Security Affairs

APRIL 2, 2019

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library.

Libraries 276

Libraries Phishing Security IT 276

Security Affairs

DECEMBER 4, 2019

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The expert discovered the two libraries on December 1, by the German software developer Lukas Martini. SecurityAffairs – Python libraries , hacking).

Libraries 246

Libraries Security IT 246

Security Affairs

JANUARY 4, 2020

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code. SecurityAffairs – library, hacking).

Libraries 243

Libraries Data structuring Security IT 243

Security Affairs

JULY 9, 2019

Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. The flaw could be exploited by hackers to compromise the security of affected services using the library. The popular library is currently used in more than 4 million projects on GitHub.

Libraries 243

Libraries Security IT Information Security 243

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries 261

Libraries Encryption Security IT 261

Security Affairs

JANUARY 29, 2020

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. The CVE-2020-7247 flaw was introduced in the OpenSMTPD in May 2018, but many distros still use older implementation of the library that are not impacted. Pierluigi Paganini.

Libraries 268

Libraries Security IT Information Security 268

Security Affairs

NOVEMBER 6, 2019

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. . Pierluigi Paganini.

Libraries 189

Libraries Archiving Security Information Security 189

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The fallguys library claimed to provide an interface to the “ Fall Guys: Ultimate Knockout ” game API. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries 359

Libraries Access Security IT 359

Security Affairs

MARCH 27, 2020

A few days ago, Microsoft warned of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. The vulnerabilities affects the way Windows Adobe Type Manager Library handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. Pierluigi Paganini.

Libraries 357

Libraries Risk Security IT 357

Security Affairs

MAY 7, 2020

Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014. “A possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution. system libraries.” or libhwui.so

IT 353

IT Libraries Security Access 353

Security Affairs

OCTOBER 21, 2020

The CVE-2020-15999 flaw is a memory corruption bug that resides in the FreeType font rendering library, which is included in standard Chrome releases. Google Project Zero is recommending other app development teams who use the same FreeType library to update their software as well. The FreeType version 2.10.4 address this issue.

Libraries 329

Libraries Security Information Security IT 329

Security Affairs

OCTOBER 18, 2020

Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. The CVE-2020-17022 is a remote code execution vulnerability that exists in the way that Microsoft Windows Codecs Library handles objects in memory. ” reads the advisory.

Libraries 343

Libraries Manufacturing Security IT 343

Security Affairs

MARCH 23, 2020

Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries 336

Libraries Risk Authentication Security 336

Security Affairs

SEPTEMBER 7, 2020

The trick used by the Epic Macnchego gang consists of compiling the documents with a.NET library called EPPlus , instead of the standard Microsoft Office software. ” The library can generate files in multiple spreadsheet formats, it also supports Excel 2019. .” ” reads the analysis published by NVISO.

Libraries 340

Libraries Phishing Passwords Security 340

Security Affairs

MARCH 20, 2020

x that fix two XSS vulnerabilities affecting the CKEditor library. x that address two XSS vulnerabilities that affect the CKEditor library. “The Drupal project uses the third-party library CKEditor , which has released a security improvement that is needed to protect some Drupal configurations.”

Libraries 347

Libraries Risk Access Security 347

Security Affairs

JANUARY 28, 2021

The libprocesshider open-source tool is available on Github since 2014 and is able to “hide a process under Linux using the ld preloader.” ” The “preloading” technique allows the system to load a custom shared library before other system libraries are loaded.

Libraries 355

Libraries IT Mining Security 355

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. released in 2014, The issue tracked as CVE-2018-10933 was discovered by Peter Winter-Smith from NCC Group, it ties a coding error in Libssh. “ libssh versions 0.6

Libraries 279

Libraries Authentication Passwords Security 279

Security Affairs

OCTOBER 17, 2020

Experts warn that systems running applications that imported one of these packages should be potentially compromised because the three JavaScript libraries opened web shells on the computers running them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries 362

Libraries Security Access IT 362

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e. images, audio, and videos).

Libraries 361

Libraries Paper Security Cybersecurity 361

Security Affairs

APRIL 6, 2020

” The Kinsing miner is a Golang -based Linux agent that uses several Go libraries, including: go-resty – an HTTP and REST client library, used to communicate with a Command and Control (C&C) server. gopsutil – a process utility library, used for system and processes monitoring. ” concludes the experts.

Mining 339

Mining Libraries Cloud Communications 339

Security Affairs

MARCH 3, 2019

Npcap is the Nmap Project’s packet sniffing (and sending) library for Windows. It is based on the WinPcap / Libpcap libraries, but with improved speed, portability, security. “ Npcap is the exciting and feature-packed update to the venerable WinPcap packet capture library. Qt, GLib, GnuTLS, and Python).

Libraries 279

Libraries Security IT 279

Security Affairs

APRIL 14, 2020

The two RCE flaws in Windows, tracked as CVE-2020-1020 and CVE-2020-0938 , are related to the Adobe Type Manager Library. In March, Microsoft warned of hackers exploiting the two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries 333

Libraries Authentication Security Risk 333

Security Affairs

APRIL 30, 2020

Most recent versions of EventBot also include a ChaCha20 library that can improve performance, but it is not currently being used, a circumstance that suggests authors are actively working to optimize EventBot. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

Financial Services 358

Financial Services Libraries Encryption Authentication 358

Security Affairs

APRIL 23, 2020

Microsoft confirmed that the issues in the Autodesk FBX library opened some of its products to remote code execution attacks when processing specially crafted 3D content. “Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content. .

Libraries 307

Libraries Cybersecurity Security IT 307

Security Affairs

SEPTEMBER 8, 2020

” CVE-2020-1129 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability , which can be exploited to perform code execution if an affected system views a specially crafted image. Since this vulnerability resides in the codecs library, multiple applications could be affected. Pierluigi Paganini.

Libraries 293

Libraries Security Information Security IT 293

Security Affairs

OCTOBER 16, 2018

Keep swiping to the top left corner until VoiceOver tells you that you can select the Photo Library (“Fototeca” in Rodriguez’ video). Tap to select Photo Library. After selecting the Photo Library, iOS will take you back to the message screen, but you’ll see a blank space where the keyboard should be.

Access 277

Access Libraries Security IT 277

Security Affairs

FEBRUARY 21, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL The flaw resides in the way an old third-party library, called UNACEV2.DLL, dll library in 2005.

Libraries 279

Libraries Archiving Security IT 279

Security Affairs

SEPTEMBER 24, 2020

The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg. “Our blog post describes how image parsing code, as a third party library, ends up being the weakest point of Instagram’s large system. ” reads the analysis published by CheckPoint.

Access 334

Access Libraries Communications IT 334

Security Affairs

JUNE 9, 2019

The SpiService.exe is associated with XFS, the Extension for Financial Services DLL library (MSXFS.dll) that is specifically used by ATMs.” “The library provides a special API for the communication with the ATM’s PIN pad and the cash dispenser.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries 279

Libraries Communications Financial Services Security 279

Security Affairs

JANUARY 12, 2019

include new database and automation APIs, evasion modules and libraries, language support, improved performance. includes new evasion modules and libraries, users can test their applications by generating their own evasion modules using the C programming language, a choice that makes the development easier. Metasploit 5.0

Libraries 280

Libraries Security IT 280

Security Affairs

FEBRUARY 10, 2020

“Google Hosted Libraries have been designed to remove all information that allows identifying users before logging on. In 2014, the company CSC (now DXC) was involved in a similar incident that exposed 900,000 CPR numbers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” said DXC.

Encryption 358

Encryption Libraries Access Government 358

Security Affairs

OCTOBER 22, 2018

Lilith Wyatt, a security researcher at Cisco Talos, has discovered a critical remote code execution vulnerability ( CVE-2018-4013 ) in the LIVE555 media streaming library that is used by popular media players, including VLC and MPlayer. LIVE555 Streaming Media is a set of open-source C++ libraries maintained by Live Networks Inc.

Libraries 266

Libraries Security IT 266

Security Affairs

SEPTEMBER 6, 2019

The development team behind the PHP programming language recently released new versions of PHP to address multiple high-severity vulnerabilities in its core and bundled libraries. One of the vulnerabilities, tracked as CVE-2019-13224, is a ‘use-after-free’ code execution issue that affects the Oniguruma regular expression library.

Libraries 261

Libraries Security IT Information Security 261

Security Affairs

MAY 9, 2020

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. “Both Mac and Linux variants use the WolfSSL library for SSL communications. This library has been used by several threat actors.” ” continues the report.

Libraries 318

Libraries Communications Encryption Authentication 318

Security Affairs

JUNE 10, 2020

“VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cloud 345

Cloud Libraries Access Authentication 345

Security Affairs

OCTOBER 6, 2020

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Government 357

Government Libraries Cybersecurity Phishing 357

Security Affairs

NOVEMBER 27, 2018

The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 million downloads a week. It has been estimated that the tainted version of the library was downloaded by nearly 8 million developers. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries 263

Libraries Encryption IT Security 263