Security Affairs

MARCH 6, 2019

A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. The vulnerability tracked as CVE-2019-5786 resides in the web browsing software and impact all major operating systems including Windows, Apple macOS, and Linux. SecurityAffairs – Chrome, CVE-2019-5786).

Libraries 280

Libraries Security Access 280

Security Affairs

APRIL 2, 2019

Cyber Defense eMagazine April 2019 Edition has arrived. Visit our online library by clicking here. . INFOSEC AWARDS 2019 RESULTS HERE – CONGRATS TO WINNERS! The post Cyber Defense Magazine – April 2019 has arrived. We hope you enjoy this month’s edition…packed with over 140 pages of excellent content.

IT 264

IT Libraries Education Phishing 264

Security Affairs

NOVEMBER 6, 2019

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. . c in libarchive before 3.4.0

Libraries 189

Libraries Archiving Security Information Security 189

Security Affairs

MARCH 4, 2019

We’re honored to bring you our 7th Annual edition of Cyber Defense Magazine (CDM), exclusively in print at the RSA Conference (RSAC) 2019. Cyber Defense eMagazine – Annual RSA Conference 2019 Edition. and by the RSA Conference 2019 Team! Visit our online library by clicking here. InfoSec Knowledge is Power.

Libraries 238

Libraries Education Cybersecurity Security 238

Security Affairs

JUNE 12, 2019

Microsoft releases Patch Tuesday security updates for June 2019 that address 88 vulnerabilities in Windows OS and other products. The flaws were disclosed by the researcher SandboxEscaper over the past weeks, below the list of the issue: CVE-2019-0973 CVE-2019-1053 CVE-2019-1064 CVE-2019-1069. Pierluigi Paganini.

Security 245

Security Authentication Libraries Encryption 245

Krebs on Security

JULY 9, 2019

” The DHCP weakness ( CVE-2019-0785 ) exists in most supported versions of Windows server, from Windows Server 2012 through Server 2019. One of the zero-day flaws — CVE-2019-1132 — affects Windows 7 and Server 2008 systems.

Libraries 219

Libraries IT Access Security 219

Security Affairs

SEPTEMBER 10, 2019

Adobe September 2019 Patch Tuesday updates address two code execution bugs in Flash Player and a DLL hijacking flaw in Application Manager. Adobe has released September 2019 Patch Tuesday updates that address two code execution vulnerabilities in Flash Player and a DLL hijacking flaw in Application Manager. Pierluigi Paganini.

Libraries 233

Libraries Security Information Security 233

Security Affairs

NOVEMBER 14, 2019

Security experts at SafeBreach have discovered a vulnerability in McAfee antivirus software tracked as CVE-2019-3648 that could allow an attacker with Administrator privileges to escalate privileges and execute code with SYSTEM privileges. The post CVE-2019-3648 flaw in all McAfee AV allows DLL Hijacking appeared first on Security Affairs.

Libraries 258

Libraries Security Access IT 258

Security Affairs

OCTOBER 21, 2020

The CVE-2020-15999 flaw is a memory corruption bug that resides in the FreeType font rendering library, which is included in standard Chrome releases. Google Project Zero is recommending other app development teams who use the same FreeType library to update their software as well. 2019) and CVE-2020-6418 (Feb.

Libraries 329

Libraries Security Information Security IT 329

Security Affairs

JULY 10, 2019

Adobe Patch Tuesday updates for July 2019 address minor vulnerabilities in the Bridge CC, Experience Manager and Dreamweaver products. Good news for Adobe users, Adobe Patch Tuesday updates for July 2019 address only minor flaws in the Bridge CC, Experience Manager, and Dreamweaver products. ” reads the security advisory.

Libraries 223

Libraries Security IT Information Security 223

Security Affairs

NOVEMBER 1, 2019

One of the two flaws in Chrome addressed by Google, CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors. Reported by banananapenguin on 2019-10-12[$TBD][ 1019226 ] High CVE-2019-13720: Use-after-free in audio. SecurityAffairs – CVE-2019-13720, Lazarus). Pierluigi Paganini.

Libraries 202

Libraries Encryption Security IT 202

Krebs on Security

DECEMBER 10, 2019

By nearly all accounts, the chief bugaboo this month is CVE-2019-1458 , a vulnerability in a core Windows component (Win32k) that is present in Windows 7 through 10 and Windows Server 2008-2019. ’ An odd discrepancy on top of a CVE advisory for an outdated OS. It is very likely this is being exploited in the wild.”

Libraries 171

Libraries Encryption Security Ransomware 171

Security Affairs

SEPTEMBER 7, 2020

The trick used by the Epic Macnchego gang consists of compiling the documents with a.NET library called EPPlus , instead of the standard Microsoft Office software. ” The library can generate files in multiple spreadsheet formats, it also supports Excel 2019. .” ” reads the analysis published by NVISO.

Libraries 340

Libraries Phishing Passwords Security 340

Security Affairs

JULY 1, 2020

Microsoft has silently released two out-of-band security updates through the Windows Store app to address two vulnerabilities in the Windows Codecs Library. The two issues are remote code execution vulnerabilities tracked as CVE-2020-1425 & CVE-2020-1457 that impact Windows 10 and Windows Server 2019 OSs.

Libraries 288

Libraries Security IT Information Security 288

Security Affairs

NOVEMBER 1, 2018

Visit our online library by clicking here. INFOSEC AWARDS FOR 2019 OPEN ON NOVEMBER 1, 2018. RSA Conference for 2019 takes place in San Francisco, California on March 4, 2019. RSA Conference for 2019 takes place in San Francisco, California on March 4, 2019. Please tell your friends to.

IT 273

IT Libraries Security Cybersecurity 273

Security Affairs

JULY 3, 2019

Google released the July 2019 security patches for the Android OS that address a total of 33 vulnerabilities, including 9 issues rated as Critical. Google addressed the flaw as part of the 2019-07-01 security patch level, it also fixed other 11 vulnerabilities. CVE-2019-2106 and CVE-2019-2107 affect all Android releases since 7.0,

Libraries 268

Libraries Security IT Information Security 268

Security Affairs

OCTOBER 6, 2020

The e-skimmer was first spotted by researchers at Malwarebytes’ Threat Intelligence Team, the researchers noticed a single line of code that is used to load an external JavaScript library from paypal-debit[.]com/cdn/ga.js. us, had been injected with a one-liner that contains a Base64 encoded URL loading an external JavaScript library.”

Libraries 274

Libraries Phishing Analytics Security 274

Security Affairs

JANUARY 31, 2021

The malware is an evolution of a Monero cryptocurrency miner that was first spotted by Unit 42 researchers in 2019. “LD_PRELOAD forces binaries to load specific libraries before others, allowing the preloaded libraries to override any function from any library. ” continues the analysis.

Cloud 303

Cloud Libraries Mining IT 303

Security Affairs

DECEMBER 2, 2019

The first issue in Kaspersky Secure Connection (KSDE) VPN client, tracked as CVE-2019-15689, could be exploited by an attacker to implant and run an arbitrary unsigned executable. . “Using the CVE-2019-15689 vulnerability, we were able to load an arbitrary DLL file which was signed by AO Kaspersky Lab and run as NT AUTHORITYSYSTEM.

Libraries 241

Libraries Authentication Security IT 241

Security Affairs

JULY 24, 2024

The Macma macOS backdoor was first detailed by Google in 2021 and has been used since at least 2019. In addition to this shared infrastructure, Macma and other malware in the Daggerfly’s arsenal, including Mgbot all contain code from a single, shared library or framework.

Libraries 334

Libraries IT Information Security Security 334

Security Affairs

MAY 11, 2019

” The flaw, tracked as CVE-2019-5018 affects SQLite 3.26.0, SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. .” reads the analysis published by Cisco Talos. “An attacker can send a malicious SQL command to trigger this vulnerability.”

Libraries 279

Libraries Security IT 279

Security Affairs

JANUARY 18, 2019

Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable. ” reads the d escription provided by.

Financial Services 252

Financial Services Libraries Mining Retail 252

Security Affairs

APRIL 30, 2020

Most recent versions of EventBot also include a ChaCha20 library that can improve performance, but it is not currently being used, a circumstance that suggests authors are actively working to optimize EventBot. ” concludes the report. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Financial Services 358

Financial Services Libraries Encryption Authentication 358

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining 322

Mining Libraries Access Encryption 322

Security Affairs

SEPTEMBER 6, 2019

The development team behind the PHP programming language recently released new versions of PHP to address multiple high-severity vulnerabilities in its core and bundled libraries. One of the vulnerabilities, tracked as CVE-2019-13224, is a ‘use-after-free’ code execution issue that affects the Oniguruma regular expression library.

Libraries 261

Libraries Security IT Information Security 261

Security Affairs

MARCH 15, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving 275

Archiving Libraries File names Security 275

Security Affairs

FEBRUARY 16, 2021

In 2019, Telegram had introduced in animated stickers , this was the starting point for the investigation of the experts. The “ rlottie ” folder caught their attention, it was the folder used for the Samsung native library for playing Lottie animations, originally created by Airbnb. . ” continues the report.

Access 318

Access Libraries Encryption Security 318

Security Affairs

DECEMBER 26, 2019

SQLite is a widely adopted relational database management system contained in a C programming library. ” The flaws, tracked as CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, could cause remote code execution, or could leak program memory or cause program crashes.

IoT 242

IoT Libraries Security IT 242

Security Affairs

JULY 16, 2021

Since 2019 experts found many Joker apps on Google Play store, in September 2019 security experts at Google removed from the store 24 apps. The spyware is able to steal SMS messages, contact lists, and device information and to sign victims up for premium service subscriptions.

Encryption 363

Encryption Libraries Cloud Security 363

Security Affairs

AUGUST 12, 2019

Searching for a PTP Python library, we found ptpy , which didn’t work straight out of the box, but still saved us important time in our setup.” Itkin successfully tested his exploit code for the CVE-2019-5998 flaw and achieved code execution over a USB connection. 14 May 2019 – Canon confirmed all of our vulnerabilities.

Ransomware 278

Ransomware Encryption Libraries Authentication 278

Security Affairs

DECEMBER 13, 2021

The CVE-2021-44228 flaw made the headlines last week, after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability ( aka Log4Shell ) that affects the Apache Log4j Java-based logging library.

CMS 288

CMS Authentication Libraries Risk 288

Security Affairs

JULY 7, 2020

The new version of the exploit kit includes the code for the exploitation of the CVE-2020-0674 and CVE-2019-1458. The CVE-2019-1458 Windows zero-day was addressed by Microsoft’s December 2019 Patch Tuesday, it was exploited in North Korea-linked attacks. ” reads the analysis published by ProofPoint.

Libraries 284

Libraries Security IT 284

Security Affairs

FEBRUARY 15, 2019

The removed apps are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search. “Users may get introduced to these apps through the top free apps lists on the Microsoft Store or through keyword search.

Mining 278

Mining Libraries Analytics Security 278

Security Affairs

MARCH 18, 2020

TrueFire has over 1 million users, its customer could pay to receive guitar tutorial from a library of over 900 courses and 40,000 video lessons. Customers who made online payments on the TrueFire website between August 2019 and January 2020 could have been impacted and are recommended to block their payment cards.

Data breaches 310

Data breaches Access Libraries Passwords 310

Security Affairs

NOVEMBER 1, 2019

The vulnerabilities, tracked as CVE-2019-13720 and CVE-2019-13721, reside respectively in Chrome’s audio component and in the PDFium library. “[$7500 ] [ 1013868 ] High CVE-2019-13721: Use-after-free in PDFium. “Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild.”

Libraries 192

Libraries Security Access Information Security 192

Security Affairs

JULY 21, 2021

The author of the post claims that the data was acquired from US insurance giant Humana and includes detailed medical records of the company’s health plan members dating back to 2019. One of the forum members who downloaded the database claims that the archive contains information from 2020, and not 2019, as suggested by the leaker.

Insurance 308

Insurance Passwords Libraries Access 308

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. CERT-FR’s alert states that the Pysa ransomware code based on public Python libraries. The malicious code appended the extension. locked to the filename of the encrypted files.

Ransomware 357

Ransomware Government Encryption Passwords 357