Bugs in open-source libraries impact 70% of modern software

Security Affairs

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them.

Google Researcher Details Windows Cryptographic Library Bug

Data Breach Today

Flaw Could Cause Denial-of-Service Event in Windows Fleet, Researcher Claims A Google security researcher has disclosed what he calls an unpatched bug in the main cryptographic library used in newer versions of the Windows operating system that he claims could affect an entire fleet of Windows-based devices.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Bitcoin Stealers Hide in 700+ Ruby Developer Libraries

Threatpost

Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers.

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. ” As a result of the incident, the computers at the library were not able to surf the web.

Mobile Libraries: Culture on the Go

Unwritten Record

National Bookmobile Day is April 22, part of National Library Week (April 19-25). . A library is a place that stores information, a place where people from all walks of life have the opportunity to obtain textual and audiovisual material for education, entertainment, and enlightenment.

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. versions of the library that are affected by the ‘Prototype Pollution’ vulnerability.

Cisco Talos discovered 2 critical flaws in the popular OpenCV library

Security Affairs

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code.

Unpatched Open Source Libraries Leave 71% of Apps Vulnerable

Dark Reading

PHP and JavaScript developers need to pay close attention because different languages and frameworks have different rates of vulnerability, research finds

COVID-19 Guidance for School Libraries

CILIP

COVID-19 Guidance for School Libraries. This Guidance has been developed by a Working Party convened jointly by CILIP, the CILIP School Libraries Group (CILIP SLG) and the School Library Association (SLA). all library services resumed?).

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries.

Two malicious Python libraries were stealing SSH and GPG keys

Security Affairs

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The expert discovered the two libraries on December 1, by the German software developer Lukas Martini.

Arup Library: 60 years

CILIP

Arup Library: 60 years. Arup Library: 60 years. Key projects include the Sydney Opera House, the Pompidou Centre and the British Library. The first library in the firm?s What follows is a brief overview of 60 years of the Arup Library in London. Early Arup Library.

The Big Issue and Library Champion Bobby Seagull bring the case for library funding to Parliament

CILIP

The Big Issue and Library Champion Bobby Seagull bring the case for library funding to Parliament. 250m investment in the Culture Investment Fund, of which 50% is to be allocated to library and museum sector development. Chair of the Libraries APPG Gill Furniss commented, ?Libraries

Why presidential libraries are controversial

IG Guru

The post Why presidential libraries are controversial appeared first on IG GURU. Barack Obama’s is dividing opinions, as others have before. Archives Business Record Retention Records Management Risk News

Shh! No Hacking the Census in the Library

WIRED Threat Level

Opinion: Millions of folks filling out the 2020 Census on public library computers also are putting themselves at risk. Security Opinion Security / Cyberattacks and Hacks

New report: Advancing Art Libraries and Curated Web Archives

Archive-It

The web archiving partners at the Internet Archive and the New York Art Resources Consortium (NYARC) are eager to share Advancing Art Libraries and Curated Web Archives: National Forum Report. Collaborative Collecting Museums and Art Libraries

A flaw in the Libarchive library impacts major Linux distros

Security Affairs

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. .

Backdoor mechanism found in Ruby strong_password library

Security Affairs

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits.

Uncovering Vulnerabilities in Open Source Libraries

ForAllSecure

In this post, we will follow up on a prior article on using Mayhem to analyze stb and MATIO by reviewing three additional vulnerabilities found in another open source library. Introduction.

Designing Libraries: Making space for makerspaces

CILIP

Recently I heard a librarian say that introducing makerspaces into libraries was one of the riskiest undertakings the service had ever embarked upon. I found this a little odd, since we are all in the information business and a lot of library time is taken up with answering ?how

What are libraries worth?

CILIP

What are libraries worth? What are libraries worth? Suffolk Libraries has recently commissioned and published research to do just that: convert the social value of three of its core services into pounds and pence. Bruce Leeke, chief executive of Suffolk Libraries said: ?Talking

Library History with Heritage & University Archives

Archives Blogs

The history of libraries at Florida State University traces back almost 100 years to the 1920s. In 1923, FSU’s first library opened in what is now Dodd Hall. The Library, undated, [link]. In 1929, Etta Lane Matthews was hired as the first professor of Library Science.

Celebrating the Library of the Future for Libraries Week

CILIP

s children build their Library of the Future for Libraries Week. Children, young people and LEGO enthusiasts from age 2 to 85 have been hard at work as part of Libraries Week ? s much-loved libraries. to distribute books to library users. Inspire Library?: ?Inspire

Prototype Pollution flaw discovered in all versions of Lodash Library

Security Affairs

Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. The flaw could be exploited by hackers to compromise the security of affected services using the library. “The popular npm library is used by 4.35

Libraries Week 2019 celebrates libraries in a digital world

CILIP

Libraries Week 2019 celebrates libraries in a digital world. Annual Libraries Week celebrations (7-12 October 2019) will showcase how libraries have transformed their digital offer, featuring events and activities in more than 1,000 libraries across the UK.

Honey, I blockchained the library

CILIP

Honey, I blockchained the library. Honey, I blockchained the library. A new kind of library. What could that mean for libraries? And for academic libraries and publishers, could micropayments per journal article supersede today?s in a new kind of library ?

Next steps for art libraries and curated web archives

Archive-It

Partners from the Internet Archive and eight art libraries from across the country met earlier this month at the Getty Research Institute to plan next steps for collaborative archiving of web-published art resources. Art library web archiving stakeholders at the Getty, March 2, 2020.

The impact of Universal Credit on frontline public library workers

CILIP

The impact of Universal Credit on frontline public library workers. benefit that requires the vast majority of claimants to make and manage their claim online - is having on public library services across the UK. Public libraries

Magecart Returns with Advertising Library Tactic

Threatpost

Malware Web Security adverline Advertising Card skimming group 12 Library magecart third party javascriptThe threat group also has a new subsidiary, Magecart Group 12.

National Working Party to provide COVID-19 Guidance for School Libraries

CILIP

National Working Party to provide COVID-19 Guidance for School Libraries. COVID-19 has been an unprecedented challenge for school library staff. s many dimensions to school libraries which need consideration. ?

Celebrating LGBT+ History Month in Libraries!

CILIP

Celebrating LGBT+ History Month in Libraries! February is LGBT+ History Month and libraries, information services and Learning Resource Centres up and down the country are organising events, activities, workshops and performances to celebrate LGBT+ people. Manchester Libraries.

Libraries: don't mess with trust

CILIP

Libraries: don't mess with trust. Libraries: don't mess with trust. Jeni Tennison, CEO of the ODI discusses how libraries could fit into it without damaging themselves. Operational uses such as using data to support the day-to-day running of a library.

The Library of Everything

CILIP

Emerging Technologies: The Library of Everything. Library of Babel ([link] in real life ? a (practically) infinite library. ? CILIP non member newsletter. Close. With limited space on shelves and hard drives alike, librarians can spend significant amounts of time ?weeding?

Stepping into Leadership ? online resources for leadership in libraries launched

CILIP

online resources for leadership in libraries launched. Over the past few weeks, those working in our public libraries have demonstrated their expertise, creativity, and commitment to serving their communities. s Carnegie Library Lab programme. Stepping into Leadership ?

Uncovering vulnerabilities in Cryptographic libraries: Mayhem, Matrixssl, and WolfSSL

ForAllSecure

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Introduction.

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Security Affairs

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The library is named Closure and according to the expert it fails to properly sanitize user input.

Dominic Cummings: Libraries are "desperately needed"

CILIP

Dominic Cummings: Libraries are ?desperately Dominic Cummings: Libraries are ?desperately DURING the 2019 General Election Boris Johnson said he loved libraries and wanted to invest in opening more of them, but added: ?We libraries plus internal historians?

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

Security Affairs

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. The CVE-2020-7247 flaw was introduced in the OpenSMTPD in May 2018, but many distros still use older implementation of the library that are not impacted. The post CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros appeared first on Security Affairs.

Turning over new leaves: Can outdoor spaces help libraries grow?

CILIP

Turning over new leaves: Can outdoor spaces help libraries grow? Turning over new leaves: Can outdoor spaces help libraries grow? ?IF IF you have a garden and a library, you have everything you need,? If you have a garden in your library, everything will be complete!?

Designing Libraries: An academic question

CILIP

Designing Libraries: An academic question. Earlier this year I attended the biennial Liber Architecture Group (Lag) seminar, held in the Zaha Hadid-designed library and learning centre building on the impressive campus of the Vienna University of Economics and Business (known locally as WU).