Why Zero-Day Attacks on Open-Source Libraries Are Surging

Data Breach Today

Contrast Security CPO Steve Wilson on Why Log4j Hack Is a Sign of Things to Come The discovery and subsequent exploitation of a critical zero-day vulnerability in Apache's Log4j open-source library has highlighted the importance of code security in today's threat landscape, according to Contrast Security Chief Product Officer Steve Wilson.

183
183

Malicious Packages Disguised as JavaScript Libraries Found

Data Breach Today

Sonatype: Cryptominers Launched in Windows, macOS, Linux Devices Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines

236
236
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Researchers disclosed a remote code execution flaw in Fastjson Library

Security Affairs

Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Fastjson is a Java library that can be used to convert Java Objects into their JSON representation. SecurityAffairs – hacking, Fastjson library).

74

Google OAuth client library flaw allowed to deploy of malicious payloads

Security Affairs

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs.

102
102

10 Rules for Managing Apache Kafka

Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn ten rules that will help you perfect your Kafka system to get ahead.

Public Affairs: Your New Neighborhood Library

Information Governance Perspectives

When you think about the fact that libraries are about information and not simply about books, you begin to see where the value is. The post Public Affairs: Your New Neighborhood Library appeared first on Rafael Moscatel.

71

New Firefox Sandbox Isolates Third-Party Libraries

Dark Reading

RLBox can be used to protect web browsers and other software applications from vulnerabilities in subcomponents and libraries

97

Bugs in open-source libraries impact 70% of modern software

Security Affairs

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them.

108
108

I Am Parting With My Crypto Library

Schneier on Security

The time has come for me to find a new home for my (paper) cryptography library. New owner pays all packaging and shipping costs, and possibly a purchase price depending on who you are and what you want to do with the library.

113
113

Crowley Company Honored with Four 2021 Platinum Modern Library Awards

IG Guru

The post Crowley Company Honored with Four 2021 Platinum Modern Library Awards appeared first on IG GURU. Featured IG News Information Governance Scanning Crowley Company Honored Modern Library AwardsFrederick, Md. –

77

Take action with your library this Libraries Week

CILIP

Take action with your library this Libraries Week. This Libraries Week (4-10 October 2021) libraries across the UK showcase their vital role in supporting active and engaged communities as we celebrate the transformative impact libraries can have on people?s

52

Insider Attack on the Carnegie Library

Schneier on Security

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted. insiders theft

108
108

Experts monitor ongoing attacks using exploits for Log4j library flaws

Security Affairs

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. You need to closely watch the release of software updates that use the Log4j 2 library and install them as soon as possible.”

108
108

Google Researcher Details Windows Cryptographic Library Bug

Data Breach Today

Flaw Could Cause Denial-of-Service Event in Windows Fleet, Researcher Claims A Google security researcher has disclosed what he calls an unpatched bug in the main cryptographic library used in newer versions of the Windows operating system that he claims could affect an entire fleet of Windows-based devices

142
142

Artefacto announced to develop ?Digital Leadership for Libraries? eLearning modules

CILIP

Digital Leadership for Libraries? Digital Leadership in Libraries? programme for the Public Library workforce. These discussions recognised the need for library staff and leadership to consolidate the ?digital Digital Leadership for Libraries? Public libraries

52

Malicious npm library removed from the repository due to backdoor capabilities

Security Affairs

The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained malicious code. The tainted JavaScript library was spotted by the researcher Ax Sharma from security firm Sonatype.

96

Popular open-source PJSIP library is affected by critical flaws

Security Affairs

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. PJSIP is a communication library written in C language implementing standard-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.

81

The Cyentia Library Relaunches

Adam Shostack

I’m excited to see that they’re Re-introducing the Cyentia Research Library , with cool (new?) The Cyentia Library lets us see what people are doing in terms of research and data.

70

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. ” As a result of the incident, the computers at the library were not able to surf the web.

89

Bitcoin Stealers Hide in 700+ Ruby Developer Libraries

Threatpost

Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers.

96

Preserving Our Libraries’ Digital Collections is Simple, Powerful, and Affordable

Preservica

Academic libraries are in the midst of rapid, widespread changes as it shifts into the digital age. Our libraries have been a steady flame for patrons to depend on, not just throughout the pandemic, but throughout history. Practical digital preservation training for libraries.

77

Libraries, inflation and the cost-of-living crisis

CILIP

Libraries, inflation and the cost-of-living crisis. As economists predict a period of high inflation and a cost-of-living crisis, Paul Howarth, Head of Content & Resource Development at Suffolk Libraries, discusses some the problems and solutions for public library services.

52

The Governance and Recordkeeping Around the World Newsletter April 2021 Edition available via Library and Archives Canada

IG Guru

The post The Governance and Recordkeeping Around the World Newsletter April 2021 Edition available via Library and Archives Canada appeared first on IG GURU. Check out the post here.

73

A DNS flaw impacts a library used by millions of IoT devices

Security Affairs

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. The uClibc library is used by major vendors, including Linksys, Netgear, and Axis, or Linux distributions such as Embedded Gentoo.

92

Arts Council England and partners launch Green Libraries programme

CILIP

Arts Council England and partners launch Green Libraries programme. 163,000 to CILIP, the Chartered Institute of Library and Information Professionals, to launch the Green Libraries programme, which aims to help libraries address their environmental impact.

52

Mobile Libraries: Culture on the Go

Unwritten Record

National Bookmobile Day is April 22, part of National Library Week (April 19-25). . A library is a place that stores information, a place where people from all walks of life have the opportunity to obtain textual and audiovisual material for education, entertainment, and enlightenment.

51

Next generation public library LMS

CILIP

Next generation public library LMS. The technology and people underpinning the Library Consortium?s The Library Consortium (until recently the London Library Consortium) has existed since 2002. s library management system was hosted by Axiell.

52

Access-to-info system at Library and Archives Canada in ‘bleak state’: watchdog via Times Colonist

IG Guru

The post Access-to-info system at Library and Archives Canada in ‘bleak state’: watchdog via Times Colonist appeared first on IG GURU. Check out the article here.

72

CVE-2021-44228: Critical vulnerability in Apache Log4j library

Pwnie Express

CVE-2021-44228: Critical vulnerability in Apache Log4j library. 13.Dec.2021. Florian Barre. Mon, 12/13/2021 - 05:57. Full-Stack Security. Teaser.

74

A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants

Security Affairs

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Open-source projects like ElasticSearch, Elastic Logstash, Redis, and the NSA’s Ghidra also use the library.

113
113

Invitation to Tender - Digital Leadership for Libraries

CILIP

Invitation to Tender - Digital Leadership for Libraries. s library and information association with support from Arts Council England is inviting tenders for its new programme, Digital Leadership for Libraries. CILIP, the UK?s

52

Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library

Security Affairs

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. The flaw ties the way the libraries handle DER-encoded DSA or RSA-PSS signatures in email clients and PDF viewers using vulnerable NSS versions.

104
104

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. The impact of the issue could be severe considering that the jQuery JavaScript library is currently used on 74 percent of websites online, most sites still use the 1.x versions of the library that are affected by the ‘Prototype Pollution’ vulnerability. SecurityAffairs – hacking, jQuery JavaScript library ).

87

Drupal fixed a new flaw related PEAR Archive_Tar library

Security Affairs

Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library.

96

Independent Review of Public Library Financing Panel announcement

CILIP

Independent Review of Public Library Financing Panel announcement. CILIP is delighted to announce the expert members of the recently established Independent Review of Public Library Financing Panel. In recent years, libraries have found their creative identity ? Public librarie

52

Opensource from hell: malicious JavaScript distributed via opensource libraries, again

Pwnie Express

Opensource from hell: malicious JavaScript distributed via opensource libraries, again. In this blog our CSO explores why distribution of malicious scripts via libraries is causing a stir amongst the open-source community and how you can defend against it

67

Public Library Staff: Making a Difference

CILIP

Public Library Staff: Making a Difference. Public library staff are an integral part of library services and arguably its most vital asset. Our new research Making a Difference: Libraries, Lockdown and Looking Ahead has made this, among other things, abundantly clear.

52

One world, one library network

CILIP

One world, one library network. Working Internationally for Libraries Virtual Conference 2021: A free, virtual conference for Public Libraries in the UK and across the world. Two, look for advocacy ideas and how best to campaign to keep libraries funded and active.?

52

Cisco Talos discovered 2 critical flaws in the popular OpenCV library

Security Affairs

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code.

67

Crowley Company Awarded Service of the Year, Three Platinum Awards in 2022 Library Program

IG Guru

The post Crowley Company Awarded Service of the Year, Three Platinum Awards in 2022 Library Program appeared first on IG GURU. For Immediate Release: January 14, 2022 Frederick, Md. –

76