Bugs in open-source libraries impact 70% of modern software

Security Affairs

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them.

Google Researcher Details Windows Cryptographic Library Bug

Data Breach Today

Flaw Could Cause Denial-of-Service Event in Windows Fleet, Researcher Claims A Google security researcher has disclosed what he calls an unpatched bug in the main cryptographic library used in newer versions of the Windows operating system that he claims could affect an entire fleet of Windows-based devices.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Cyentia Library Relaunches

Adam Shostack

I’m excited to see that they’re Re-introducing the Cyentia Research Library , with cool (new?) The Cyentia Library lets us see what people are doing in terms of research and data.

Bitcoin Stealers Hide in 700+ Ruby Developer Libraries

Threatpost

Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers.

The British Library?s International Library Leaders Programme

CILIP

The British Library?s s International Library Leaders Programme. Ilene McKenna is the Lead Archivist, Archival Information System Renewal at Library and Archives Canada. In November 2019, she had the opportunity to take part in British Library?s

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. ” As a result of the incident, the computers at the library were not able to surf the web.

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. versions of the library that are affected by the ‘Prototype Pollution’ vulnerability.

Back-to-School Scams Target Students with Library-Themed Emails

Threatpost

Web Security back to school credential harvesting education cyberattack fake login pages library portals malware MediaGet torrent application downloader Phishing scam Scams student students university portals Win32.Agent.ifdx malware downloader WinLNK.Agent.gen downloader

Cisco Talos discovered 2 critical flaws in the popular OpenCV library

Security Affairs

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code.

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries.

Two malicious Python libraries were stealing SSH and GPG keys

Security Affairs

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The expert discovered the two libraries on December 1, by the German software developer Lukas Martini.

Library History with Heritage & University Archives

Archives Blogs

The history of libraries at Florida State University traces back almost 100 years to the 1920s. In 1923, FSU’s first library opened in what is now Dodd Hall. The Library, undated, [link]. In 1929, Etta Lane Matthews was hired as the first professor of Library Science.

Arup Library: 60 years

CILIP

Arup Library: 60 years. Arup Library: 60 years. Key projects include the Sydney Opera House, the Pompidou Centre and the British Library. The first library in the firm?s What follows is a brief overview of 60 years of the Arup Library in London. Early Arup Library.

Unpatched Open Source Libraries Leave 71% of Apps Vulnerable

Dark Reading

PHP and JavaScript developers need to pay close attention because different languages and frameworks have different rates of vulnerability, research finds

Why presidential libraries are controversial

IG Guru

The post Why presidential libraries are controversial appeared first on IG GURU. Barack Obama’s is dividing opinions, as others have before. Archives Business Record Retention Records Management Risk News

The Big Issue and Library Champion Bobby Seagull bring the case for library funding to Parliament

CILIP

The Big Issue and Library Champion Bobby Seagull bring the case for library funding to Parliament. 250m investment in the Culture Investment Fund, of which 50% is to be allocated to library and museum sector development. Chair of the Libraries APPG Gill Furniss commented, ?Libraries

COVID-19 Guidance for School Libraries

CILIP

COVID-19 Guidance for School Libraries. This Guidance has been developed by a Working Party convened jointly by CILIP, the CILIP School Libraries Group (CILIP SLG) and the School Library Association (SLA). all library services resumed?).

Shh! No Hacking the Census in the Library

WIRED Threat Level

Opinion: Millions of folks filling out the 2020 Census on public library computers also are putting themselves at risk. Security Opinion Security / Cyberattacks and Hacks

A flaw in the Libarchive library impacts major Linux distros

Security Affairs

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. .

Designing Libraries: Making space for makerspaces

CILIP

Recently I heard a librarian say that introducing makerspaces into libraries was one of the riskiest undertakings the service had ever embarked upon. I found this a little odd, since we are all in the information business and a lot of library time is taken up with answering ?how

What are libraries worth?

CILIP

What are libraries worth? What are libraries worth? Suffolk Libraries has recently commissioned and published research to do just that: convert the social value of three of its core services into pounds and pence. Bruce Leeke, chief executive of Suffolk Libraries said: ?Talking

Uncovering Vulnerabilities in Open Source Libraries

ForAllSecure

In this post, we will follow up on a prior article on using Mayhem to analyze stb and MATIO by reviewing three additional vulnerabilities found in another open source library. Introduction.

Backdoor mechanism found in Ruby strong_password library

Security Affairs

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits.

Get ready for Libraries Week 2020

CILIP

Get ready for Libraries Week 2020. CILIP is delighted to launch campaign assets for Libraries Week 2020, recognising the amazing contribution that libraries make to the UK?s Libraries Week is a weeklong celebration of the nation?s

Celebrating the Library of the Future for Libraries Week

CILIP

s children build their Library of the Future for Libraries Week. Children, young people and LEGO enthusiasts from age 2 to 85 have been hard at work as part of Libraries Week ? s much-loved libraries. to distribute books to library users. Inspire Library?: ?Inspire

Libraries Week 2019 celebrates libraries in a digital world

CILIP

Libraries Week 2019 celebrates libraries in a digital world. Annual Libraries Week celebrations (7-12 October 2019) will showcase how libraries have transformed their digital offer, featuring events and activities in more than 1,000 libraries across the UK.

New report: Advancing Art Libraries and Curated Web Archives

Archive-It

The web archiving partners at the Internet Archive and the New York Art Resources Consortium (NYARC) are eager to share Advancing Art Libraries and Curated Web Archives: National Forum Report. Collaborative Collecting Museums and Art Libraries

Magecart Returns with Advertising Library Tactic

Threatpost

Malware Web Security adverline Advertising Card skimming group 12 Library magecart third party javascriptThe threat group also has a new subsidiary, Magecart Group 12.

Honey, I blockchained the library

CILIP

Honey, I blockchained the library. Honey, I blockchained the library. A new kind of library. What could that mean for libraries? And for academic libraries and publishers, could micropayments per journal article supersede today?s in a new kind of library ?

Library History with Heritage & University Archives, Part 2

Archives Blogs

In this second installment of Library History with Heritage & University archives, we’ll be looking at the trajectory of the Library School since its reorganization in 1947. Strozier Library, 1957, view this item in the digital library.

Beyond digital literacy: STEM learning ideas from library professionals in the UK and Ireland

CILIP

Libraries are not just books ? We need] strong advocates who see the library as a place where STEM-rich learning takes place. ? In the words of one research participant, STEM learning in libraries is about ?promoting in other libraries or from STEM or education organisations ?

The impact of Universal Credit on frontline public library workers

CILIP

The impact of Universal Credit on frontline public library workers. benefit that requires the vast majority of claimants to make and manage their claim online - is having on public library services across the UK. Public libraries

Prototype Pollution flaw discovered in all versions of Lodash Library

Security Affairs

Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. The flaw could be exploited by hackers to compromise the security of affected services using the library. “The popular npm library is used by 4.35

Libraries: don't mess with trust

CILIP

Libraries: don't mess with trust. Libraries: don't mess with trust. Jeni Tennison, CEO of the ODI discusses how libraries could fit into it without damaging themselves. Operational uses such as using data to support the day-to-day running of a library.

The Library of Everything

CILIP

Emerging Technologies: The Library of Everything. Library of Babel ([link] in real life ? a (practically) infinite library. ? CILIP non member newsletter. Close. With limited space on shelves and hard drives alike, librarians can spend significant amounts of time ?weeding?

Next steps for art libraries and curated web archives

Archive-It

Partners from the Internet Archive and eight art libraries from across the country met earlier this month at the Getty Research Institute to plan next steps for collaborative archiving of web-published art resources. Art library web archiving stakeholders at the Getty, March 2, 2020.

Celebrating LGBT+ History Month in Libraries!

CILIP

Celebrating LGBT+ History Month in Libraries! February is LGBT+ History Month and libraries, information services and Learning Resource Centres up and down the country are organising events, activities, workshops and performances to celebrate LGBT+ people. Manchester Libraries.

Early Leighton Library catalogues now online

Archives Blogs

The University is fortunate to have access to the books and manuscripts of the Leighton Library in Dunblane. The books are included in Stirling University Library’s online library catalogue. Photograph of the interior of the Leighton Library.

Uncovering vulnerabilities in Cryptographic libraries: Mayhem, Matrixssl, and WolfSSL

ForAllSecure

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Introduction.

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Security Affairs

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The library is named Closure and according to the expert it fails to properly sanitize user input.