Malicious Packages Disguised as JavaScript Libraries Found

Data Breach Today

Sonatype: Cryptominers Launched in Windows, macOS, Linux Devices Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines

Why Zero-Day Attacks on Open-Source Libraries Are Surging

Data Breach Today

Contrast Security CPO Steve Wilson on Why Log4j Hack Is a Sign of Things to Come The discovery and subsequent exploitation of a critical zero-day vulnerability in Apache's Log4j open-source library has highlighted the importance of code security in today's threat landscape, according to Contrast Security Chief Product Officer Steve Wilson.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Public Affairs: Your New Neighborhood Library

Information Governance Perspectives

When you think about the fact that libraries are about information and not simply about books, you begin to see where the value is. The post Public Affairs: Your New Neighborhood Library appeared first on Rafael Moscatel.

Google OAuth client library flaw allowed to deploy of malicious payloads

Security Affairs

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs.

10 Rules for Managing Apache Kafka

Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn ten rules that will help you perfect your Kafka system to get ahead.

Boston Public Library discloses cyberattack

Security Affairs

The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network.

Bugs in open-source libraries impact 70% of modern software

Security Affairs

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them.

New Firefox Sandbox Isolates Third-Party Libraries

Dark Reading

RLBox can be used to protect web browsers and other software applications from vulnerabilities in subcomponents and libraries

I Am Parting With My Crypto Library

Schneier on Security

The time has come for me to find a new home for my (paper) cryptography library. New owner pays all packaging and shipping costs, and possibly a purchase price depending on who you are and what you want to do with the library.

Unpatched Python Library Affects More Than 300,000 Open Source Projects

eSecurity Planet

Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. The post Unpatched Python Library Affects More Than 300,000 Open Source Projects appeared first on eSecurityPlanet.

Crowley Company Honored with Four 2021 Platinum Modern Library Awards

IG Guru

The post Crowley Company Honored with Four 2021 Platinum Modern Library Awards appeared first on IG GURU. Featured IG News Information Governance Scanning Crowley Company Honored Modern Library AwardsFrederick, Md. –

Malicious npm library removed from the repository due to backdoor capabilities

Security Affairs

The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained malicious code. The tainted JavaScript library was spotted by the researcher Ax Sharma from security firm Sonatype.

Announcement of the 2022 Green Libraries Grants Winners

CILIP

Announcement of the 2022 Green Libraries Grants Winners. Selected projects include a range of innovative ideas that will enable libraries to demonstrate environmental understanding and action through local partnerships, community engagement activities and staff, stock and space interventions.

Take action with your library this Libraries Week

CILIP

Take action with your library this Libraries Week. This Libraries Week (4-10 October 2021) libraries across the UK showcase their vital role in supporting active and engaged communities as we celebrate the transformative impact libraries can have on people?s

Insider Attack on the Carnegie Library

Schneier on Security

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted. insiders theft

African libraries provide perspectives on digital literacy for sustainable development

CILIP

African libraries provide perspectives on digital literacy for sustainable development. The African library sector has been a key advocate for digital literacy across the continent, and a new book published today delves into what has been achieved and what more needs to be done.

Google Researcher Details Windows Cryptographic Library Bug

Data Breach Today

Flaw Could Cause Denial-of-Service Event in Windows Fleet, Researcher Claims A Google security researcher has disclosed what he calls an unpatched bug in the main cryptographic library used in newer versions of the Windows operating system that he claims could affect an entire fleet of Windows-based devices

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. ” As a result of the incident, the computers at the library were not able to surf the web.

Experts monitor ongoing attacks using exploits for Log4j library flaws

Security Affairs

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. You need to closely watch the release of software updates that use the Log4j 2 library and install them as soon as possible.”

The Cyentia Library Relaunches

Adam Shostack

I’m excited to see that they’re Re-introducing the Cyentia Research Library , with cool (new?) The Cyentia Library lets us see what people are doing in terms of research and data.

Popular open-source PJSIP library is affected by critical flaws

Security Affairs

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. PJSIP is a communication library written in C language implementing standard-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.

Artefacto announced to develop ?Digital Leadership for Libraries? eLearning modules

CILIP

Digital Leadership for Libraries? Digital Leadership in Libraries? programme for the Public Library workforce. These discussions recognised the need for library staff and leadership to consolidate the ?digital Digital Leadership for Libraries? Public libraries

New ODGen Tool Unearths 180 Zero-Days in Node.js Libraries

Dark Reading

New graph-based tool offers a better alternative to current approaches for finding vulnerabilities in JavaScript code, they note

Preserving Our Libraries’ Digital Collections is Simple, Powerful, and Affordable

Preservica

Academic libraries are in the midst of rapid, widespread changes as it shifts into the digital age. Our libraries have been a steady flame for patrons to depend on, not just throughout the pandemic, but throughout history. Practical digital preservation training for libraries.

The Governance and Recordkeeping Around the World Newsletter April 2021 Edition available via Library and Archives Canada

IG Guru

The post The Governance and Recordkeeping Around the World Newsletter April 2021 Edition available via Library and Archives Canada appeared first on IG GURU. Check out the post here.

Mobile Libraries: Culture on the Go

Unwritten Record

National Bookmobile Day is April 22, part of National Library Week (April 19-25). . A library is a place that stores information, a place where people from all walks of life have the opportunity to obtain textual and audiovisual material for education, entertainment, and enlightenment.

Bitcoin Stealers Hide in 700+ Ruby Developer Libraries

Threatpost

Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers.

A DNS flaw impacts a library used by millions of IoT devices

Security Affairs

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. The uClibc library is used by major vendors, including Linksys, Netgear, and Axis, or Linux distributions such as Embedded Gentoo.

IoT 105

CVE-2021-44228: Critical vulnerability in Apache Log4j library

Pwnie Express

CVE-2021-44228: Critical vulnerability in Apache Log4j library. 13.Dec.2021. Florian Barre. Mon, 12/13/2021 - 05:57. Full-Stack Security. Teaser.

Libraries, inflation and the cost-of-living crisis

CILIP

Libraries, inflation and the cost-of-living crisis. As economists predict a period of high inflation and a cost-of-living crisis, Paul Howarth, Head of Content & Resource Development at Suffolk Libraries, discusses some the problems and solutions for public library services.

Arts Council England and partners launch Green Libraries programme

CILIP

Arts Council England and partners launch Green Libraries programme. 163,000 to CILIP, the Chartered Institute of Library and Information Professionals, to launch the Green Libraries programme, which aims to help libraries address their environmental impact.

Drupal fixed a new flaw related PEAR Archive_Tar library

Security Affairs

Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library.

Opensource from hell: malicious JavaScript distributed via opensource libraries, again

Pwnie Express

Opensource from hell: malicious JavaScript distributed via opensource libraries, again. In this blog our CSO explores why distribution of malicious scripts via libraries is causing a stir amongst the open-source community and how you can defend against it

Next generation public library LMS

CILIP

Next generation public library LMS. The technology and people underpinning the Library Consortium?s The Library Consortium (until recently the London Library Consortium) has existed since 2002. s library management system was hosted by Axiell.

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. The impact of the issue could be severe considering that the jQuery JavaScript library is currently used on 74 percent of websites online, most sites still use the 1.x versions of the library that are affected by the ‘Prototype Pollution’ vulnerability. SecurityAffairs – hacking, jQuery JavaScript library ).

Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library

Security Affairs

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. The flaw ties the way the libraries handle DER-encoded DSA or RSA-PSS signatures in email clients and PDF viewers using vulnerable NSS versions.

A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants

Security Affairs

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Open-source projects like ElasticSearch, Elastic Logstash, Redis, and the NSA’s Ghidra also use the library.

Access-to-info system at Library and Archives Canada in ‘bleak state’: watchdog via Times Colonist

IG Guru

The post Access-to-info system at Library and Archives Canada in ‘bleak state’: watchdog via Times Colonist appeared first on IG GURU. Check out the article here.

Independent Review of Public Library Financing Panel announcement

CILIP

Independent Review of Public Library Financing Panel announcement. CILIP is delighted to announce the expert members of the recently established Independent Review of Public Library Financing Panel. In recent years, libraries have found their creative identity ? Public librarie

Public Library Staff: Making a Difference

CILIP

Public Library Staff: Making a Difference. Public library staff are an integral part of library services and arguably its most vital asset. Our new research Making a Difference: Libraries, Lockdown and Looking Ahead has made this, among other things, abundantly clear.