2014 and Libraries - Information Management Today

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

JANUARY 22, 2020

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. 600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches in Daytona Beach, Florida, following a cyberattack.

Libraries

Libraries Ransomware Encryption Access

Bugs in open-source libraries impact 70% of modern software

Security Affairs

MAY 26, 2020

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them. ” reads the report.

Libraries

Libraries Security Access IT

Malicious npm library removed from the repository due to backdoor capabilities

Security Affairs

NOVEMBER 3, 2020

The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained malicious code. The tainted JavaScript library was spotted by the researcher Ax Sharma from security firm Sonatype. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries

Libraries Security IT Information Security

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

AUGUST 20, 2019

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Libraries

Libraries Mining Passwords Authentication

Apache Struts users have to update FileUpload library to fix years-old flaws

Security Affairs

NOVEMBER 6, 2018

Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. in June 2017.

Libraries

Libraries Access Security IT

Backdoor mechanism found in Ruby strong_password library

Security Affairs

JULY 8, 2019

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The attacker created a new version of the library (version 0.0.7 version 0.0.7

Libraries

Libraries Passwords Security IT

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

APRIL 22, 2019

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. The impact of the issue could be severe considering that the jQuery JavaScript library is currently used on 74 percent of websites online, most sites still use the 1.x

Libraries

Libraries Security IT

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Security Affairs

APRIL 2, 2019

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library.

Libraries

Libraries Phishing Security IT

Two malicious Python libraries were stealing SSH and GPG keys

Security Affairs

DECEMBER 4, 2019

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The expert discovered the two libraries on December 1, by the German software developer Lukas Martini. SecurityAffairs – Python libraries , hacking).

Libraries

Libraries Security IT

Prototype Pollution flaw discovered in all versions of Lodash Library

Security Affairs

JULY 9, 2019

Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. The flaw could be exploited by hackers to compromise the security of affected services using the library. The popular library is currently used in more than 4 million projects on GitHub.

Libraries

Libraries Security IT Information Security

Cisco Talos discovered 2 critical flaws in the popular OpenCV library

Security Affairs

JANUARY 4, 2020

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code. SecurityAffairs – library, hacking).

Libraries

Libraries Data structuring Security IT

Google expert disclosed details of an unpatched flaw in SymCrypt library

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries

Libraries Encryption Security IT

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

Security Affairs

JANUARY 29, 2020

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. The CVE-2020-7247 flaw was introduced in the OpenSMTPD in May 2018, but many distros still use older implementation of the library that are not impacted. Pierluigi Paganini.

Libraries

Libraries Security IT Information Security

A flaw in the Libarchive library impacts major Linux distros

Security Affairs

NOVEMBER 6, 2019

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. . Pierluigi Paganini.

Libraries

Libraries Archiving Security Information Security

Libraries, critical thinking and the war on truth – what lies ahead in 2024

CILIP

JANUARY 5, 2024

Libraries, critical thinking and the war on truth – what lies ahead in 2024 Nick Poole, Chief Executive, CILIP will leave CILIP at the end of March 2024. This powerful call-to-arms for reading and literacy was issued by Malala Yousafzai in her Nobel aAcceptance sSpeech in December 2014. Let us pick up our books and pens.

Libraries

Libraries Education Government Access

Malicious npm package ‘fallguys’ removed from the official repository

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The fallguys library claimed to provide an interface to the “ Fall Guys: Ultimate Knockout ” game API. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries

Libraries Access Security IT

Chrome 86.0.4240.111 fixes actively exploited CVE-2020-15999 zero-day

Security Affairs

OCTOBER 21, 2020

The CVE-2020-15999 flaw is a memory corruption bug that resides in the FreeType font rendering library, which is included in standard Chrome releases. Google Project Zero is recommending other app development teams who use the same FreeType library to update their software as well. The FreeType version 2.10.4 address this issue.

Libraries

Libraries Security Information Security IT

Microsoft released out-of-band Windows fixes for 2 RCE issues

Security Affairs

OCTOBER 18, 2020

Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. The CVE-2020-17022 is a remote code execution vulnerability that exists in the way that Microsoft Windows Codecs Library handles objects in memory. ” reads the advisory.

Libraries

Libraries Manufacturing Security IT

0patch releases free unofficial patches for Windows 0days exploited in the wild

Security Affairs

MARCH 27, 2020

A few days ago, Microsoft warned of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. The vulnerabilities affects the way Windows Adobe Type Manager Library handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. Pierluigi Paganini.

Libraries

Libraries Risk Security IT

Samsung fixes a zero-click issue affecting its phones

Security Affairs

MAY 7, 2020

Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014. “A possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution. system libraries.” or libhwui.so

IT

IT Libraries Security Access

Epic Manchego gang uses Excel docs that avoid detection

Security Affairs

SEPTEMBER 7, 2020

The trick used by the Epic Macnchego gang consists of compiling the documents with a.NET library called EPPlus , instead of the standard Microsoft Office software. ” The library can generate files in multiple spreadsheet formats, it also supports Excel 2019. .” ” reads the analysis published by NVISO.

Libraries

Libraries Phishing Passwords Security

Microsoft warns of targeted attacks exploiting Windows zero-day flaws

Security Affairs

MARCH 23, 2020

Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries

Libraries Risk Authentication Security

Mobile Libraries: Culture on the Go

Unwritten Record

APRIL 14, 2020

National Bookmobile Day is April 22, part of National Library Week (April 19-25). . A library is a place that stores information, a place where people from all walks of life have the opportunity to obtain textual and audiovisual material for education, entertainment, and enlightenment. Libraries, Mobile — Third Army La.

Libraries

Libraries Education Access Agriculture

Drupal addresses two XSS flaws by updating the CKEditor

Security Affairs

MARCH 20, 2020

x that fix two XSS vulnerabilities affecting the CKEditor library. x that address two XSS vulnerabilities that affect the CKEditor library. “The Drupal project uses the third-party library CKEditor , which has released a security improvement that is needed to protect some Drupal configurations.”

Libraries

Libraries Risk Access Security

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The libprocesshider open-source tool is available on Github since 2014 and is able to “hide a process under Linux using the ld preloader.” ” The “preloading” technique allows the system to load a custom shared library before other system libraries are loaded.

Libraries

Libraries IT Mining Security

Thousands of servers easy to hack due to a LibSSH Flaw

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. released in 2014, The issue tracked as CVE-2018-10933 was discovered by Peter Winter-Smith from NCC Group, it ties a coding error in Libssh. “ libssh versions 0.6

Libraries

Libraries Authentication Passwords Security

Four npm packages found opening shells and collecting info on Linux, Windows systems

Security Affairs

OCTOBER 17, 2020

Experts warn that systems running applications that imported one of these packages should be potentially compromised because the three JavaScript libraries opened web shells on the computers running them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries

Libraries Security Access IT

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e. images, audio, and videos).

Libraries

Libraries Paper Security Cybersecurity

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

” The Kinsing miner is a Golang -based Linux agent that uses several Go libraries, including: go-resty – an HTTP and REST client library, used to communicate with a Command and Control (C&C) server. gopsutil – a process utility library, used for system and processes monitoring. ” concludes the experts.

Mining

Mining Libraries Cloud Communications

The Wireshark Foundation released Wireshark 3.0.0

Security Affairs

MARCH 3, 2019

Npcap is the Nmap Project’s packet sniffing (and sending) library for Windows. It is based on the WinPcap / Libpcap libraries, but with improved speed, portability, security. “ Npcap is the exciting and feature-packed update to the venerable WinPcap packet capture library. Qt, GLib, GnuTLS, and Python).

Libraries

Libraries Security IT

Microsoft addresses three Windows issues actively exploited

Security Affairs

APRIL 14, 2020

The two RCE flaws in Windows, tracked as CVE-2020-1020 and CVE-2020-0938 , are related to the Adobe Type Manager Library. In March, Microsoft warned of hackers exploiting the two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries

Libraries Authentication Security Risk

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Most recent versions of EventBot also include a ChaCha20 library that can improve performance, but it is not currently being used, a circumstance that suggests authors are actively working to optimize EventBot. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

Financial Services

Financial Services Libraries Encryption Authentication

Microsoft September 2020 Patch Tuesday addresses 129 flaws

Security Affairs

SEPTEMBER 8, 2020

” CVE-2020-1129 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability , which can be exploited to perform code execution if an affected system views a specially crafted image. Since this vulnerability resides in the codecs library, multiple applications could be affected. Pierluigi Paganini.

Libraries

Libraries Security Information Security IT

Instagram RCE gave hackers remote access to your device

Security Affairs

SEPTEMBER 24, 2020

The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg. “Our blog post describes how image parsing code, as a third party library, ends up being the weakest point of Instagram’s large system. ” reads the analysis published by CheckPoint.

Access

Access Libraries Communications IT

Microsoft issued Out-of-Band advisory to address Autodesk FBX flaws

Security Affairs

APRIL 23, 2020

Microsoft confirmed that the issues in the Autodesk FBX library opened some of its products to remote code execution attacks when processing specially crafted 3D content. “Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content. .

Libraries

Libraries Cybersecurity Security IT

New Emotet attacks use a new template urging recipients to upgrade Microsoft Word

Security Affairs

OCTOBER 25, 2020

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. since August. .

Ransomware

Ransomware Libraries Cybersecurity Government

Expert disclosed a new passcode bypass to access photos and contacts on a locked iPhone

Security Affairs

OCTOBER 16, 2018

Keep swiping to the top left corner until VoiceOver tells you that you can select the Photo Library (“Fototeca” in Rodriguez’ video). Tap to select Photo Library. After selecting the Photo Library, iOS will take you back to the message screen, but you’ll see a blank space where the keyboard should be.

Access

Access Libraries Security IT

Critical bug in WINRAR affects all versions released in the last 19 years

Security Affairs

FEBRUARY 21, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL The flaw resides in the way an old third-party library, called UNACEV2.DLL, dll library in 2005.

Libraries

Libraries Archiving Security IT

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

The SpiService.exe is associated with XFS, the Extension for Financial Services DLL library (MSXFS.dll) that is specifically used by ATMs.” “The library provides a special API for the communication with the ATM’s PIN pad and the cash dispenser.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries

Libraries Communications Financial Services Security

Rapid7 announced the release of Metasploit 5.0

Security Affairs

JANUARY 12, 2019

include new database and automation APIs, evasion modules and libraries, language support, improved performance. includes new evasion modules and libraries, users can test their applications by generating their own evasion modules using the C programming language, a choice that makes the development easier. Metasploit 5.0

Libraries

Libraries Security IT

1.2 million CPR numbers for Danish citizen leaked through tax service

Security Affairs

FEBRUARY 10, 2020

“Google Hosted Libraries have been designed to remove all information that allows identifying users before logging on. In 2014, the company CSC (now DXC) was involved in a similar incident that exposed 900,000 CPR numbers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” said DXC.

Encryption

Encryption Libraries Access Government

MPlayer and VLC media player affected by critical flaw CVE-2018-4013

Security Affairs

OCTOBER 22, 2018

Lilith Wyatt, a security researcher at Cisco Talos, has discovered a critical remote code execution vulnerability ( CVE-2018-4013 ) in the LIVE555 media streaming library that is used by popular media players, including VLC and MPlayer. LIVE555 Streaming Media is a set of open-source C++ libraries maintained by Live Networks Inc.

Libraries

Libraries Security IT

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. “Both Mac and Linux variants use the WolfSSL library for SSL communications. This library has been used by several threat actors.” ” continues the report.

Libraries

Libraries Communications Encryption Authentication

A high-severity flaw affects VMware Workstation, Fusion and vSphere products.

Security Affairs

JUNE 10, 2020

“VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cloud

Cloud Libraries Access Authentication

Malware attack took down 600 computers at Volusia County Public Library

Bugs in open-source libraries impact 70% of modern software

Trending Sources

Malicious npm library removed from the repository due to backdoor capabilities

A backdoor mechanism found in tens of Ruby libraries

Apache Struts users have to update FileUpload library to fix years-old flaws

Backdoor mechanism found in Ruby strong_password library

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Two malicious Python libraries were stealing SSH and GPG keys

Prototype Pollution flaw discovered in all versions of Lodash Library

Cisco Talos discovered 2 critical flaws in the popular OpenCV library

Google expert disclosed details of an unpatched flaw in SymCrypt library

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

A flaw in the Libarchive library impacts major Linux distros

Libraries, critical thinking and the war on truth – what lies ahead in 2024

Malicious npm package ‘fallguys’ removed from the official repository

Chrome 86.0.4240.111 fixes actively exploited CVE-2020-15999 zero-day

Microsoft released out-of-band Windows fixes for 2 RCE issues

0patch releases free unofficial patches for Windows 0days exploited in the wild

Samsung fixes a zero-click issue affecting its phones

Epic Manchego gang uses Excel docs that avoid detection

Microsoft warns of targeted attacks exploiting Windows zero-day flaws

Mobile Libraries: Culture on the Go

Drupal addresses two XSS flaws by updating the CKEditor

TeamTNT group adds new detection evasion tool to its Linux miner

Thousands of servers easy to hack due to a LibSSH Flaw

Four npm packages found opening shells and collecting info on Linux, Windows systems

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

The Wireshark Foundation released Wireshark 3.0.0

Microsoft addresses three Windows issues actively exploited

EventBot, a new Android mobile targets financial institutions across Europe

Microsoft September 2020 Patch Tuesday addresses 129 flaws

Instagram RCE gave hackers remote access to your device

Microsoft issued Out-of-Band advisory to address Autodesk FBX flaws

New Emotet attacks use a new template urging recipients to upgrade Microsoft Word

Expert disclosed a new passcode bypass to access photos and contacts on a locked iPhone

Critical bug in WINRAR affects all versions released in the last 19 years

Critical RCE affects older Diebold Nixdorf ATMs

Rapid7 announced the release of Metasploit 5.0

1.2 million CPR numbers for Danish citizen leaked through tax service

MPlayer and VLC media player affected by critical flaw CVE-2018-4013

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

A high-severity flaw affects VMware Workstation, Fusion and vSphere products.

Stay Connected