Data Breach Today
JUNE 17, 2022
Contrast Security CPO Steve Wilson on Why Log4j Hack Is a Sign of Things to Come The discovery and subsequent exploitation of a critical zero-day vulnerability in Apache's Log4j open-source library has highlighted the importance of code security in today's threat landscape, according to Contrast Security Chief Product Officer Steve Wilson.
Security Affairs
AUGUST 30, 2021
The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
MAY 19, 2022
Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs.
Security Affairs
MAY 26, 2020
70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. The experts analyzed over 85,000 applications and related imported libraries, accounting for over 351,000 unique external libraries.
Security Affairs
JUNE 16, 2022
Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Fastjson is a Java library that can be used to convert Java Objects into their JSON representation. SecurityAffairs – hacking, Fastjson library).
Security Affairs
NOVEMBER 3, 2020
The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained malicious code. The tainted JavaScript library was spotted by the researcher Ax Sharma from security firm Sonatype.
Data Breach Today
JUNE 12, 2019
Flaw Could Cause Denial-of-Service Event in Windows Fleet, Researcher Claims A Google security researcher has disclosed what he calls an unpatched bug in the main cryptographic library used in newer versions of the Windows operating system that he claims could affect an entire fleet of Windows-based devices
Schneier on Security
SEPTEMBER 2, 2020
Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted. insiders theft
Security Affairs
DECEMBER 1, 2021
Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Applications using NSS can support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
Security Affairs
DECEMBER 27, 2021
Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. You need to closely watch the release of software updates that use the Log4j 2 library and install them as soon as possible.”
Security Affairs
JANUARY 22, 2020
System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. ” As a result of the incident, the computers at the library were not able to surf the web.
Security Affairs
JANUARY 22, 2021
Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library.
Security Affairs
JANUARY 10, 2023
The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. This is also true for the implementation of sensitive security mechanisms such as JWTs, which play a huge role in authentication and authorization processes.”
Security Affairs
MARCH 2, 2022
Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. PJSIP is a communication library written in C language implementing standard-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
Security Affairs
MAY 3, 2022
A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. The uClibc library is used by major vendors, including Linksys, Netgear, and Axis, or Linux distributions such as Embedded Gentoo.
Security Affairs
OCTOBER 19, 2022
Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library.
CILIP
DECEMBER 14, 2022
£135,000 funding for Anti-racist library collections in Wales. CILIP Cymru Wales on behalf of CILIP has just secured £135,000 funding from the Welsh Government. It will also work with Libraries Connected to dovetail projects on library collections and anti-racism and diversity.
eSecurity Planet
SEPTEMBER 22, 2022
Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. See the Top Code Debugging and Code Security Tools.
Security Affairs
DECEMBER 10, 2021
Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. The vulnerability was discovered by researchers from the Alibaba Cloud’s security team that notified the Apache Fondation on November 24.
Security Affairs
APRIL 22, 2019
The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. The impact of the issue could be severe considering that the jQuery JavaScript library is currently used on 74 percent of websites online, most sites still use the 1.x versions of the library that are affected by the ‘Prototype Pollution’ vulnerability. SecurityAffairs – hacking, jQuery JavaScript library ).
Security Affairs
FEBRUARY 1, 2021
Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. It’s also the crypto library used by systemd for DNSSEC.
Pwnie Express
DECEMBER 13, 2021
CVE-2021-44228: Critical vulnerability in Apache Log4j library. Full-Stack Security. 13.Dec.2021. Florian Barre. Mon, 12/13/2021 - 05:57. Teaser.
Security Affairs
OCTOBER 25, 2022
A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The post Experts disclosed a 22-year-old bug in popular SQLite Database library appeared first on Security Affairs.
Preservica
MARCH 18, 2022
Academic libraries are in the midst of rapid, widespread changes as it shifts into the digital age. Our libraries have been a steady flame for patrons to depend on, not just throughout the pandemic, but throughout history. Practical digital preservation training for libraries.
Security Affairs
NOVEMBER 5, 2021
Two popular npm libraries, coa and rc. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. Two npm libraries that have a total of 23 million weekly downloads, a data that is worrisome. The post npm libraries coa and rc.
Security Affairs
JANUARY 4, 2020
Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code.
CILIP
APRIL 5, 2022
Libraries, inflation and the cost-of-living crisis. As economists predict a period of high inflation and a cost-of-living crisis, Paul Howarth, Head of Content & Resource Development at Suffolk Libraries, discusses some the problems and solutions for public library services.
WIRED Threat Level
AUGUST 22, 2019
Opinion: Millions of folks filling out the 2020 Census on public library computers also are putting themselves at risk. Security Opinion Security / Cyberattacks and Hacks
Dark Reading
JULY 6, 2021
A benchmarking system would help buyers choose more secure software products and, more importantly, light a fire underneath software producers to make products secure
Security Affairs
AUGUST 20, 2019
Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. The backdoor was used by attackers to inject mining code in Ruby projects using the malicious versions of the libraries. The post A backdoor mechanism found in tens of Ruby libraries appeared first on Security Affairs.
CILIP
JUNE 30, 2021
Independent Review of Public Library Financing Panel announcement. CILIP is delighted to announce the expert members of the recently established Independent Review of Public Library Financing Panel. In recent years, libraries have found their creative identity ? Public librarie
Threatpost
SEPTEMBER 6, 2019
Web Security back to school credential harvesting education cyberattack fake login pages library portals malware MediaGet torrent application downloader Phishing scam Scams student students university portals Win32.Agent.ifdx malware downloader WinLNK.Agent.gen downloaderStudents should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online student resources laced with malware, researchers warn.
Threatpost
SEPTEMBER 1, 2021
Vulnerabilities Web SecurityTwo vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned.
Security Affairs
JULY 8, 2019
The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The dangerous code was used to check the password strength of user-chosen passwords when the library was being used in a production environment. The attacker created a new version of the library (version 0.0.7
Security Affairs
JULY 9, 2019
Liran Tal, a developer advocate at open-source security platform Snyk, discovered a high-severity prototype pollution security flaw that affects all versions of lodash. Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. The flaw could be exploited by hackers to compromise the security of affected services using the library. “The popular npm library is used by 4.35
Security Affairs
DECEMBER 4, 2019
The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The expert discovered the two libraries on December 1, by the German software developer Lukas Martini.
Security Affairs
DECEMBER 21, 2020
While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The post SUPERNOVA, a backdoor found while investigating SolarWinds hack appeared first on Security Affairs.
Data Breach Today
SEPTEMBER 2, 2021
and Below Are Affected by the Vulnerabilities Several companies that use the OpenSSL cryptography library toolkit are reportedly scrambling and releasing security advisories to their users following patching of two vulnerabilities that were first fixed and disclosed to users on Aug.
Threatpost
JANUARY 16, 2019
Malware Web Security adverline Advertising Card skimming group 12 Library magecart third party javascriptThe threat group also has a new subsidiary, Magecart Group 12.
CILIP
FEBRUARY 25, 2021
Public Libraries as part of the HM Government ?roadmap? CILIP welcomes the recognition of libraries as essential services and library staff as ?key s pandemic response, demonstrating the vital role public libraries have to play in our national recovery. COVID-secure?
Expert insights. Personalized for you.
239 
Let's personalize your content