Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Libraries 318

Libraries Communications Encryption IT 318

Krebs on Security

JANUARY 11, 2022

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. By all accounts, the most severe flaw addressed today is CVE-2022-21907, a critical, remote code execution flaw in the “ HTTP Protocol Stack.” “Test and deploy this patch quickly.” ” Quickly indeed. .”

Libraries 297

Libraries Security Access IT 297

Security Affairs

OCTOBER 25, 2022

A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database library, which was introduced in October 2000. on July 21, 2022.

Libraries 255

Libraries Security IT Information Security 255

Security Affairs

JUNE 16, 2022

Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.

Libraries 251

Libraries Cybersecurity Security IT 251

Security Affairs

JULY 4, 2022

Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. ” Google added.

Libraries 288

Libraries Communications Access IT 288

Security Affairs

JANUARY 10, 2023

The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken ( JWT ) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS score: 7.6), that could lead to remote code execution.

Libraries 246

Libraries Security awareness Authentication Security 246

Security Affairs

APRIL 9, 2023

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. servers, it has approximately four million weekly downloads and its library is part of 722 packages. servers, it has approximately four million weekly downloads and its library is part of 722 packages.

Libraries 245

Libraries File names Education Cybersecurity 245

Security Affairs

MARCH 2, 2022

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library. on February 24, 2022.

Libraries 246

Libraries Communications Security IT 246

Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The experts have found more than 60 applications in Google Play that were containing the malicious library.

Libraries 246

Libraries Data collection Education Security 246

Security Affairs

JULY 4, 2022

Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. ” Google added.

Libraries 251

Libraries Communications Access IT 251

Security Affairs

APRIL 12, 2022

Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities, including an actively exploited zero-day reported by NSA. One of these flaws, tracked as CVE-2022-24521 (CVSS score 7.8), is a Windows Common Log File System Driver Elevation of Privilege issue that is actively exploited. Pierluigi Paganini.

Libraries 251

Libraries Cybersecurity Security IT 251

Security Affairs

OCTOBER 28, 2022

Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723. šek, Milánek, and Przemek Gmerek of Avast on October 25, 2022.

Libraries 351

Libraries IT Communications Access 351

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. In March 2022, the U.S. Attackers loads the library file exp_lin.so

Libraries 363

Libraries Honeypots Communications Cybersecurity 363

Security Affairs

APRIL 7, 2022

Palo Alto Networks addressed a high-severity OpenSSL infinite loop vulnerability, tracked as CVE-2022-0778 , that affects some of its firewall, VPN, and XDR products. According to Palo Alto Networks, the CVE-2022-0778 vulnerability can be exploited by remote attackers to trigger a denial of service condition and crash vulnerable devices.

Libraries 256

Libraries Cybersecurity Authentication Security 256

Security Affairs

SEPTEMBER 3, 2022

Google on Friday released emergency fixes to address a vulnerability, tracked as CVE-2022-3075, in the Chrome web browser that is being actively exploited in the wild. The CVE-2022-3075 flaw is caused by insufficient data validating in Mojo. The vulnerability was reported by an anonymous researcher on August 30, 2022.

Libraries 336

Libraries Communications Security IT 336

Security Affairs

JULY 7, 2022

The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue , tracked as CVE-2022-2274 , affecting the popular library. released on June 21, 2022.

Libraries 324

Libraries Encryption Communications Security 324

Security Affairs

NOVEMBER 2, 2022

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library.

Libraries 311

Libraries Encryption Authentication Communications 311

Security Affairs

JUNE 28, 2022

Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. “OpenSSL version 3.0.4, Follow me on Twitter: @securityaffairs and Facebook.

Libraries 327

Libraries Paper Risk Security 327

Security Affairs

MARCH 25, 2022

for Windows, Mac, and Linux users to address a high-severity zero-day bug, tracked as CVE-2022-1096, exploited in the wild. The CVE-2022-1096 vulnerability is a Type Confusion in V8 JavaScript engine, the bug was reported by an anonymous on 2022-03-23. ” reads the security advisory published by Google.

Libraries 329

Libraries Access Security IT 329

Security Affairs

JUNE 20, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Pierluigi Paganini.

Security 265

Security Ransomware Libraries Encryption 265

Security Affairs

MAY 22, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. The post Security Affairs newsletter Round 366 by Pierluigi Paganini appeared first on Security Affairs. To nominate, please visit:? Pierluigi Paganini.

Security 246

Security Ransomware Libraries Cybersecurity 246

Security Affairs

MAY 22, 2022

The expert discovered a post where a researcher were sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library Remote Code Execution flaw ( CVE-2022-26809 CVSS 9.8). You will get a backdoor [link] — Tuan Anh Nguyen (@haxor31337) May 19, 2022. This PoC is fake do not run it. Pierluigi Paganini.

Libraries 363

Libraries Information Security Cybersecurity Security 363

Security Affairs

OCTOBER 30, 2022

Every week the best security articles from Security Affairs free for you in your email box. Twilio discloses another security incident that took place in June A massive cyberattack hit Slovak and Polish Parliaments How will Twitter change under Elon Musk? A new round of the weekly SecurityAffairs newsletter arrived!

Security 251

Security Ransomware Libraries Data breaches 251

Security Affairs

JANUARY 15, 2023

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 402 by Pierluigi Paganini appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Security 246

Security Ransomware Libraries Phishing 246

Security Affairs

OCTOBER 21, 2022

Experts at WordPress security firm Wordfence reported exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. Apache Commons Text is a library focused on algorithms working with strings. Apache Commons Text is a library focused on algorithms working with strings.

Libraries 184

Libraries Security IT Information Security 184

Security Affairs

DECEMBER 27, 2023

Security firm Barracuda addressed a new zero-day, affecting its Email Security Gateway (ESG) appliances, that is actively exploited by the China-linked UNC4841 group. “Spreadsheet::ParseExcel is an open source library used by the Amavis virus scanner within the ESG appliance.” ” reads the advisory.

Libraries 353

Libraries Access Cybersecurity Security 353

Security Affairs

OCTOBER 19, 2022

Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. ” wrote the security team.

Libraries 190

Libraries Security IT Information Security 190

Security Affairs

MAY 6, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 246

Security Libraries Data breaches Ransomware 246

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. trendmrcio[.]com,

Ransomware 340

Ransomware Libraries File names Encryption 340

Security Affairs

JANUARY 23, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) this week added seventeen actively exploited vulnerabilities to the Catalog. CISA is requiring 10 of 17 vulnerabilities added this week to be addressed within February 1st, 2022. The total number of vulnerabilities included in the catalog reached this week 341 vulnerabilities.

CMS 292

CMS IT Authentication Libraries 292

Security Affairs

NOVEMBER 10, 2022

Apple released out-of-band patches for iOS and macOS to fix a couple of code execution vulnerabilities in the libxml2 library. Apple released out-of-band patches for iOS and macOS to address two code execution flaws, tracked as CVE-2022-40303 and CVE-2022-40304 , in the libxml2 library for parsing XML documents.

Libraries 246

Libraries Security IT Information Security 246

Security Affairs

MAY 2, 2023

Apple has released its first Rapid Security Response update, but many iPhone users reported problems during the installation of the iOS Security Response. On June 2022, Apple announced that the Rapid Security Response feature would be available starting with iOS 16.4.1, ” “iOS Security Response 16.4.1 (a)

Security 246

Security Libraries Education Cybersecurity 246

Security Affairs

NOVEMBER 25, 2022

Google on Thursday released security updates to address a new zero-day vulnerability, tracked as CVE-2022-4135, impacting the Chrome web browser. Google rolled out an emergency security update for the desktop version of the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4135, that is actively exploited.

Libraries 246

Libraries Communications Security Access 246

Security Affairs

DECEMBER 3, 2022

Google released security updates to address a new Chrome zero-day flaw, tracked as CVE-2022-4262, actively exploited in the wild. Google rolled out an emergency security update for the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4262 , that is actively exploited. Pierluigi Paganini.

Libraries 246

Libraries Communications Security Information Security 246

Security Affairs

DECEMBER 6, 2023

Atlassian released security patches to address four critical remote code execution vulnerabilities in its products. Below is the list of vulnerabilities addressed by the vendor: CVE-2022-1471 (CVSS score: 9.8) – SnakeYAML library RCE Vulnerability that impacts multiple products.

IT 329

IT Libraries Security Information Security 329

Security Affairs

DECEMBER 19, 2022

The malicious package was first uploaded to the repository on December 11, 2022, in just two days, attackers pushed twenty versions of the malicious project. “The malicious functionality in the library does not execute upon installation, but waits to be called on programmatically before activating — a possible effort to avoid detection.

Data collection 318

Data collection Libraries Access Cybersecurity 318

Security Affairs

MARCH 17, 2022

of the library wipe the content of arbitrary files and replace it with a heart emoji. The attack was spotted on March 15, 2022, when users of the popular Vue.js ” reads the analysis published by security firm Synk. ” reads the analysis published by security firm Synk. It has over 1 million weekly downloads.

Libraries 304

Libraries Communications Security IT 304