Insider Attack on the Carnegie Library

Schneier on Security

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted. insiders theft

Public Library Staff: Making a Difference

CILIP

Public Library Staff: Making a Difference. Public library staff are an integral part of library services and arguably its most vital asset. Our new research Making a Difference: Libraries, Lockdown and Looking Ahead has made this, among other things, abundantly clear.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Bugs in open-source libraries impact 70% of modern software

Security Affairs

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. According to the Veracode’s annual State of Software Security report, 70 percent of mobile and desktop applications being used today have at least one security flaw that is the result of the use of an open-source library. In addition, most languages feature the same set of core libraries.”

Google Researcher Details Windows Cryptographic Library Bug

Data Breach Today

Flaw Could Cause Denial-of-Service Event in Windows Fleet, Researcher Claims A Google security researcher has disclosed what he calls an unpatched bug in the main cryptographic library used in newer versions of the Windows operating system that he claims could affect an entire fleet of Windows-based devices

The Cyentia Library Relaunches

Adam Shostack

I’m excited to see that they’re Re-introducing the Cyentia Research Library , with cool (new?) The Cyentia Library lets us see what people are doing in terms of research and data. features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world.

Bitcoin Stealers Hide in 700+ Ruby Developer Libraries

Threatpost

Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers. Malware application building blocks bitcoin stealers code repository malicious libraries malware open-source components reversinglabs ruby programming language RubyGems

Mobile Libraries: Culture on the Go

Unwritten Record

National Bookmobile Day is April 22, part of National Library Week (April 19-25). . A library is a place that stores information, a place where people from all walks of life have the opportunity to obtain textual and audiovisual material for education, entertainment, and enlightenment. But sometimes a patron is unable to access a library due to limitations of location or distance. What better solution to this problem than to implement a mobile library?

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. The impact of the issue could be severe considering that the jQuery JavaScript library is currently used on 74 percent of websites online, most sites still use the 1.x versions of the library that are affected by the ‘Prototype Pollution’ vulnerability. SecurityAffairs – hacking, jQuery JavaScript library ).

The British Library?s International Library Leaders Programme

CILIP

The British Library?s s International Library Leaders Programme. Ilene McKenna is the Lead Archivist, Archival Information System Renewal at Library and Archives Canada. In November 2019, she had the opportunity to take part in British Library?s

Back-to-School Scams Target Students with Library-Themed Emails

Threatpost

Web Security back to school credential harvesting education cyberattack fake login pages library portals malware MediaGet torrent application downloader Phishing scam Scams student students university portals Win32.Agent.ifdx malware downloader WinLNK.Agent.gen downloaderStudents should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online student resources laced with malware, researchers warn.

Wartime Reading: The Library War Service

Unwritten Record

When America entered World War I in 1917, the American Library Association decided to take part in the war effort by establishing the Library War Service. Its purpose was to provide library services to American soldiers in training camps and overseas. Poster used in A.L.A.

Cisco Talos discovered 2 critical flaws in the popular OpenCV library

Security Affairs

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code. OpenCV (Open Source Computer Vision Library) is an open-source library of programming functions mainly aimed at real-time computer vision. SecurityAffairs – library, hacking).

Discover a world of reading this Libraries Week

CILIP

Discover a world of reading this Libraries Week. This Libraries Week (5-10 October 2020) libraries across the UK will showcase their reading offer as we celebrate the vital role of libraries in the UK?s ExpressYourShelf this Libraries Week by taking part in CILIP?s

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. The backdoor was used by attackers to inject mining code in Ruby projects using the malicious versions of the libraries. The post A backdoor mechanism found in tens of Ruby libraries appeared first on Security Affairs.

Magecart Returns with Advertising Library Tactic

Threatpost

Malware Web Security adverline Advertising Card skimming group 12 Library magecart third party javascriptThe threat group also has a new subsidiary, Magecart Group 12.

CILIP announces Honorary Fellowships including Library Champion Bobby Seagull

CILIP

CILIP announces Honorary Fellowships including Library Champion Bobby Seagull. Bobby Seagull and CILIP are delighted to announce that he will be continuing in the role of CILIP Library Champion for 2020-21.

Why presidential libraries are controversial

IG Guru

The post Why presidential libraries are controversial appeared first on IG GURU. Barack Obama’s is dividing opinions, as others have before. Archives Business Record Retention Records Management Risk News

Two malicious Python libraries were stealing SSH and GPG keys

Security Affairs

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The Python security team removed two t ainted Python libraries from PyPI (Python Package Index) that were found stealing SSH and GPG keys from the projects of infected developers. The expert discovered the two libraries on December 1, by the German software developer Lukas Martini.

Arup Library: 60 years

CILIP

Arup Library: 60 years. Arup Library: 60 years. Key projects include the Sydney Opera House, the Pompidou Centre and the British Library. The first library in the firm?s What follows is a brief overview of 60 years of the Arup Library in London. Early Arup Library. s first professional librarian and founder of the first library in Ove Arup & Partners. The library itself was located on the ground floor of No.13 Henry managed the library?s

The Big Issue and Library Champion Bobby Seagull bring the case for library funding to Parliament

CILIP

The Big Issue and Library Champion Bobby Seagull bring the case for library funding to Parliament. At a Parliamentary event at the House of Lords today, The Big Issue and Library Champion Bobby Seagull will join forces with CILIP, the UK library association, to make the case for long-term sustainable funding for libraries. 250m investment in the Culture Investment Fund, of which 50% is to be allocated to library and museum sector development.

Backdoor mechanism found in Ruby strong_password library

Security Affairs

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The dangerous code was used to check the password strength of user-chosen passwords when the library was being used in a production environment. The attacker created a new version of the library (version 0.0.7

A flaw in the Libarchive library impacts major Linux distros

Security Affairs

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. . The libarchive library is a multi-format archive and compression library that implements a single interface for reading/writing various compression formats.

Designing Libraries: Making space for makerspaces

CILIP

Recently I heard a librarian say that introducing makerspaces into libraries was one of the riskiest undertakings the service had ever embarked upon. I found this a little odd, since we are all in the information business and a lot of library time is taken up with answering ?how s library buildings are a mixture of ancient and modern. We increasingly share premises with other services, so sensitivity is always required when we adapt library spaces for new purposes ?

COVID-19 Guidance for School Libraries

CILIP

COVID-19 Guidance for School Libraries. This Guidance has been developed by a Working Party convened jointly by CILIP, the CILIP School Libraries Group (CILIP SLG) and the School Library Association (SLA). Schools and school libraries differ vastly in their size, governance and operations. This Guidance further presumes that school library staff are not themselves in a clinically vulnerable category, are not ?shielding? all library services resumed?).

What are libraries worth?

CILIP

What are libraries worth? What are libraries worth? Suffolk Libraries has recently commissioned and published research to do just that: convert the social value of three of its core services into pounds and pence. The purpose for doing so is not only to help the library service to explain its value to its funders but also to give Suffolk Libraries a fresh view of itself and the value of the different services it provides to the community.

Microsoft Fixes RCE Flaws in Out-of-Band Windows Update

Threatpost

The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could enable remote code execution.

Prototype Pollution flaw discovered in all versions of Lodash Library

Security Affairs

Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. The flaw could be exploited by hackers to compromise the security of affected services using the library. The popular library is currently used in more than 4 million projects on GitHub. “The popular npm library is used by 4.35 Just shy of 40k GitHub project stars, the library is downloaded over 80 million times each month.

Celebrating the Library of the Future for Libraries Week

CILIP

s children build their Library of the Future for Libraries Week. Children, young people and LEGO enthusiasts from age 2 to 85 have been hard at work as part of Libraries Week ? s much-loved libraries. In a CILIP competition to build the Library of the Future out of LEGO bricks, hundreds of entries have highlighted the many different ways in which libraries will support their users in the future. to distribute books to library users. library lates?,

Libraries Week 2019 celebrates libraries in a digital world

CILIP

Libraries Week 2019 celebrates libraries in a digital world. Annual Libraries Week celebrations (7-12 October 2019) will showcase how libraries have transformed their digital offer, featuring events and activities in more than 1,000 libraries across the UK. s competition to Build the Library of the Future out of LEGO bricks and win tickets to LEGOLAND Windsor and ?500 500 to donate to a library of your choice. LOVE YOUR LIBRARY? ?

Shh! No Hacking the Census in the Library

WIRED Threat Level

Opinion: Millions of folks filling out the 2020 Census on public library computers also are putting themselves at risk. Security Opinion Security / Cyberattacks and Hacks

Get ready for Libraries Week 2020

CILIP

Get ready for Libraries Week 2020. CILIP is delighted to launch campaign assets for Libraries Week 2020, recognising the amazing contribution that libraries make to the UK?s Libraries Week is a weeklong celebration of the nation?s s much-loved libraries organised by CILIP, with a focus this year on celebrating books and reading. Libraries Week 2020 is sponsored by Nielsen Book and OverDrive.

New report: Advancing Art Libraries and Curated Web Archives

Archive-It

The web archiving partners at the Internet Archive and the New York Art Resources Consortium (NYARC) are eager to share Advancing Art Libraries and Curated Web Archives: National Forum Report. This National Leadership Grant in the Curating Collections program category builds upon prior collaboration between NYARC and the Internet Archive’s Archive-It team to expand web archiving among art and museum libraries and archives. Collaborative Collecting Museums and Art Libraries

Honey, I blockchained the library

CILIP

Honey, I blockchained the library. Honey, I blockchained the library. A new kind of library. What could that mean for libraries? And for academic libraries and publishers, could micropayments per journal article supersede today?s In the world of academic and research libraries, blockchain offers the potential to revolutionise our processes ? What would the library look like as a DAO? in a new kind of library ?

The impact of Universal Credit on frontline public library workers

CILIP

The impact of Universal Credit on frontline public library workers. benefit that requires the vast majority of claimants to make and manage their claim online - is having on public library services across the UK. We are conducting this research because the Department for Work and Pensions is encouraging people to use the library to make and manage a claim if they do not have internet access at home and/or they need support with digital skills. Public libraries

Multiple Vulnerabilities in LibXL Library Open Door to RCE Attacks

Threatpost

Hackers using a specially crafted XLS files can trigger several remote code execution vulnerabilities in the LibXL library. Hacks Vulnerabilities Buffer Overflow Common Vulnerability Scoring System Excel files Integer Overflow LibXL LibXL Library Microsoft Excel File Format stack-based buffer overflow XLS

Unpatched Open Source Libraries Leave 71% of Apps Vulnerable

Dark Reading

PHP and JavaScript developers need to pay close attention because different languages and frameworks have different rates of vulnerability, research finds

The Library of Everything

CILIP

Emerging Technologies: The Library of Everything. Library of Babel ([link] in real life ? a (practically) infinite library. t get rid of your library collections or data centres just yet, but do plan for a future where data will be cheaper and more abundant, and start thinking about the implications of finding needles in haystacks. ? CILIP non member newsletter. Close.

Libraries: don't mess with trust

CILIP

Libraries: don't mess with trust. Libraries: don't mess with trust. Jeni Tennison, CEO of the ODI discusses how libraries could fit into it without damaging themselves. Operational uses such as using data to support the day-to-day running of a library. where the libraries are for example. ?Most What can libraries do? ?So So what should libraries be doing with personal data?? The Open Data Institute?s

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

Security Affairs

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. The CVE-2020-7247 flaw was introduced in the OpenSMTPD in May 2018, but many distros still use older implementation of the library that are not impacted. The post CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros appeared first on Security Affairs.

Celebrating LGBT+ History Month in Libraries!

CILIP

Celebrating LGBT+ History Month in Libraries! February is LGBT+ History Month and libraries, information services and Learning Resource Centres up and down the country are organising events, activities, workshops and performances to celebrate LGBT+ people. If you work in a library that is running and event, don?t ve put together our list of 10 favourite LGBT+ History Month activities coming to a library near you! Manchester Libraries.