Security Affairs

NOVEMBER 6, 2018

Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. in June 2017.

Libraries 279

Libraries Access Security IT 279

Security Affairs

DECEMBER 4, 2019

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The expert discovered the two libraries on December 1, by the German software developer Lukas Martini. SecurityAffairs – Python libraries , hacking).

Libraries 246

Libraries Security IT 246

Security Affairs

JULY 9, 2019

Liran Tal, a developer advocate at open-source security platform Snyk, discovered a high-severity prototype pollution security flaw that affects all versions of lodash. Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. Pierluigi Paganini.

Libraries 243

Libraries Security IT Information Security 243

Security Affairs

JANUARY 4, 2020

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code. SecurityAffairs – library, hacking).

Libraries 243

Libraries Data structuring Security IT 243

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. Microsoft Security Response Center (MSRC) told the Google expert that the company will not able to provide a security patch before next month.

Libraries 261

Libraries Encryption Security IT 261

Security Affairs

JANUARY 29, 2020

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Libraries 268

Libraries Security IT Information Security 268

Security Affairs

NOVEMBER 6, 2019

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. . Pierluigi Paganini.

Libraries 189

Libraries Archiving Security Information Security 189

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The fallguys library claimed to provide an interface to the “ Fall Guys: Ultimate Knockout ” game API. ” reads the npm’s advisory. . Pierluigi Paganini.

Libraries 359

Libraries Access Security IT 359

Security Affairs

JANUARY 26, 2020

The best news of the week with Security Affairs. Malware attack took down 600 computers at Volusia County Public Library. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Security Affairs newsletter Round 248 appeared first on Security Affairs. Pierluigi Paganini.

Security 279

Security Data breaches Military IoT 279

Security Affairs

MARCH 27, 2020

A few days ago, Microsoft warned of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. The vulnerabilities affects the way Windows Adobe Type Manager Library handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. See the link for more details.

Libraries 357

Libraries Risk Security IT 357

Security Affairs

OCTOBER 21, 2020

Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues, including a patch for an actively exploited zero-day vulnerability tracked as CVE-2020-15999. Google Project Zero is recommending other app development teams who use the same FreeType library to update their software as well.

Libraries 329

Libraries Security Information Security IT 329

Security Affairs

OCTOBER 18, 2020

Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. The CVE-2020-17022 is a remote code execution vulnerability that exists in the way that Microsoft Windows Codecs Library handles objects in memory. Pierluigi Paganini.

Libraries 343

Libraries Manufacturing Security IT 343

Security Affairs

MARCH 23, 2020

Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries 335

Libraries Risk Authentication Security 335

Security Affairs

SEPTEMBER 7, 2020

A recently discovered cybercrime gang, tracked as Epic Manchego , is using a new technique to create weaponized Excel files that are able to bypass security checks. The phishing messages carry weaponized Excel documents that are able to bypass security checks and that had low detection rates. EPPlus is such a tool.”

Libraries 340

Libraries Phishing Passwords Security 340

Security Affairs

MARCH 20, 2020

Drupal developers released security updates for versions 8.8.x x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x x that address two XSS vulnerabilities that affect the CKEditor library. or 8.7.12 , include CKEditor version 4.14

Libraries 347

Libraries Risk Access Security 347

Security Affairs

FEBRUARY 19, 2019

It’s official, Offensive Security announced the release of Kali Linux 2019.1, On Monday, Offensive Security announced the availability of Kali Linux 2019.1, that was released in January and that includes new database and automation APIs, evasion modules and libraries, language support, improved performance.

Security 276

Security Libraries IT 276

Security Affairs

MAY 7, 2020

Samsung addressed this month a critical 0-click vulnerability that was discovered by security researchers from Google. Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014. system libraries.” or libhwui.so

IT 352

IT Libraries Security Access 352

Security Affairs

OCTOBER 17, 2020

All secrets and keys stored on that computer should be rotated immediately from a different computer,” the npm security team said. Experts warn that systems running applications that imported one of these packages should be potentially compromised because the three JavaScript libraries opened web shells on the computers running them.

Libraries 362

Libraries Security Access IT 362

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e. Pierluigi Paganini.

Libraries 361

Libraries Paper Security Cybersecurity 361

Security Affairs

APRIL 6, 2020

Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. ” reads the post published by Aqua Security. gopsutil – a process utility library, used for system and processes monitoring.

Mining 339

Mining Libraries Cloud Communications 339

Security Affairs

APRIL 14, 2020

Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including three Windows issues that have been exploited in attacks in the wild. Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including two remote code execution flaws in Windows that are actively exploited. Pierluigi Paganini.

Libraries 331

Libraries Authentication Security Risk 331

Security Affairs

MARCH 3, 2019

Npcap is the Nmap Project’s packet sniffing (and sending) library for Windows. It is based on the WinPcap / Libpcap libraries, but with improved speed, portability, security. “ Npcap is the exciting and feature-packed update to the venerable WinPcap packet capture library. frame capture.”

Libraries 279

Libraries Security IT 279

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. ” reads the security advisory. Experts pointed out that GitHub and OpenSSH implementations of the libssh library are not affected by the flaw. Pierluigi Paganini.

Libraries 279

Libraries Authentication Passwords Security 279

Security Affairs

AUGUST 26, 2019

The UK National Cyber Security Centre (NCSC) urges developers to drop Python 2 due to imminent End-of-Life to avoid attacks on a large scale. The UK National Cyber Security Centre (NCSC) is recommending developers to drop Python 2.x x due to the imminent End-of-Life. “Python 2.7 will not be maintained past 2020.

Security 279

Security Risk Ransomware Libraries 279

Security Affairs

FEBRUARY 2, 2020

The best news of the week with Security Affairs. CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Security Affairs newsletter Round 249 appeared first on Security Affairs. Magento 2.3.4

Security 224

Security Military Ransomware Libraries 224

Security Affairs

SEPTEMBER 8, 2020

Microsoft September 2020 Patch Tuesday security updates address 129 vulnerabilities, including twenty critical remote code execution issues. ” CVE-2020-1129 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability , which can be exploited to perform code execution if an affected system views a specially crafted image.

Libraries 290

Libraries Security Information Security IT 290

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. With each new version, the malware adds new features like dynamic library loading, encryption, and adjustments to different locales and manufacturers.” Pierluigi Paganini.

Financial Services 358

Financial Services Libraries Encryption Authentication 358

Security Affairs

JUNE 9, 2019

Automated teller machine vendor Diebold Nixdorf has released security updates to address a remote code execution vulnerability in older ATMs. Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. Pierluigi Paganini.

Libraries 279

Libraries Communications Financial Services Security 279

Security Affairs

APRIL 23, 2020

Microsoft released an out-of-band advisory to address security vulnerabilities affecting Autodesk FBX vulnerabilities in Office, Office 365, and Paint 3D. . Microsoft confirmed that the issues in the Autodesk FBX library opened some of its products to remote code execution attacks when processing specially crafted 3D content.

Libraries 305

Libraries Cybersecurity Security IT 305

Security Affairs

MAY 12, 2020

IBM security researcher continues to monitor the evolution of the infamous Zeus Sphinx banking Trojan (aka Zloader or Terdot ) that receives frequent updates and that was involved in active coronavirus scams. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 2 Trojan that was leaked online.

Libraries 341

Libraries Sales Government IT 341

Security Affairs

OCTOBER 16, 2018

The security passionate Jose Rodriguez has discovered a new passcode bypass bug that could be exploited on the recently released iOS 12.0.1. Keep swiping to the top left corner until VoiceOver tells you that you can select the Photo Library (“Fototeca” in Rodriguez’ video). Tap to select Photo Library.

Access 277

Access Libraries Security IT 277

Security Affairs

JUNE 10, 2020

The CVE-2020-3960 flaw was discovered by Cfir Cohen, a researcher from Google’s cloud security team. The virtualization firm already released security pathers for the above products, but no workaround is available. ” reads the security advisory published by the company. appeared first on Security Affairs.

Cloud 345

Cloud Libraries Access Authentication 345

Security Affairs

NOVEMBER 11, 2018

The best news of the week with Security Affairs. Apple T2 security chip in new MacBooks disconnects Microphone when lid is closed. Apache Struts users have to update FileUpload library to fix years-old flaws. HSBC Bank USA notified customers of a security breach. Security Affairs – Newsletter ). 20% discount.

Security 237

Security IoT Insurance Libraries 237

Security Affairs

OCTOBER 22, 2018

Lilith Wyatt, a security researcher at Cisco Talos, has discovered a critical remote code execution vulnerability ( CVE-2018-4013 ) in the LIVE555 media streaming library that is used by popular media players, including VLC and MPlayer. LIVE555 Streaming Media is a set of open-source C++ libraries maintained by Live Networks Inc.

Libraries 266

Libraries Security IT 266

Security Affairs

SEPTEMBER 16, 2018

The script loads various resources from Feedify’s infrastructure, including a library named “feedbackembad -min-1.0.js The group has been active since at least 2015 and compromised many e-commerce websites to steal payment card and other sensitive data. but apparently, the hackers re-infected the library. URL: hxxps://cdn[.]feedify[.]net/getjs/feedbackembad-min-1.0.js.

Cloud 272

Cloud Libraries Access Security 272

Security Affairs

SEPTEMBER 24, 2020

The IT giant is urging Windows administrators to install the released security updates as soon as possible. — Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Don’t waste time, patch your system now!

Authentication 351

Authentication Passwords Analytics Libraries 351

Security Affairs

FEBRUARY 21, 2019

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. dll library in 2005.

Libraries 279

Libraries Archiving Security IT 279