Security Affairs

JULY 9, 2019

Liran Tal, a developer advocate at open-source security platform Snyk, discovered a high-severity prototype pollution security flaw that affects all versions of lodash. Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. Pierluigi Paganini.

Libraries 245

Libraries Security IT Information Security 245

Security Affairs

MARCH 6, 2019

A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. SecurityAffairs – Chrome, CVE-2019-5786). Pierluigi Paganini.

Libraries 280

Libraries Security Access 280

Security Affairs

APRIL 2, 2019

Cyber Defense eMagazine April 2019 Edition has arrived. Visit our online library by clicking here. . INFOSEC AWARDS 2019 RESULTS HERE – CONGRATS TO WINNERS! White Hat Security Sincerely,TEAM CDMCyber Defense Magazine P.S. Thanks to our awesome sponsors – media kits available here. . Endace & DarkTrace.

IT 264

IT Libraries Education Phishing 264

Security Affairs

JULY 1, 2020

Microsoft has silently released an emergency security update through the Windows Store app to address two vulnerabilities in Windows codecs. Microsoft has silently released two out-of-band security updates through the Windows Store app to address two vulnerabilities in the Windows Codecs Library. Pierluigi Paganini.

Libraries 289

Libraries Security IT Information Security 289

Security Affairs

MARCH 4, 2019

We’re honored to bring you our 7th Annual edition of Cyber Defense Magazine (CDM), exclusively in print at the RSA Conference (RSAC) 2019. Cyber Defense eMagazine – Annual RSA Conference 2019 Edition. and by the RSA Conference 2019 Team! RSA Conference | Where the world talks security. InfoSec Knowledge is Power.

Libraries 239

Libraries Education Cybersecurity Security 239

Security Affairs

NOVEMBER 6, 2019

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. . c in libarchive before 3.4.0

Libraries 189

Libraries Archiving Security Information Security 189

Security Affairs

SEPTEMBER 10, 2019

Adobe September 2019 Patch Tuesday updates address two code execution bugs in Flash Player and a DLL hijacking flaw in Application Manager. Adobe has released September 2019 Patch Tuesday updates that address two code execution vulnerabilities in Flash Player and a DLL hijacking flaw in Application Manager. arbitrary code execution?in

Libraries 235

Libraries Security Information Security 235

Security Affairs

NOVEMBER 14, 2019

Security experts at SafeBreach have discovered a vulnerability in McAfee antivirus software tracked as CVE-2019-3648 that could allow an attacker with Administrator privileges to escalate privileges and execute code with SYSTEM privileges. ” reads the analysis published by SafeBreach. . in the wbem folder and get it executed.

Libraries 258

Libraries Security Access IT 258

Krebs on Security

JULY 9, 2019

Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. ” The DHCP weakness ( CVE-2019-0785 ) exists in most supported versions of Windows server, from Windows Server 2012 through Server 2019.

Libraries 224

Libraries IT Access Security 224

Security Affairs

OCTOBER 21, 2020

Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues, including a patch for an actively exploited zero-day vulnerability tracked as CVE-2020-15999. Google Project Zero is recommending other app development teams who use the same FreeType library to update their software as well.

Libraries 331

Libraries Security Information Security IT 331

Security Affairs

JULY 10, 2019

Adobe Patch Tuesday updates for July 2019 address minor vulnerabilities in the Bridge CC, Experience Manager and Dreamweaver products. Good news for Adobe users, Adobe Patch Tuesday updates for July 2019 address only minor flaws in the Bridge CC, Experience Manager, and Dreamweaver products. ” reads the security advisory.

Libraries 224

Libraries Security IT Information Security 224

Security Affairs

JANUARY 26, 2020

The best news of the week with Security Affairs. Citrix releases permanent fixes for CVE-2019-19781 flaw in ADC 11.1 Malware attack took down 600 computers at Volusia County Public Library. The post Security Affairs newsletter Round 248 appeared first on Security Affairs. Yomi Hunter Catches the CurveBall.

Security 283

Security Data breaches Military IoT 283

Security Affairs

NOVEMBER 1, 2019

One of the two flaws in Chrome addressed by Google, CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors. Reported by banananapenguin on 2019-10-12[$TBD][ 1019226 ] High CVE-2019-13720: Use-after-free in audio. SecurityAffairs – CVE-2019-13720, Lazarus). Pierluigi Paganini.

Libraries 202

Libraries Encryption Security IT 202

Security Affairs

SEPTEMBER 7, 2020

A recently discovered cybercrime gang, tracked as Epic Manchego , is using a new technique to create weaponized Excel files that are able to bypass security checks. The phishing messages carry weaponized Excel documents that are able to bypass security checks and that had low detection rates. EPPlus is such a tool.”

Libraries 342

Libraries Phishing Passwords Security 342

Security Affairs

FEBRUARY 19, 2019

It’s official, Offensive Security announced the release of Kali Linux 2019.1, On Monday, Offensive Security announced the availability of Kali Linux 2019.1, “Welcome to our first release of 2019, Kali Linux 2019.1, “Welcome to our first release of 2019, Kali Linux 2019.1, Kali Linux 2019.1

Security 276

Security Libraries IT 276

Security Affairs

DECEMBER 5, 2021

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 343 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Security 266

Security Healthcare Ransomware Libraries 266

Security Affairs

DECEMBER 31, 2018

Bug bounty programs are very important for the security of software and hardware, major tech firms launched their own programs to discover flaws before hackers. 14 bug bounty programs start in in January 2019 they will cover various products including Filezilla , Apache Kafka , Notepad++ , PuTTY , and VLC Media Player. 15/08/2019.

Libraries 279

Libraries Privacy Security IT 279

Krebs on Security

DECEMBER 10, 2019

Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software. By nearly all accounts, the chief bugaboo this month is CVE-2019-1458 , a vulnerability in a core Windows component (Win32k) that is present in Windows 7 through 10 and Windows Server 2008-2019.

Libraries 173

Libraries Encryption Security Ransomware 173

Security Affairs

NOVEMBER 1, 2018

Visit our online library by clicking here. INFOSEC AWARDS FOR 2019 OPEN ON NOVEMBER 1, 2018. RSA Conference for 2019 takes place in San Francisco, California on March 4, 2019. RSA Conference for 2019 takes place in San Francisco, California on March 4, 2019. appeared first on Security Affairs.

IT 273

IT Libraries Security Cybersecurity 273

Security Affairs

FEBRUARY 2, 2020

The best news of the week with Security Affairs. Which was the most common threat to macOS devices in 2019? Attacks on Citrix servers increase after the release of CVE-2019-19781 exploits. CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros. A new round of the weekly newsletter arrived!

Security 225

Security Military Ransomware Libraries 225

Security Affairs

JULY 3, 2019

Google released the July 2019 security patches for the Android OS that address a total of 33 vulnerabilities, including 9 issues rated as Critical. ” reads the security advisory. .” ” reads the security advisory. CVE-2019-2106 and CVE-2019-2107 affect all Android releases since 7.0,

Libraries 269

Libraries Security IT Information Security 269

Security Affairs

JUNE 15, 2019

The best news of the week with Security Affairs. CVE-2019-12735 – opening a specially crafted file in Vim or Neovim Editor could compromise your Linux system. CVE-2019-2725 Oracle WebLogic flaw exploited in cryptojacking campaign. Google expert disclosed details of an unpatched flaw in SymCrypt library. Kindle Edition.

Security 217

Security Metadata Libraries Data breaches 217

Security Affairs

JULY 13, 2019

The best news of the week with Security Affairs. Backdoor mechanism found in Ruby strong_password library. UK ICO fines British Airways £183 Million under GDPR over 2018 security breach. Prototype Pollution flaw discovered in all versions of Lodash Library. Microsoft released Patch Tuesday security updates for July 2019.

Security 195

Security Libraries Data breaches Ransomware 195

Security Affairs

OCTOBER 6, 2020

The e-skimmer was first spotted by researchers at Malwarebytes’ Threat Intelligence Team, the researchers noticed a single line of code that is used to load an external JavaScript library from paypal-debit[.]com/cdn/ga.js. us, had been injected with a one-liner that contains a Base64 encoded URL loading an external JavaScript library.”

Libraries 275

Libraries Phishing Analytics Security 275

Security Affairs

APRIL 7, 2019

The best news of the week with Security Affairs. VMware addressed vulnerabilities disclosed at Pwn2Own 2019. Closure JavaScript Library introduced XSS issue in Google Search and potentially other services. CVE-2019-0211 Apache flaw allows getting root access via script. Cyber Defense Magazine – April 2019 has arrived.

Security 214

Security Ransomware Libraries Paper 214

Security Affairs

DECEMBER 2, 2019

Experts discovered several DLL hijacking flaws in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application. The first issue in Kaspersky Secure Connection (KSDE) VPN client, tracked as CVE-2019-15689, could be exploited by an attacker to implant and run an arbitrary unsigned executable. .

Libraries 241

Libraries Authentication Security IT 241

Security Affairs

JANUARY 31, 2021

The malware is an evolution of a Monero cryptocurrency miner that was first spotted by Unit 42 researchers in 2019. “LD_PRELOAD forces binaries to load specific libraries before others, allowing the preloaded libraries to override any function from any library. ” continues the analysis. Pierluigi Paganini.

Cloud 305

Cloud Libraries Mining IT 305

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. The analysis of the EventBot’s infrastructure and C2 reveals a potential link to another Android info stealer employed in late 2019 in attacks against Italian users. .

Financial Services 359

Financial Services Libraries Encryption Authentication 359

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining 323

Mining Libraries Access Encryption 323

Security Affairs

FEBRUARY 16, 2021

Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS versions of the instant messaging app Telegram. In 2019, Telegram had introduced in animated stickers , this was the starting point for the investigation of the experts. ” continues the report. ” continues the report.

Access 320

Access Libraries Encryption Security 320

Security Affairs

MAY 31, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 266 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security 213

Security Data breaches Ransomware Sales 213

Security Affairs

DECEMBER 8, 2019

The best news of the week with Security Affairs. Two malicious Python libraries were stealing SSH and GPG keys. CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems. . The post Security Affairs newsletter Round 243 appeared first on Security Affairs. The evolutions of APT28 attacks.

Security 203

Security Authentication Ransomware Libraries 203

Security Affairs

JULY 16, 2021

Since 2019 experts found many Joker apps on Google Play store, in September 2019 security experts at Google removed from the store 24 apps. Joker malware is a serious threat, the ability of its developers and their efforts in bypassing security scanners of the official store pose a serious risk mobile users.

Encryption 363

Encryption Libraries Cloud Security 363

Security Affairs

SEPTEMBER 6, 2019

The development team behind the PHP programming language recently released new versions of PHP to address multiple high-severity vulnerabilities in its core and bundled libraries. and 7.1.32, and address multiple security vulnerabilities. ” reads the security advisory published by Red Hat. c in Oniguruma 6.9.2

Libraries 261

Libraries Security IT Information Security 261

Security Affairs

MAY 11, 2019

” The flaw, tracked as CVE-2019-5018 affects SQLite 3.26.0, SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. The post Experts found a remote-code execution flaw in SQLite appeared first on Security Affairs. and received CVSS 3.0

Libraries 279

Libraries Security IT 279

Security Affairs

JANUARY 18, 2019

Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable. ” reads the d escription provided by.

Financial Services 253

Financial Services Libraries Mining Retail 253

Security Affairs

MARCH 18, 2020

The popular online guitar tutoring website TrueFire has suffered a ‘ Magecart ‘ style security breach that might have exposed customers’ personal information and payment card data. TrueFire has over 1 million users, its customer could pay to receive guitar tutorial from a library of over 900 courses and 40,000 video lessons.

Data breaches 310

Data breaches Access Libraries Passwords 310