Boston Public Library discloses cyberattack

Security Affairs

The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network.

Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library

Security Affairs

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Well, it turns out the answer is memory corruption.” ” reads the security advisory published by Mozilla.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Bugs in open-source libraries impact 70% of modern software

Security Affairs

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. The experts analyzed over 85,000 applications and related imported libraries, accounting for over 351,000 unique external libraries.

Malicious npm library removed from the repository due to backdoor capabilities

Security Affairs

The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained malicious code. The tainted JavaScript library was spotted by the researcher Ax Sharma from security firm Sonatype.

It's High Time for a Security Scoring System for Applications and Open Source Libraries

Dark Reading

A benchmarking system would help buyers choose more secure software products and, more importantly, light a fire underneath software producers to make products secure

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Security Affairs

Two popular npm libraries, coa and rc. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. Two npm libraries that have a total of 23 million weekly downloads, a data that is worrisome. The post npm libraries coa and rc.

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. ” As a result of the incident, the computers at the library were not able to surf the web.

Google discloses a severe flaw in widely used Libgcrypt encryption library

Security Affairs

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. It’s also the crypto library used by systemd for DNSSEC. It seems that Fedora 34 and Gentoo are already using 1.9.0”

Independent Review of Public Library Financing Panel announcement

CILIP

Independent Review of Public Library Financing Panel announcement. CILIP is delighted to announce the expert members of the recently established Independent Review of Public Library Financing Panel. In recent years, libraries have found their creative identity ? Public librarie

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. The impact of the issue could be severe considering that the jQuery JavaScript library is currently used on 74 percent of websites online, most sites still use the 1.x versions of the library that are affected by the ‘Prototype Pollution’ vulnerability. SecurityAffairs – hacking, jQuery JavaScript library ).

Top IT Asset Management Tools for Security

eSecurity Planet

IT asset management (ITAM) used to be purely about inventorying what hardware and software assets were scattered about the enterprise. For some, that means building security features directly into ITAM. But the bedrock of ITAM is maintaining an accurate inventory of all IT assets.

IT 68

Cisco Talos discovered 2 critical flaws in the popular OpenCV library

Security Affairs

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code.

SUPERNOVA, a Backdoor Found While Investigating SolarWinds Hack

Security Affairs

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. “SUPERNOVA differs dramatically in that it takes a valid.NET program as a parameter.

Feminist leadership, libraries and Covid-19

CILIP

Feminist leadership, libraries and Covid-19. s Library which was established in 1991 and now has more than 20 paid staff ? Here she talks about how the Clore Leadership Fellowship programme helped her focus on her own professional development and assess what it means to be a leader.

Six-Library Vulnerability in NGA

ForAllSecure

Although we may not think about it all the time, satellites are a part of our daily lives. The US government has published a software library called six-library designed to parse and manipulate satellite imagery and data for both internal and public use.

Six-Library Vulnerability in NGA

ForAllSecure

Although we may not think about it all the time, satellites are a part of our daily lives. The US government has published a software library called six-library designed to parse and manipulate satellite imagery and data for both internal and public use.

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. The backdoor was used by attackers to inject mining code in Ruby projects using the malicious versions of the libraries. “It seems that rest-client 1.6.13

Two malicious Python libraries were stealing SSH and GPG keys

Security Affairs

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The expert discovered the two libraries on December 1, by the German software developer Lukas Martini.

Backdoor mechanism found in Ruby strong_password library

Security Affairs

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The dangerous code was used to check the password strength of user-chosen passwords when the library was being used in a production environment. The attacker created a new version of the library (version 0.0.7

Designing Libraries: Making space for makerspaces

CILIP

Recently I heard a librarian say that introducing makerspaces into libraries was one of the riskiest undertakings the service had ever embarked upon. I found this a little odd, since we are all in the information business and a lot of library time is taken up with answering ?how Is it so challenging to move from answers on the printed page to self-discovery under tutored guidance? s library buildings are a mixture of ancient and modern. Making a success of it.

Security Affairs newsletter Round 343

Security Affairs

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 343 appeared first on Security Affairs.

Prototype Pollution flaw discovered in all versions of Lodash Library

Security Affairs

Liran Tal, a developer advocate at open-source security platform Snyk, discovered a high-severity prototype pollution security flaw that affects all versions of lodash. Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. The flaw could be exploited by hackers to compromise the security of affected services using the library. “The popular npm library is used by 4.35

Discover a world of reading this Libraries Week

CILIP

Discover a world of reading this Libraries Week. This Libraries Week (5-10 October 2020) libraries across the UK will showcase their reading offer as we celebrate the vital role of libraries in the UK?s ExpressYourShelf this Libraries Week by taking part in CILIP?s

Apache Struts users have to update FileUpload library to fix years-old flaws

Security Affairs

Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. CVE-2016-1000031 was discovered two years ago by experts at Tenable and it was addressed with the Commons FileUpload version 1.3.3

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Security Affairs

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library. The library is named Closure and according to the expert it fails to properly sanitize user input.

Uncovering Vulnerabilities In Open Source Libraries (CVE-2019-13499)

ForAllSecure

In this post, we will follow up on a prior article on using Mayhem to analyze stb and MATIO by reviewing three additional vulnerabilities found in another open source library. This can indicate a target which has not been analyzed thoroughly, making it a ripe target for bug hunting.

Uncovering Vulnerabilities In Open Source Libraries (CVE-2019-13499)

ForAllSecure

In this post, we will follow up on a prior article on using Mayhem to analyze stb and MATIO by reviewing three additional vulnerabilities found in another open source library. This can indicate a target which has not been analyzed thoroughly, making it a ripe target for bug hunting.

UNCOVERING VULNERABILITIES IN OPEN SOURCE LIBRARIES

ForAllSecure

In this post, we will follow up on a prior article on using Mayhem to analyze stb and MATIO by reviewing three additional vulnerabilities found in another open source library. This can indicate a target which has not been analyzed thoroughly, making it a ripe target for bug hunting.

Time to end a decade of library austerity

CILIP

Time to end a decade of library austerity. CILIP and Library Champion Bobby Seagull delivered a petition to Downing Street last Thursday calling for an end to a decade of public library austerity and demanding secure revenue funding for public libraries in the Chancellor?s

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

Security Affairs

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD. OpenSMTPD is an open-source implementation of the server-side SMTP protocol as defined by RFC 5321, it includes also some additional standard extensions.

Top Open Source Security Tools

eSecurity Planet

But that success and the openness inherent in the community have led to a major challenge – security. Therefore, any security vulnerabilities are disclosed publicly. This has given rise to a large number of open source security tools. The Best Open Source Security Tools.

Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)

ForAllSecure

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? Despite its use in many places, ASN.1

Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)

ForAllSecure

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? Despite its use in many places, ASN.1

UNCOVERING VULNERABILITIES IN CRYPTOGRAPHIC LIBRARIES: MAYHEM, MATRIXSSL, AND WOLFSSL

ForAllSecure

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? Despite its use in many places, ASN.1

Samsung fixes a zero-click issue affecting its phones

Security Affairs

Samsung addressed this month a critical 0-click vulnerability that was discovered by security researchers from Google. Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014.

IT 84

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. ” The “preloading” technique allows the system to load a custom shared library before other system libraries are loaded.

Google expert disclosed details of an unpatched flaw in SymCrypt library

Security Affairs

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. The recently released Microsoft Patch Tuesday security updates for June 2019 failed to address a flaw in SymCrypt , a core cryptographic function library currently used by Windows. Ormandy privately reported the flaw to Microsoft in March 2019, but the tech giant failed into fixing it after 90 days.

A sustainable model for library advocacy

CILIP

A sustainable model for library advocacy. A sustainable model for library advocacy. s methodology for building public support for libraries in the US, and to share insights from our advocacy work. It was wonderful to meet so many people who are doing amazing work supporting and advocating for libraries across the UK. t have a culture of working on local library campaigns, don?t t an issue that is limited to libraries in the UK.

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices.

An Island Library and Archives explored

CILIP

An Island Library and Archives explored. An Island Library and Archives explored. The present day Manx Museum and National Trust is supported by the Isle of Man Government and its Trustees are appointed by Tynwald. It first opened its doors in November 1922, including an active library from the outset, managed by the first librarian William Cubbon. Listed alphabetically, it offers search access to objects, items, sites and monuments.