Apache Log4j logging library.

Phishing

Phishing Passwords IoT Cybersecurity

Free Download Manager backdoored to serve Linux malware for more than 3 years

Security Affairs

SEPTEMBER 14, 2023

The executable is a backdoor that accesses the Linux API and invokes syscalls using the statically linked dietlibc library. This package turned out to contain an infected postinst script that is executed upon installation. This script drops two ELF files to the paths /var/tmp/crond and /var/tmp/bs. ” reported Kasperksy.

Cloud

Cloud Libraries Passwords IT

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

Security Affairs

OCTOBER 5, 2022

The experts also discovered that the libraries bundled with the malicious Tor Browser is infected with spyware. “More importantly, one of the libraries bundled with the malicious Tor Browser is infected with spyware that collects various personal data and sends it to a command and control server. “The file freebl3.dll

Libraries

Libraries Personal data Passwords Cloud

Erbium info-stealing malware, a new option in the threat landscape

Security Affairs

SEPTEMBER 27, 2022

Capability to load other libraries, processes, and DLLs in memory. Collecting user credentials, such as passwords, from a range of popular chat and email programs, as well as web browsers. Ability to collect data of Authentication (2FA) and password-managing software. Ability to enumerate paths, files, and folders.

Authentication

Authentication Passwords Libraries Communications

CISA Urges Exchange Online Authentication Update

eSecurity Planet

JUNE 30, 2022

Basic Auth exposes servers and other endpoints to MITM (Man In The Middle) and password spraying attacks. or Microsoft Active Directory Authentication Library uses tokens that expire quickly and cannot be reused elsewhere. In contrast, Modern Auth that relies on OAuth 2.0 date and time).

Authentication

Authentication Libraries Cloud Passwords

WatchGuard, Windows Vulnerabilities Require Urgent Fixes

eSecurity Planet

APRIL 15, 2022

WatchGuard provides a detailed 4-Step Cyclops Blink Diagnosis and Remediation Plan that includes the following advisories: Use unique passwords for each Firebox. Update passwords regularly. Whether your firewall has been compromised or not, you must patch to the latest version of Fireware to prevent the exploit.

Passwords

Passwords Libraries Access Cybersecurity

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. It is one of the largest libraries in the world. ” reads the announcement.

Libraries

Libraries Ransomware Manufacturing Education

Top Open Source Security Tools

eSecurity Planet

OCTOBER 18, 2021

It matches reported vulnerabilities to the open source libraries in code, reducing the number of alerts. WhiteSource detects all vulnerable open source components, including transitive dependencies, in more than 200 programming languages. Metasploit. Metasploit covers the scanning and testing of vulnerabilities.

Security

Security Encryption Compliance Libraries

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

SEPTEMBER 14, 2020

“By forging an authentication token for specific Netlogon functionality, he was able to call a function to set the computer password of the Domain Controller to a known value. After that, the attacker can use this new password to take control over the domain controller and steal credentials of a domain admin.”

Authentication

Authentication Passwords Libraries Paper

Unsecured Git server exposed Nissan North America

Security Affairs

JANUARY 8, 2021

– Nissan internal core mobile library – Nissan/Infiniti NCAR/ICAR services – client acquisition and retention tools – sale / market research tools + data – various marketing tools – the vehicle logistics portal (2/n) — tillie, doer of crime (@antiproprietary) January 4, 2021.

Libraries

Libraries Sales Marketing Passwords

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

CVE-2021-45077 : Plaintext Password Storage. Researchers discovered multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions. CVE-2021-23147 : Insufficient UART Protection Mechanisms.

Communications

Communications Libraries Encryption Authentication

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. gopsutil – a process utility library, used for system and processes monitoring. ssh/config,bash_history, /.ssh/known_hosts,

Mining

Mining Libraries Cloud Communications

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Webinars

Trending Sources

A backdoor mechanism found in tens of Ruby libraries

Webinars

Threat actors hacked the Dropbox Sign production environment

Backdoor mechanism found in Ruby strong_password library

Experts released PoC exploit for critical Progress Software OpenEdge bug

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

UNCOVERING VULNERABILITIES IN CRYPTOGRAPHIC LIBRARIES: MAYHEM, MATRIXSSL, AND WOLFSSL

What Is the CIA Triad and Why Is It Important?

Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)

Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)

Experts warn of critical Zero-Day in Apache OfBiz

Two Linux botnets already exploit Log4Shell flaw in Log4j

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

Golang-Based Botnet GoBruteforcer targets web servers

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Security Affairs most-read cyber stories of 2021

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

LastPass hack caused by an unpatched Plex software on an employee’s PC

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Clasiopa group targets materials research in Asia

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Symbiote, a nearly-impossible-to-detect Linux malware?

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Security Affairs newsletter Round 402 by Pierluigi Paganini

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Types of cyberthreats

Free Download Manager backdoored to serve Linux malware for more than 3 years

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

Erbium info-stealing malware, a new option in the threat landscape

CISA Urges Exchange Online Authentication Update

WatchGuard, Windows Vulnerabilities Require Urgent Fixes

Rhysida ransomware gang is auctioning data stolen from the British Library

Top Open Source Security Tools

Zerologon attack lets hackers to completely compromise a Windows domain

Unsecured Git server exposed Nissan North America

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Stay Connected