article thumbnail

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Security Affairs

Two popular npm libraries, coa and rc. have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. The post npm libraries coa and rc. while compromised rc versions are 1.2.9,

article thumbnail

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. It overloaded the #authenticate method on the Identity class.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Backdoor mechanism found in Ruby strong_password library

Security Affairs

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The attacker created a new version of the library (version 0.0.7 version 0.0.7

article thumbnail

Experts released PoC exploit for critical Progress Software OpenEdge bug

Security Affairs

“When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS local authentication provider to grant user-id and password logins on operating platforms supported by active releases of OpenEdge, a vulnerability in the authentication routines may lead to unauthorized access on attempted logins.”

article thumbnail

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Security Affairs

Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. “ SafeBreach Labs discovered a new vulnerability in Trend Micro Password Manager software.” ” reads the post published by SafeBreach. Another researcher, Tr?n

article thumbnail

UNCOVERING VULNERABILITIES IN CRYPTOGRAPHIC LIBRARIES: MAYHEM, MATRIXSSL, AND WOLFSSL

ForAllSecure

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? Fuzzing MatrixSSL. We chose to look at parsing x509 certificates. Fuzzing WolfSSL.

article thumbnail

Uncovering Vulnerabilities In Cryptographic Libraries: Mayhem, MatrixSSL, And WolfSSL (CVE-2019-13470)

ForAllSecure

As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries. Why Crypto Libraries? Why look at crypto libraries? Fuzzing MatrixSSL. We chose to look at parsing x509 certificates. Fuzzing WolfSSL.