Outpost24

DECEMBER 13, 2021

CVE-2021-44228: Critical vulnerability in Apache Log4j library. Mon, 12/13/2021 - 05:57. Full-Stack Security. Florian Barre.

Libraries 98

Libraries Security 98

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library.

Libraries 145

Libraries IT Cloud Data breaches 145

Krebs on Security

JANUARY 11, 2022

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. In May 2021, Microsoft patched a similarly critical and wormable vulnerability in the HTTP Protocol Stack; less than a week later, computer code made to exploit the flaw was posted online. .” ” Quickly indeed.

Libraries 281

Libraries Security Access IT 281

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. It’s also the crypto library used by systemd for DNSSEC. The team recommends users to stop using the vulnerable version of the library. which we released last week.

Libraries 145

Libraries Encryption Privacy IT 145

Security Affairs

NOVEMBER 5, 2021

Two popular npm libraries, coa and rc. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. Two npm libraries that have a total of 23 million weekly downloads, a data that is worrisome. 2/3] — npm (@npmjs) November 4, 2021. The post npm libraries coa and rc.

Libraries 138

Libraries Passwords Access Security 138

Security Affairs

JUNE 9, 2021

Microsoft’s June 2021 Patch Tuesday addressed 50 vulnerabilities, including six zero-day issues that are being actively exploited in the wild. Five vulnerabilities fixed by Microsoft’s June 2021 Patch Tuesday are rated Critical and 45 are rated Important in severity. Follow me on Twitter: @securityaffairs and Facebook.

Libraries 132

Libraries Cybersecurity Security IT 132

Security Affairs

OCTOBER 31, 2022

VMware warned of the existence of a public exploit targeting a recently addressed critical remote code execution (RCE) vulnerability, tracked as CVE-2021-39144 (CVSS score of 9.8), in NSX Data Center for vSphere (NSX-V). The remote code execution vulnerability resides in the XStream open-source library. Pierluigi Paganini.

Libraries 125

Libraries Cloud Security IT 125

Security Affairs

MARCH 2, 2022

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library. on February 24, 2022.

Libraries 98

Libraries Communications Security IT 98

IT Governance

JANUARY 10, 2022

For many, 2021 was a year to forget. The cyber security landscape offered similarly familiar topics: there were huge data breaches at Facebook and LinkedIn, while the threat of ransomware reached catastrophic levels. 2021 got off to an inauspicious start when cyber security researchers reported a huge leak of Brazilian residents’ data.

Security 110

Security Data breaches Ransomware Phishing 110

CILIP

DECEMBER 13, 2021

Alongside our existing Partnership Agreement with CILIP in Scotland (renewed in 2021), we are working closely with the National Committees - CILIP Cymru Wales and CILIP Ireland - to establish a new basis for our work together under Joint Agreements. to promote collaboration between libraries in the UK and overseas. A year in review.

Libraries 98

Libraries Government Education Digital transformation 98

eSecurity Planet

JUNE 17, 2021

Back in the day, security training was largely reserved for IT security specialists and then extended to include IT personnel in general. These days, all employees need to be well educated in security best practices and good habits if the organization wishes to steer clear of ransomware and malware. Elevate Security.

Cybersecurity 133

Cybersecurity Security awareness Phishing Education 133

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. v1: Pulse Connect Secure MAR-10334057-3.v1:

Security 143

Security Authentication Libraries Passwords 143

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library.

Libraries 145

Libraries Ransomware Access Security 145

eSecurity Planet

AUGUST 13, 2021

Since the inception of data forensics almost forty years ago, methods for investigating security events have given way to a market of vendors and tools offering digital forensics software (DFS). This article looks at the top digital forensic software tools of 2021 and what customers should consider when buying or acquiring a DSF tool.

e-Discovery 139

e-Discovery Computer and Electronics Marketing Compliance 139

Security Affairs

FEBRUARY 9, 2021

Microsoft February 2021 Patch Tuesday addresses 56 vulnerabilities, including a flaw that is known to be actively exploited in the wild. The CVE-2021-1732 zero-day is an elevation of privilege issues that resides in the Windows Win32k component. ” reads a blog post published by Microsoft.

IoT 102

IoT Libraries Encryption Security 102

IT Governance

DECEMBER 1, 2021

In November, we discovered 81 publicly disclosed cyber security incidents, accounting for 223,615,390 breached records. With one month left in 2021, the annual total running total of compromised records is to just shy of 5 billion. Cyber attacks. Ransomware. Data breaches. Financial information. In other news….

Data breaches 141

Data breaches Ransomware Computer and Electronics Healthcare 141

eSecurity Planet

JULY 8, 2021

But their popularity has made them a target for hackers, making container security an important area to supplement in the already extensive cybersecurity portfolio. The need for container security. Misconfigured permissions can multiply these problems, so container security is too critical to be taken lightly. Runtime security.

Security 90

Security Cloud Compliance Metadata 90

Security Affairs

DECEMBER 18, 2021

Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library a third security vulnerability made the headlines.

Libraries 145

Libraries Security Ransomware IT 145

Security Affairs

JANUARY 2, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 347 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Security 125

Security Ransomware Libraries Data breaches 125

Security Affairs

DECEMBER 12, 2021

Quebec shut down nearly 4,000 of its sites in response to the discovery of the Log4Shell flaw in the Apache Log4j Java-based logging library. Quebec shut down nearly 4,000 of its sites as a preventative measure after the disclosure of a PoC exploit for the Log4Shell flaw ( CVE-2021-44228 ) in the Apache Log4j Java-based logging library.

Libraries 132

Libraries Digital transformation Education Government 132

Security Affairs

DECEMBER 22, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of an open-source scanner for identifying web services impacted by Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. ” reads the description for the project. Pierluigi Paganini.

Libraries 133

Libraries Cybersecurity Security Government 133

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021. Pierluigi Paganini.

Government 98

Government Access Libraries Education 98

Security Affairs

DECEMBER 11, 2021

Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 ( aka Log4Shell ), in the Apache Log4j Java-based logging library. p0rz9 revealed that the CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups

Libraries 142

Libraries Cloud Access Cybersecurity 142

Security Affairs

FEBRUARY 4, 2021

Google has addressed an actively exploited zero-day vulnerability, tracked as CVE-2021-21148, with the release of the Chrome 88.0.4324.150 version. Google released Chrome 88.0.4324.150 version that addressed an actively exploited zero-day security vulnerability. “CVE-2021-21148: Heap buffer overflow in V8.

Libraries 135

Libraries Security Access IT 135

Security Affairs

DECEMBER 31, 2021

Below is the list of flaws discovered by the researchers: CVE-2021-20173 : Post Authentication Command Injection via SOAP Interface. CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). CVE-2021-23147 : Insufficient UART Protection Mechanisms.

Communications 145

Communications Libraries Encryption Passwords 145

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. trendmrcio[.]com,

Ransomware 140

Ransomware Libraries File names Encryption 140

eSecurity Planet

NOVEMBER 5, 2021

The tool uses security analytics to detect anomalous activity that deviates from a baseline of "normal" user behaviors and notifies parties when unusual behavior occurs. It offers risk assessment, auditing, incident management, mitigation, and compliance management to ensure a solid security posture. Learn more about StandardFusion.

Risk 108

Risk Compliance Cloud Access 108

eSecurity Planet

AUGUST 5, 2021

Open source security has been a big focus of this week’s Black Hat conference, but no open source security initiative is bolder than the one proffered by the Open Source Security Foundation (OpenSSF). ” OpenSSF was formed a year ago by the merger of Linux Foundation, GitHub and industry security groups.

Security 143

Security Big data Libraries Communications 143

Security Affairs

DECEMBER 14, 2021

US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. beta9 to 2.14.1. ” reads the announcement published by CISA.

Libraries 123

Libraries Cybersecurity Security Risk 123

Security Affairs

SEPTEMBER 25, 2021

for Windows, Mac, and Linux that addresses a high-severity zero-day vulnerability (CVE-2021-37973) exploited in the wild. Google confirmed that it is aware of the availability of an exploit for CVE-2021-37973, but the IT giant did not reveal if it is aware of attacks in the wild exploiting this issue. Pierluigi Paganini.

Libraries 128

Libraries IT Access Security 128

IT Governance

SEPTEMBER 1, 2021

If you find yourself facing a cyber security disaster, IT Governance is here to help. Hackers still $600m from Chinese cryptocurrency firm Poly Network (unknown) Japanese Exchange Liquid Global suffers cyber attack (unknown) Cream Finance loses $25 million in another security breach (unknown).

Data breaches 140

Data breaches Ransomware Insurance Data migration 140

Security Affairs

DECEMBER 13, 2021

Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. Pierluigi Paganini.

Mining 141

Mining Honeypots Libraries IT 141

Security Affairs

MARCH 15, 2021

The flaw, tracked as CVE-2021-21193, is a use after free vulnerability in the Blink rendering engine. “This update includes 5 security fixes. Please see the Chrome Security Page for more information.” 500][ 1167357 ] High CVE-2021-21191: Use after free in WebRTC. Google addressed the issue with the 89.0.4389.90

Libraries 144

Libraries Security IT Information Security 144

Schneier on Security

APRIL 11, 2024

There’s an important moral to the story of the attack and its discovery : The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. These code repositories, called libraries, are hosted on sites like GitHub.

Libraries 141

Libraries e-Discovery Cybersecurity Government 141

Security Affairs

FEBRUARY 7, 2021

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 300 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! If you want to also receive for free the international press subscribe here.

Security 100

Security Ransomware Encryption Libraries 100

Krebs on Security

AUGUST 25, 2021

Investigators found the other defendant had the malware code that was bundled with the Electrum Atom application in his Github code library. A copy of the May 2021 complaint is here (PDF). Because plaintiff did not file his lawsuit until May 21, 2021, three years and five months after his injury, his claims should be dismissed.”

Libraries 349

Libraries Access IT 349

Schneier on Security

NOVEMBER 14, 2020

This is a current list of where and when I am scheduled to speak: I’m speaking at the (ISC)² Security Congress 2020 , November 16, 2020. The panel is called “Deep Dive: Digital Security and Distributed Ledger Technology: Myths and Reality.” I’ll be speaking at an Informa event on February 28, 2021. Details to come.

Blockchain 133

Blockchain Libraries Privacy Security 133