Security Affairs

APRIL 2, 2019

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library.

Libraries 110

Libraries Phishing Security IT 110

Security Affairs

DECEMBER 4, 2019

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The expert discovered the two libraries on December 1, by the German software developer Lukas Martini. SecurityAffairs – Python libraries , hacking).

Libraries 98

Libraries Security IT 98

Security Affairs

JULY 9, 2019

Liran Tal, a developer advocate at open-source security platform Snyk, discovered a high-severity prototype pollution security flaw that affects all versions of lodash. Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. Pierluigi Paganini.

Libraries 101

Libraries Security IT Information Security 101

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. Microsoft Security Response Center (MSRC) told the Google expert that the company will not able to provide a security patch before next month.

Libraries 107

Libraries Encryption Security IT 107

Security Affairs

JANUARY 29, 2020

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Libraries 109

Libraries Security IT Information Security 109

Security Affairs

JANUARY 4, 2020

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code. SecurityAffairs – library, hacking).

Libraries 97

Libraries Data structuring Security IT 97

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The fallguys library claimed to provide an interface to the “ Fall Guys: Ultimate Knockout ” game API. ” reads the npm’s advisory. . Pierluigi Paganini.

Libraries 145

Libraries Access Security IT 145

Security Affairs

JANUARY 26, 2020

The best news of the week with Security Affairs. Malware attack took down 600 computers at Volusia County Public Library. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. A new round of the weekly newsletter arrived!

Security 118

Security Data breaches Military IoT 118

Security Affairs

OCTOBER 21, 2020

Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues, including a patch for an actively exploited zero-day vulnerability tracked as CVE-2020-15999. Google Project Zero is recommending other app development teams who use the same FreeType library to update their software as well.

Libraries 138

Libraries Security Information Security IT 138

Security Affairs

NOVEMBER 6, 2019

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. . Pierluigi Paganini.

Libraries 75

Libraries Archiving Security Information Security 75

Security Affairs

OCTOBER 18, 2020

Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. The CVE-2020-17022 is a remote code execution vulnerability that exists in the way that Microsoft Windows Codecs Library handles objects in memory. Pierluigi Paganini.

Libraries 141

Libraries Manufacturing Security IT 141

Security Affairs

MARCH 27, 2020

A few days ago, Microsoft warned of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. The vulnerabilities affects the way Windows Adobe Type Manager Library handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. See the link for more details.

Libraries 142

Libraries Risk Security IT 142

Security Affairs

MAY 7, 2020

Samsung addressed this month a critical 0-click vulnerability that was discovered by security researchers from Google. Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014. system libraries.” or libhwui.so

IT 141

IT Libraries Security Access 141

Security Affairs

SEPTEMBER 7, 2020

A recently discovered cybercrime gang, tracked as Epic Manchego , is using a new technique to create weaponized Excel files that are able to bypass security checks. The phishing messages carry weaponized Excel documents that are able to bypass security checks and that had low detection rates. EPPlus is such a tool.”

Libraries 140

Libraries Phishing Passwords Security 140

Security Affairs

MARCH 23, 2020

Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries 136

Libraries Risk Authentication Security 136

Security Affairs

MARCH 20, 2020

Drupal developers released security updates for versions 8.8.x x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x x that address two XSS vulnerabilities that affect the CKEditor library. or 8.7.12 , include CKEditor version 4.14

Libraries 138

Libraries Risk Access Security 138

Security Affairs

JANUARY 28, 2021

The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Libraries 144

Libraries IT Mining Security 144

Security Affairs

FEBRUARY 19, 2019

It’s official, Offensive Security announced the release of Kali Linux 2019.1, On Monday, Offensive Security announced the availability of Kali Linux 2019.1, that was released in January and that includes new database and automation APIs, evasion modules and libraries, language support, improved performance.

Security 110

Security Libraries IT 110

Security Affairs

OCTOBER 17, 2020

All secrets and keys stored on that computer should be rotated immediately from a different computer,” the npm security team said. Experts warn that systems running applications that imported one of these packages should be potentially compromised because the three JavaScript libraries opened web shells on the computers running them.

Libraries 145

Libraries Security Access IT 145

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e. Pierluigi Paganini.

Libraries 144

Libraries Paper Security Cybersecurity 144

Security Affairs

APRIL 6, 2020

Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. ” reads the post published by Aqua Security. gopsutil – a process utility library, used for system and processes monitoring.

Mining 136

Mining Libraries Cloud Communications 136

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. released in 2014, The issue tracked as CVE-2018-10933 was discovered by Peter Winter-Smith from NCC Group, it ties a coding error in Libssh. ” reads the security advisory.

Libraries 111

Libraries Authentication Passwords Security 111

Security Affairs

APRIL 14, 2020

Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including three Windows issues that have been exploited in attacks in the wild. Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including two remote code execution flaws in Windows that are actively exploited. Pierluigi Paganini.

Libraries 133

Libraries Authentication Security Risk 133

Security Affairs

MARCH 3, 2019

Npcap is the Nmap Project’s packet sniffing (and sending) library for Windows. It is based on the WinPcap / Libpcap libraries, but with improved speed, portability, security. “ Npcap is the exciting and feature-packed update to the venerable WinPcap packet capture library. frame capture.”

Libraries 111

Libraries Security IT 111

Security Affairs

SEPTEMBER 8, 2020

Microsoft September 2020 Patch Tuesday security updates address 129 vulnerabilities, including twenty critical remote code execution issues. ” CVE-2020-1129 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability , which can be exploited to perform code execution if an affected system views a specially crafted image.

Libraries 120

Libraries Security Information Security IT 120

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. With each new version, the malware adds new features like dynamic library loading, encryption, and adjustments to different locales and manufacturers.” Pierluigi Paganini.

Financial Services 143

Financial Services Libraries Encryption Authentication 143

Security Affairs

APRIL 23, 2020

Microsoft released an out-of-band advisory to address security vulnerabilities affecting Autodesk FBX vulnerabilities in Office, Office 365, and Paint 3D. . Microsoft confirmed that the issues in the Autodesk FBX library opened some of its products to remote code execution attacks when processing specially crafted 3D content.

Libraries 125

Libraries Cybersecurity Security IT 125

Security Affairs

AUGUST 26, 2019

The UK National Cyber Security Centre (NCSC) urges developers to drop Python 2 due to imminent End-of-Life to avoid attacks on a large scale. The UK National Cyber Security Centre (NCSC) is recommending developers to drop Python 2.x x due to the imminent End-of-Life. “Python 2.7 will not be maintained past 2020.

Security 111

Security Risk Ransomware Libraries 111

Security Affairs

JUNE 10, 2020

The CVE-2020-3960 flaw was discovered by Cfir Cohen, a researcher from Google’s cloud security team. The virtualization firm already released security pathers for the above products, but no workaround is available. ” reads the security advisory published by the company. appeared first on Security Affairs.

Cloud 140

Cloud Libraries Access Authentication 140

Security Affairs

JULY 13, 2019

The best news of the week with Security Affairs. Backdoor mechanism found in Ruby strong_password library. UK ICO fines British Airways £183 Million under GDPR over 2018 security breach. Prototype Pollution flaw discovered in all versions of Lodash Library. Microsoft released Patch Tuesday security updates for July 2019.

Security 84

Security Libraries Data breaches Ransomware 84

Security Affairs

OCTOBER 25, 2020

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. since August. .”

Ransomware 145

Ransomware Libraries Cybersecurity Government 145

Security Affairs

SEPTEMBER 24, 2020

The IT giant is urging Windows administrators to install the released security updates as soon as possible. — Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Don’t waste time, patch your system now!

Authentication 143

Authentication Passwords Analytics Libraries 143

Security Affairs

NOVEMBER 11, 2018

The best news of the week with Security Affairs. Apple T2 security chip in new MacBooks disconnects Microphone when lid is closed. Apache Struts users have to update FileUpload library to fix years-old flaws. HSBC Bank USA notified customers of a security breach. Security Affairs – Newsletter ). 20% discount.

Security 99

Security IoT Insurance Libraries 99

Security Affairs

FEBRUARY 2, 2020

The best news of the week with Security Affairs. CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Magento 2.3.4 Pierluigi Paganini.

Security 90

Security Military Ransomware Libraries 90

Security Affairs

JUNE 9, 2019

Automated teller machine vendor Diebold Nixdorf has released security updates to address a remote code execution vulnerability in older ATMs. Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. Pierluigi Paganini.

Libraries 111

Libraries Communications Financial Services Security 111

Security Affairs

JUNE 12, 2019

Microsoft releases Patch Tuesday security updates for June 2019 that address 88 vulnerabilities in Windows OS and other products. ” reads the security advisory. Experts pointed out that Microsoft failed to address a flaw in SymCrypt , a core cryptographic function library currently used by Windows. Pierluigi Paganini.

Security 103

Security Authentication Libraries Encryption 103

Security Affairs

SEPTEMBER 24, 2020

The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg. “Our blog post describes how image parsing code, as a third party library, ends up being the weakest point of Instagram’s large system. ” reads the analysis published by CheckPoint.

Access 139

Access Libraries Communications IT 139