2023, Libraries and Security - Information Management Today

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. The flaw was initially tracked as CVE-2023-4863 , because researchers believed that it was only impacting the Google Chrome browser.

Libraries

Libraries IT Security Information Security

British Library suffers major outage due to cyberattack

Security Affairs

NOVEMBER 1, 2023

Last weekend, the British Library suffered a cyberattack that caused a major IT outage, impacting many of its services. The British Library is facing a major outage that impacts the website and many of its services following a cyber attack that took place on October 28. ” reads a tweet published by the library. .”

Libraries

Libraries Cybersecurity Security IT

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. It is one of the largest libraries in the world. ” reads the announcement.

Libraries

Libraries Ransomware Manufacturing Education

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Security Affairs

JANUARY 30, 2024

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc) , including a heap-based buffer overflow tracked as CVE-2023-6246.

Libraries

Libraries Access Security IT

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Security Affairs

NOVEMBER 29, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser.

Libraries

Libraries Security Access IT

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Security Affairs

JANUARY 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Libraries

Libraries IT Cybersecurity Risk

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

Security Affairs

SEPTEMBER 11, 2023

Google rolled out emergency security updates to address a new Chrome zero-day (CVE-2023-4863) actively exploited in the wild. Google rolled out emergency security updates to address a zero-day vulnerability that has been actively exploited in attacks in the wild since the start of the year.

Libraries

Libraries Security IT Information Security

A flaw in libcue library impacts GNOME Linux systems

Security Affairs

OCTOBER 10, 2023

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts.

Libraries

Libraries Security IT Access

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Security Affairs

SEPTEMBER 28, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day flaw in the Chrome browser which is tracked as CVE-2023-5217.

Libraries

Libraries Passwords Security IT

Microsoft Patch Tuesday, November 2023 Edition

Krebs on Security

NOVEMBER 14, 2023

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks.

Phishing

Phishing Authentication Libraries Access

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Security Affairs

JANUARY 12, 2024

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz.

Honeypots

Honeypots Authentication Libraries Passwords

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

Security Affairs

NOVEMBER 28, 2023

Threat actors started exploiting a critical ownCloud vulnerability (CVE-2023-49103) that can lead to sensitive information disclosure. The vulnerability, tracked as CVE-2023-49103 , resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL. ” reported the company.

Cybersecurity

Cybersecurity Libraries Passwords Access

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” continues the report. ” concludes the report.

Government

Government Ransomware Libraries Access

Patch Tuesday, October 2023 Edition

Krebs on Security

OCTOBER 10, 2023

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. The patch fixes CVE-2023-42724 , which attackers have been using in targeted attacks to elevate their access on a local device.

Libraries

Libraries Authentication Communications Cloud

Microsoft Patch Tuesday security updates fixed 3 actively exploited flaws

Security Affairs

NOVEMBER 14, 2023

Patch Tuesday security updates for November 2023 fixed three vulnerabilities actively exploited in the wild. – CVE-2023-36036 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability An attacker can exploit this flaw to gain SYSTEM privileges. ” reads the post published by ZDI.

Security

Security Cloud Libraries Phishing

Google fixed the second actively exploited Chrome zero-day of 2023

Security Affairs

APRIL 19, 2023

Google rolled out emergency security patches to address another actively exploited high-severity zero-day flaw in the Chrome browser. Google rolled out emergency fixes to address another actively exploited high-severity zero-day flaw, tracked as CVE-2023-2136 , in its Chrome web browser.

Libraries

Libraries Education Access Security

Google fixed the third Chrome zero-day of 2023

Security Affairs

JUNE 6, 2023

Google released security updates to address a high-severity zero-day flaw in the Chrome web browser that it actively exploited in the wild. Google released security updates to address a high-severity vulnerability, tracked as CVE-2023-3079, in its Chrome web browser. ” reads the advisory published by the company.

Libraries

Libraries Security IT Information Security

Researchers disclose critical sandbox escape bug in vm2 sandbox library

Security Affairs

APRIL 9, 2023

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. The developers behind the vm2 JavaScript sandbox module have addressed a critical vulnerability, tracked as CVE-2023-29017 (CVSS score 9.8), that could be exploited to execute arbitrary shellcode.

Libraries

Libraries File names Education Cybersecurity

Google fixed the first Chrome zero-day of 2023

Security Affairs

APRIL 14, 2023

Google released an emergency security update to address a zero-day vulnerability in Chrome which is actively exploited in the wild. Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue.

Libraries

Libraries Education Cybersecurity Security

Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day

Security Affairs

JANUARY 11, 2023

Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. One of the flaws addressed this month, tracked as CVE-2023-21674 (CVSS score 8.8), is listed as being in the wild at the time of release. Another issue fixed by Microsoft is the CVE-2023-21549 (CVSS Score 8.8)

Security

Security Libraries Encryption Authentication

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

Security Affairs

DECEMBER 27, 2023

Security firm Barracuda addressed a new zero-day, affecting its Email Security Gateway (ESG) appliances, that is actively exploited by the China-linked UNC4841 group. “Spreadsheet::ParseExcel is an open source library used by the Amavis virus scanner within the ESG appliance.” ” reads the advisory.

Libraries

Libraries Access Cybersecurity Security

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

Security Affairs

JULY 5, 2024

The two vulnerabilities are: CVE ID CVSS Score Vulnerability CVE-2023-2071 9.8 Remote code execution (RCE) CVE-2023-29464 8.2 DoS via out-of-bounds read CVE-2023-2071 (CVSS score: 9.8) The device has the functionality, through a CIP class, to execute exported functions from libraries. CVE-2023-29464 (CVSS score: 8.2)

Libraries

Libraries Communications Cybersecurity Risk

Google addressed a new actively exploited Chrome zero-day

Security Affairs

DECEMBER 20, 2023

Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day. TODAY, 1 day later, Chrome has a fix out to protect users!!!

Libraries

Libraries Access IT Information Security

Atlassian addressed four new RCE flaws in its products

Security Affairs

DECEMBER 6, 2023

Atlassian released security patches to address four critical remote code execution vulnerabilities in its products. Below is the list of vulnerabilities addressed by the vendor: CVE-2022-1471 (CVSS score: 9.8) – SnakeYAML library RCE Vulnerability that impacts multiple products. and later.

IT

IT Libraries Security Information Security

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms.

IT

IT Libraries Cybersecurity Passwords

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

Security Affairs

OCTOBER 6, 2023

Researchers published PoC exploits for CVE-2023-4911 vulnerability (aka Looney Tunables) impacting most popular Linux distributions. The vulnerability CVE-2023-4911 (CVSS score 7.8) is a buffer overflow issue that resides in the GNU C Library’s dynamic loader ld.so 2023-10-03: Coordinated Release Date (17:00 UTC). .

Libraries

Libraries Risk Security IT

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Artificial Intelligence

Artificial Intelligence Security Data breaches Ransomware

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

Cybersecurity

Cybersecurity Phishing Authentication Analytics

Security Affairs newsletter Round 415 by Pierluigi Paganini – International edition

Security Affairs

APRIL 16, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Every week the best security articles from Security Affairs are free for you in your email box. The post Security Affairs newsletter Round 415 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Data breaches

Data breaches Security Libraries Retail

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 4, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Passwords Data breaches

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Security Affairs

MAY 6, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Libraries Data breaches Ransomware

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

Security Affairs

JULY 24, 2023

OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted communication over a network. The now-patched vulnerability, tracked as CVE-2023-38408 , can be exploited by a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent.

Libraries

Libraries Authentication Encryption Security

Security Affairs newsletter Round 402 by Pierluigi Paganini

Security Affairs

JANUARY 15, 2023

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 402 by Pierluigi Paganini appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Security

Security Ransomware Libraries Phishing

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs

JULY 30, 2024

These included relocating malicious functions to obfuscated native libraries, using certificate pinning to secure C2 communications, and determine if it was running on a rooted device or in an emulated environment. “In April 2024, we found a suspicious sample that turned out to be a new version of Mandrake. .”

Libraries

Libraries Communications Encryption IT

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

Security Affairs

APRIL 9, 2024

running on OLED55A23LA Below is the disclosure timeline: November 01, 2023: Vendor disclosure November 15, 2023: Vendor confirms the vulnerabilities. running on OLED55A23LA Below is the disclosure timeline: November 01, 2023: Vendor disclosure November 15, 2023: Vendor confirms the vulnerabilities. Sweden, and Finland.

Authentication

Authentication Libraries Access Information Security

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 18, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Libraries

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs

APRIL 28, 2024

Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems. The researchers found a malicious PPSX (PowerPoint Slideshow signal-2023-12-20-160512.ppsx)

Military

Military Mining Libraries Security

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs

AUGUST 7, 2024

In December 2023, the group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. The group also claimed the hack of the British Library and China Energy Engineering Corporation. The Rhysida ransomware group has been active since May 2023. The victims of the group are “targets of opportunity.”

Ransomware

Ransomware Manufacturing Libraries Education

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 22, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added MinIO, PaperCut, and Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. CVE-2023-27350 (CVSS score – 9.8) – PaperCut MF/NG Improper Access Control Vulnerability. CVE-2023-2136 – Google Chrome Skia Integer Overflow Vulnerability.

IT

IT Libraries Cybersecurity Education

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 26, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. million patients in the U.S.

Security

Security Ransomware Data breaches Libraries

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs

OCTOBER 5, 2023

The research of zero-day exploits for popular applications such as WhatsApp is even more complex due to the security mechanisms implemented by the developers of the mobile OSs and the app. TechCrunch reported that a working zero-day exploit for the popular WhatsApp can be paid millions of dollars. and $8 million.

Marketing

Marketing Libraries Sales Government

Experts warn of critical Zero-Day in Apache OfBiz

Security Affairs

DECEMBER 28, 2023

An attacker can trigger the vulnerability, tracked as CVE-2023-51467 , to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) The issue resides in the login functionality and results from an incomplete patch for the Pre-auth RCE vulnerability CVE-2023-49070 (CVSS score: 9.8).

Authentication

Authentication Libraries Passwords Information Security

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Security Affairs

DECEMBER 17, 2023

“Today we experienced an exploit on the Ledger Connect Kit, a Javascript library that implements a button allowing users to connect their Ledger device to third party DApps (wallet-connected Web sites). This is a good example of the industry working swiftly together to address security challenges.” and 1.1.7).”

Phishing

Phishing Libraries Authentication Access

Raspberry Robin spotted using two new 1-day LPE exploits

Security Affairs

FEBRUARY 11, 2024

The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file. ” The vulnerability CVE-2023-36802 is a Type Confusion issue in Microsoft Streaming Service Proxy.

Communications

Communications Manufacturing Libraries Cybersecurity

Watch out! CVE-2023-5129 in libwebp library affects millions applications

British Library suffers major outage due to cyberattack

Webinars

Trending Sources

Rhysida ransomware gang is auctioning data stolen from the British Library

Webinars

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

A flaw in libcue library impacts GNOME Linux systems

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Microsoft Patch Tuesday, November 2023 Edition

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Patch Tuesday, October 2023 Edition

Microsoft Patch Tuesday security updates fixed 3 actively exploited flaws

Google fixed the second actively exploited Chrome zero-day of 2023

Google fixed the third Chrome zero-day of 2023

Researchers disclose critical sandbox escape bug in vm2 sandbox library

Google fixed the first Chrome zero-day of 2023

Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

Google addressed a new actively exploited Chrome zero-day

Atlassian addressed four new RCE flaws in its products

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

Security Affairs newsletter Round 415 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

Security Affairs newsletter Round 402 by Pierluigi Paganini

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

A WhatsApp zero-day exploit can cost several million dollars

Experts warn of critical Zero-Day in Apache OfBiz

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Raspberry Robin spotted using two new 1-day LPE exploits

Stay Connected