article thumbnail

Malicious Packages Disguised as JavaScript Libraries Found

Data Breach Today

Sonatype: Cryptominers Launched in Windows, macOS, Linux Devices Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines

Libraries 242
article thumbnail

Why Zero-Day Attacks on Open-Source Libraries Are Surging

Data Breach Today

Contrast Security CPO Steve Wilson on Why Log4j Hack Is a Sign of Things to Come The discovery and subsequent exploitation of a critical zero-day vulnerability in Apache's Log4j open-source library has highlighted the importance of code security in today's threat landscape, according to Contrast Security Chief Product Officer Steve Wilson.

Libraries 203
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Public Affairs: Your New Neighborhood Library

Information Governance Perspectives

When you think about the fact that libraries are about information and not simply about books, you begin to see where the value is. The post Public Affairs: Your New Neighborhood Library appeared first on Rafael Moscatel.

article thumbnail

Welcome to Libraries - an induction pack for frontline public library staff

CILIP

Welcome to Libraries - an induction pack for frontline public library staff 25 January 2023 Welcome to Libraries - an induction pack for frontline public library staff Welcome to Libraries - your guide to working in public libraries is available as a digital publication and in a limited print format.

article thumbnail

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

article thumbnail

Boston Public Library discloses cyberattack

Security Affairs

The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network.

article thumbnail

Google OAuth client library flaw allowed to deploy of malicious payloads

Security Affairs

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs.

Libraries 101
article thumbnail

New Firefox Sandbox Isolates Third-Party Libraries

Dark Reading

RLBox can be used to protect web browsers and other software applications from vulnerabilities in subcomponents and libraries

Libraries 100
article thumbnail

Bugs in open-source libraries impact 70% of modern software

Security Affairs

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them.

article thumbnail

Researchers disclosed a remote code execution flaw in Fastjson Library

Security Affairs

Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Fastjson is a Java library that can be used to convert Java Objects into their JSON representation. SecurityAffairs – hacking, Fastjson library).

article thumbnail

10 Rules for Managing Apache Kafka

Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn ten rules that will help you perfect your Kafka system to get ahead.

article thumbnail

I Am Parting With My Crypto Library

Schneier on Security

The time has come for me to find a new home for my (paper) cryptography library. New owner pays all packaging and shipping costs, and possibly a purchase price depending on who you are and what you want to do with the library.

Libraries 113
article thumbnail

Google Researcher Details Windows Cryptographic Library Bug

Data Breach Today

Flaw Could Cause Denial-of-Service Event in Windows Fleet, Researcher Claims A Google security researcher has disclosed what he calls an unpatched bug in the main cryptographic library used in newer versions of the Windows operating system that he claims could affect an entire fleet of Windows-based devices

Libraries 160
article thumbnail

£135,000 funding for Anti-racist library collections in Wales

CILIP

£135,000 funding for Anti-racist library collections in Wales. The investment will fund a new project – Anti-racist Library Collections: a training plan for public libraries in Wales with the purpose of raising the profile of libraries. Public libraries

article thumbnail

Crowley Company Honored with Four 2021 Platinum Modern Library Awards

IG Guru

The post Crowley Company Honored with Four 2021 Platinum Modern Library Awards appeared first on IG GURU. Featured IG News Information Governance Scanning Crowley Company Honored Modern Library AwardsFrederick, Md. –

article thumbnail

Malicious npm library removed from the repository due to backdoor capabilities

Security Affairs

The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained malicious code. The tainted JavaScript library was spotted by the researcher Ax Sharma from security firm Sonatype.

Libraries 107
article thumbnail

Digital Leadership for Libraries empowering England’s public library workforce

CILIP

Digital Leadership for Libraries empowering England’s public library workforce. CILIP has launched Digital Leadership for Libraries , five open-access, online learning modules created for public library workers, volunteers and apprentices.

article thumbnail

Insider Attack on the Carnegie Library

Schneier on Security

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted. insiders theft

Libraries 109
article thumbnail

Take action with your library this Libraries Week

CILIP

Take action with your library this Libraries Week. This Libraries Week (4-10 October 2021) libraries across the UK showcase their vital role in supporting active and engaged communities as we celebrate the transformative impact libraries can have on people?s

article thumbnail

Remote code execution bug discovered in the popular JsonWebToken library

Security Affairs

The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The post Remote code execution bug discovered in the popular JsonWebToken library appeared first on Security Affairs.

article thumbnail

How Libraries Can Support Those with Dementia

CILIP

How Libraries Can Support Those with Dementia Libraries are often considered the heart of the community, but not everyone understands just how much they have to offer. When it comes to dementia services, libraries have enormous potential to support people with dementia and their carers.

article thumbnail

The Cyentia Library Relaunches

Adam Shostack

I’m excited to see that they’re Re-introducing the Cyentia Research Library , with cool (new?) The Cyentia Library lets us see what people are doing in terms of research and data.

article thumbnail

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. ” As a result of the incident, the computers at the library were not able to surf the web.

article thumbnail

Announcement of the 2022 Green Libraries Grants Winners

CILIP

Announcement of the 2022 Green Libraries Grants Winners. Selected projects include a range of innovative ideas that will enable libraries to demonstrate environmental understanding and action through local partnerships, community engagement activities and staff, stock and space interventions.

article thumbnail

Experts monitor ongoing attacks using exploits for Log4j library flaws

Security Affairs

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. You need to closely watch the release of software updates that use the Log4j 2 library and install them as soon as possible.”

article thumbnail

Mobile Libraries: Culture on the Go

Unwritten Record

National Bookmobile Day is April 22, part of National Library Week (April 19-25). . A library is a place that stores information, a place where people from all walks of life have the opportunity to obtain textual and audiovisual material for education, entertainment, and enlightenment.

article thumbnail

The Governance and Recordkeeping Around the World Newsletter April 2021 Edition available via Library and Archives Canada

IG Guru

The post The Governance and Recordkeeping Around the World Newsletter April 2021 Edition available via Library and Archives Canada appeared first on IG GURU. Check out the post here.

article thumbnail

Artefacto announced to develop ?Digital Leadership for Libraries? eLearning modules

CILIP

Digital Leadership for Libraries? Digital Leadership in Libraries? programme for the Public Library workforce. These discussions recognised the need for library staff and leadership to consolidate the ?digital Digital Leadership for Libraries? Public libraries

article thumbnail

African libraries provide perspectives on digital literacy for sustainable development

CILIP

African libraries provide perspectives on digital literacy for sustainable development. The African library sector has been a key advocate for digital literacy across the continent, and a new book published today delves into what has been achieved and what more needs to be done.

article thumbnail

Bitcoin Stealers Hide in 700+ Ruby Developer Libraries

Threatpost

Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers.

article thumbnail

Preserving Our Libraries’ Digital Collections is Simple, Powerful, and Affordable

Preservica

Academic libraries are in the midst of rapid, widespread changes as it shifts into the digital age. Our libraries have been a steady flame for patrons to depend on, not just throughout the pandemic, but throughout history. Practical digital preservation training for libraries.

article thumbnail

CVE-2021-44228: Critical vulnerability in Apache Log4j library

Pwnie Express

CVE-2021-44228: Critical vulnerability in Apache Log4j library. 13.Dec.2021. Florian Barre. Mon, 12/13/2021 - 05:57. Full-Stack Security. Teaser.

article thumbnail

Popular open-source PJSIP library is affected by critical flaws

Security Affairs

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. PJSIP is a communication library written in C language implementing standard-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.

article thumbnail

Drupal fixed a new flaw related PEAR Archive_Tar library

Security Affairs

Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library.

Libraries 108
article thumbnail

Libraries call to strengthen link between local authorities and library services on green policy

CILIP

Libraries call to strengthen link between local authorities and library services on green policy. It is guided by a vision to build a better future for planet and people, empowered and supported by librarians and library workers.

article thumbnail

Unpatched Python Library Affects More Than 300,000 Open Source Projects

eSecurity Planet

Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. The post Unpatched Python Library Affects More Than 300,000 Open Source Projects appeared first on eSecurityPlanet.

article thumbnail

New ODGen Tool Unearths 180 Zero-Days in Node.js Libraries

Dark Reading

New graph-based tool offers a better alternative to current approaches for finding vulnerabilities in JavaScript code, they note

article thumbnail

Arts Council England and partners launch Green Libraries programme

CILIP

Arts Council England and partners launch Green Libraries programme. 163,000 to CILIP, the Chartered Institute of Library and Information Professionals, to launch the Green Libraries programme, which aims to help libraries address their environmental impact.

article thumbnail

Text4Shell, a remote code execution bug in Apache Commons Text library

Security Affairs

Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library.

article thumbnail

Libraries, inflation and the cost-of-living crisis

CILIP

Libraries, inflation and the cost-of-living crisis. As economists predict a period of high inflation and a cost-of-living crisis, Paul Howarth, Head of Content & Resource Development at Suffolk Libraries, discusses some the problems and solutions for public library services.