Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The experts have found more than 60 applications in Google Play that were containing the malicious library.

Libraries 92

Libraries Security Cybersecurity Data collection 92

Security Affairs

MAY 19, 2022

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. or higher), and Google App Engine. Pierluigi Paganini.

Libraries 113

Libraries Security Cybersecurity Authentication 113

Security Affairs

AUGUST 30, 2021

The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network. The affected systems were taken offline to prevent the threat from spreading.

Libraries 108

Libraries Cybersecurity Security Communications 108

Security Affairs

APRIL 9, 2023

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. servers, it has approximately four million weekly downloads and its library is part of 722 packages. servers, it has approximately four million weekly downloads and its library is part of 722 packages.

Libraries 67

Libraries File names Security Cybersecurity 67

CILIP

SEPTEMBER 6, 2023

Invitation to Tender - Anti-Racist Library Collections training for Wales CILIP is looking to commission an external provider/s to develop content for anti-racist library collection training for public libraries across Wales.

Libraries 52

Libraries Government Security 52

Security Affairs

MAY 26, 2020

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them. ” reads the report.

Libraries 123

Libraries Security Access IT 123

eSecurity Planet

SEPTEMBER 11, 2023

Container security is the combination of cybersecurity tools, strategies, and best practices that are used to protect container ecosystems and the applications and other components they house. Container runtime security A container runtime is a type of software that runs containers on the host operating system(s).

Security 80

Security Cybersecurity Encryption Risk 80

Security Affairs

JANUARY 10, 2023

The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken ( JWT ) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS score: 7.6), that could lead to remote code execution.

Libraries 73

Libraries Security Security awareness Authentication 73

Security Affairs

DECEMBER 27, 2021

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures.

Libraries 123

Libraries Honeypots Security Information Security 123

Data Breach Today

DECEMBER 6, 2022

Aqua's Dror Davidoff Shares How Open-Source Repositories Create Risk for Cloud Apps Software has increasingly relied on components developed by third parties or from open-source libraries, which Aqua Security CEO Dror Davidoff says injects additional risk.

Cloud 130

Cloud Security Libraries Risk 130

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library.

Libraries 138

Libraries Data breaches IT Security 138

Data Breach Today

JUNE 12, 2019

Flaw Could Cause Denial-of-Service Event in Windows Fleet, Researcher Claims A Google security researcher has disclosed what he calls an unpatched bug in the main cryptographic library used in newer versions of the Windows operating system that he claims could affect an entire fleet of Windows-based devices.

Libraries 145

Libraries Security 145

Security Affairs

MARCH 2, 2022

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library. on February 24, 2022.

Libraries 86

Libraries Security Communications Information Security 86

Security Affairs

MAY 3, 2022

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. ” continues the advisory.

IoT 98

IoT Libraries Security Cybersecurity 98

eSecurity Planet

SEPTEMBER 8, 2023

Application programming interface (API) security is a combination of tools and best practices to secure the all-important connections between applications. API security protects data and back-end systems while preserving fluid communication between software components through strict protocols and access controls.

Security 87

Security Authentication Encryption Access 87

Security Affairs

JANUARY 22, 2021

Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library. ” reads the advisory.

Libraries 115

Libraries CMS Security Information Security 115

Security Affairs

NOVEMBER 3, 2020

The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained malicious code. The tainted JavaScript library was spotted by the researcher Ax Sharma from security firm Sonatype. SecurityAffairs – hacking, npm library). tcp.ngrok[.]io:11425

Libraries 114

Libraries Security IT Information Security 114

Security Affairs

JUNE 16, 2022

Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.

Libraries 71

Libraries Cybersecurity Security IT 71

Security Affairs

MAY 6, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 92

Security Data breaches Ransomware Libraries 92

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. It’s also the crypto library used by systemd for DNSSEC. The team recommends users to stop using the vulnerable version of the library. which we released last week.

Encryption 135

Encryption Libraries Privacy Security 135

Security Affairs

OCTOBER 19, 2022

Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. ” wrote the security team. Pierluigi Paganini.

Libraries 97

Libraries Security IT Information Security 97

eSecurity Planet

SEPTEMBER 4, 2023

This modern infrastructure choice brings numerous advantages to operational workflows, but without the appropriate security policies and tools in place, it can also open the door to new security vulnerabilities and attack vectors. The design of containers can lead to a number of container security challenges.

Security 76

Security Cybersecurity Cloud Compliance 76

Security Affairs

OCTOBER 25, 2022

A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database library, which was introduced in October 2000. through 3.39.1.

Libraries 72

Libraries Security Information Security IT 72

CILIP

JULY 6, 2023

CILIP and Michael Rosen bring Great School Library Campaign to Parliament CILIP CEO, Nick Poole joined leading writer, poet, former Childrens Laureate, broadcaster and columnist Michael Rosen and Margaret Greenwood MP (Wirral West, LAB) in the first of a series of events to engage MPs and make sure every child has access to a great school library.

Libraries 52

Libraries Access Government Security 52

Schneier on Security

JULY 30, 2021

The time has come for me to find a new home for my (paper) cryptography library. New owner pays all packaging and shipping costs, and possibly a purchase price depending on who you are and what you want to do with the library. If you think you can break it up and sell it, I’ll consider that as a last resort. I can send photos.

Libraries 144

Libraries Paper Education IT 144

eSecurity Planet

SEPTEMBER 22, 2022

Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. See the Top Code Debugging and Code Security Tools. The post Unpatched Python Library Affects More Than 300,000 Open Source Projects appeared first on eSecurityPlanet.

Libraries 86

Libraries Security Archiving Risk 86

CILIP

JUNE 13, 2023

Connecting town and gown through the library How to help a community explore its slave-trading history: Lesley English, Head of Library Engagement at Lancaster University Library, explains how the library plays a key role in building bridges between town and gown. We connect, we innovate, we include.”

Libraries 52

Libraries Access Agriculture Archiving 52

Security Affairs

APRIL 16, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Every week the best security articles from Security Affairs are free for you in your email box. The post Security Affairs newsletter Round 415 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Security 70

Security Data breaches Libraries Ransomware 70

Security Affairs

NOVEMBER 5, 2021

Two popular npm libraries, coa and rc. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. Two npm libraries that have a total of 23 million weekly downloads, a data that is worrisome. The post npm libraries coa and rc. while compromised rc versions are 1.2.9,

Passwords 95

Passwords Libraries Security Access 95

CILIP

DECEMBER 14, 2022

£135,000 funding for Anti-racist library collections in Wales. CILIP Cymru Wales on behalf of CILIP has just secured £135,000 funding from the Welsh Government. The investment will fund a new project – Anti-racist Library Collections: a training plan for public libraries in Wales with the purpose of raising the profile of libraries.

Libraries 52

Libraries Government Security IT 52

Enterprise Software Blog

MAY 19, 2023

And as it appears, Angular is a top framework that enables developers to tackle these challenges with the help of extended features and capabilities packed in different UI libraries. But with so many out there, how can you know which is the best Angular component library? 3rd party libraries are added on top of the actual framework.

Libraries 52

Libraries Access Authentication IT 52

The Last Watchdog

MARCH 29, 2022

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. By no means has the cybersecurity community been blind to the complex security challenges spinning out of digital transformation. Log4j, for instance, is a ubiquitous logging library.

Security 222

Security Cybersecurity Cloud Digital transformation 222

Security Affairs

JANUARY 15, 2023

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 402 by Pierluigi Paganini appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Security 86

Security Ransomware Phishing Passwords 86

Security Affairs

OCTOBER 30, 2022

Every week the best security articles from Security Affairs free for you in your email box. Twilio discloses another security incident that took place in June A massive cyberattack hit Slovak and Polish Parliaments How will Twitter change under Elon Musk? A new round of the weekly SecurityAffairs newsletter arrived!

Security 79

Security Ransomware Data breaches Libraries 79

eSecurity Planet

OCTOBER 18, 2021

But that success and the openness inherent in the community have led to a major challenge – security. Therefore, any security vulnerabilities are disclosed publicly. This has given rise to a large number of open source security tools. The Best Open Source Security Tools. WhiteSource.

Security 130

Security Encryption Passwords Compliance 130