Security Affairs

NOVEMBER 6, 2018

Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. in June 2017.

Libraries 111

Libraries Access Security IT 111

Security Affairs

JANUARY 4, 2020

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code. SecurityAffairs – library, hacking).

Libraries 97

Libraries Data structuring Security IT 97

Security Affairs

APRIL 2, 2019

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library.

Libraries 110

Libraries Phishing Security IT 110

Security Affairs

JULY 9, 2019

Liran Tal, a developer advocate at open-source security platform Snyk, discovered a high-severity prototype pollution security flaw that affects all versions of lodash. Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. Pierluigi Paganini.

Libraries 98

Libraries Security IT Information Security 98

Security Affairs

NOVEMBER 6, 2019

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. . Pierluigi Paganini.

Libraries 75

Libraries Archiving Security Information Security 75

Security Affairs

JANUARY 29, 2020

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Libraries 108

Libraries Security IT Information Security 108

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. Microsoft Security Response Center (MSRC) told the Google expert that the company will not able to provide a security patch before next month.

Libraries 105

Libraries Encryption Security IT 105

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The fallguys library claimed to provide an interface to the “ Fall Guys: Ultimate Knockout ” game API. ” reads the npm’s advisory. . Pierluigi Paganini.

Libraries 144

Libraries Access Security IT 144

Security Affairs

OCTOBER 21, 2020

Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues, including a patch for an actively exploited zero-day vulnerability tracked as CVE-2020-15999. Google Project Zero is recommending other app development teams who use the same FreeType library to update their software as well.

Libraries 133

Libraries Security Information Security IT 133

Security Affairs

JANUARY 26, 2020

The best news of the week with Security Affairs. Malware attack took down 600 computers at Volusia County Public Library. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. A new round of the weekly newsletter arrived!

Security 115

Security Data breaches Military IoT 115

Security Affairs

OCTOBER 18, 2020

Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. The CVE-2020-17022 is a remote code execution vulnerability that exists in the way that Microsoft Windows Codecs Library handles objects in memory. Pierluigi Paganini.

Libraries 138

Libraries Manufacturing Security IT 138

Security Affairs

NOVEMBER 20, 2024

The Qualys Threat Research Unit (TRU) discovered five Local Privilege Escalation (LPE) decade-old security vulnerabilities in the needrestart package that could allow a local attacker to gain root privileges without requiring user interaction. released in April 2014. ” reads the advisory.

Libraries 64

Libraries Compliance Access Risk 64

Security Affairs

JANUARY 28, 2021

The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Libraries 142

Libraries IT Mining Security 142

Security Affairs

OCTOBER 17, 2020

All secrets and keys stored on that computer should be rotated immediately from a different computer,” the npm security team said. Experts warn that systems running applications that imported one of these packages should be potentially compromised because the three JavaScript libraries opened web shells on the computers running them.

Libraries 145

Libraries Security Access IT 145

Security Affairs

NOVEMBER 25, 2022

Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. The most recent OpenSSL version was released in 2018.

Libraries 102

Libraries Manufacturing Communications Security 102

Security Affairs

SEPTEMBER 7, 2020

A recently discovered cybercrime gang, tracked as Epic Manchego , is using a new technique to create weaponized Excel files that are able to bypass security checks. The phishing messages carry weaponized Excel documents that are able to bypass security checks and that had low detection rates. EPPlus is such a tool.”

Libraries 137

Libraries Phishing Passwords Security 137

Security Affairs

MAY 7, 2020

Samsung addressed this month a critical 0-click vulnerability that was discovered by security researchers from Google. Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014. system libraries.” or libhwui.so

IT 141

IT Libraries Security Access 141

Security Affairs

MARCH 27, 2020

A few days ago, Microsoft warned of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. The vulnerabilities affects the way Windows Adobe Type Manager Library handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. See the link for more details.

Libraries 142

Libraries Risk Security IT 142

Security Affairs

MARCH 23, 2020

Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries 135

Libraries Risk Authentication Security 135

Security Affairs

FEBRUARY 19, 2019

It’s official, Offensive Security announced the release of Kali Linux 2019.1, On Monday, Offensive Security announced the availability of Kali Linux 2019.1, that was released in January and that includes new database and automation APIs, evasion modules and libraries, language support, improved performance.

Security 110

Security Libraries IT 110

Security Affairs

MAY 31, 2020

Every week the best security articles from Security Affairs free for you in your email box. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. A new round of the weekly SecurityAffairs newsletter arrived!

Security 86

Security Data breaches Ransomware Sales 86

Security Affairs

JULY 13, 2019

The best news of the week with Security Affairs. Backdoor mechanism found in Ruby strong_password library. UK ICO fines British Airways £183 Million under GDPR over 2018 security breach. Prototype Pollution flaw discovered in all versions of Lodash Library. Microsoft released Patch Tuesday security updates for July 2019.

Security 79

Security Libraries Data breaches Ransomware 79

Security Affairs

DECEMBER 8, 2019

The best news of the week with Security Affairs. Two malicious Python libraries were stealing SSH and GPG keys. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. A new round of the weekly newsletter arrived!

Security 81

Security Authentication Ransomware Libraries 81

Security Affairs

MARCH 20, 2020

Drupal developers released security updates for versions 8.8.x x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x x that address two XSS vulnerabilities that affect the CKEditor library. or 8.7.12 , include CKEditor version 4.14

Libraries 138

Libraries Risk Access Security 138

Security Affairs

FEBRUARY 2, 2020

The best news of the week with Security Affairs. CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Magento 2.3.4 Pierluigi Paganini.

Security 90

Security Military Ransomware Libraries 90

Security Affairs

SEPTEMBER 8, 2020

Microsoft September 2020 Patch Tuesday security updates address 129 vulnerabilities, including twenty critical remote code execution issues. ” CVE-2020-1129 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability , which can be exploited to perform code execution if an affected system views a specially crafted image.

Libraries 119

Libraries Security Information Security IT 119

Security Affairs

SEPTEMBER 2, 2024

Cicada 3301 is the name given to three sets of puzzles posted under the name “3301” online between 2012 and 2014. A second round of puzzles began one year later on January 4, 2013, and then a third round following the confirmation of a fresh clue posted on Twitter on January 4, 2014.

Ransomware 137

Ransomware Encryption Libraries IT 137

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. released in 2014, The issue tracked as CVE-2018-10933 was discovered by Peter Winter-Smith from NCC Group, it ties a coding error in Libssh. ” reads the security advisory.

Libraries 111

Libraries Authentication Passwords Security 111

Security Affairs

MARCH 3, 2019

Npcap is the Nmap Project’s packet sniffing (and sending) library for Windows. It is based on the WinPcap / Libpcap libraries, but with improved speed, portability, security. “ Npcap is the exciting and feature-packed update to the venerable WinPcap packet capture library. frame capture.”

Libraries 111

Libraries Security IT 111

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e. Pierluigi Paganini.

Libraries 144

Libraries Paper Security Cybersecurity 144

Security Affairs

APRIL 6, 2020

Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. ” reads the post published by Aqua Security. gopsutil – a process utility library, used for system and processes monitoring.

Mining 136

Mining Libraries Cloud Communications 136

Security Affairs

AUGUST 26, 2019

The UK National Cyber Security Centre (NCSC) urges developers to drop Python 2 due to imminent End-of-Life to avoid attacks on a large scale. The UK National Cyber Security Centre (NCSC) is recommending developers to drop Python 2.x x due to the imminent End-of-Life. “Python 2.7 will not be maintained past 2020.

Security 111

Security Risk Ransomware Libraries 111

Security Affairs

APRIL 14, 2020

Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including three Windows issues that have been exploited in attacks in the wild. Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including two remote code execution flaws in Windows that are actively exploited. Pierluigi Paganini.

Libraries 133

Libraries Authentication Security Risk 133

Security Affairs

SEPTEMBER 24, 2020

The IT giant is urging Windows administrators to install the released security updates as soon as possible. — Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Don’t waste time, patch your system now!

Authentication 141

Authentication Passwords Analytics Libraries 141

Security Affairs

OCTOBER 25, 2020

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. since August. .”

Ransomware 145

Ransomware Libraries Cybersecurity Government 145

Security Affairs

OCTOBER 6, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. since August. Pierluigi Paganini.

Government 143

Government Libraries Cybersecurity Phishing 143

Security Affairs

APRIL 23, 2020

Microsoft released an out-of-band advisory to address security vulnerabilities affecting Autodesk FBX vulnerabilities in Office, Office 365, and Paint 3D. . Microsoft confirmed that the issues in the Autodesk FBX library opened some of its products to remote code execution attacks when processing specially crafted 3D content.

Libraries 124

Libraries Cybersecurity Security IT 124