Security Affairs

JULY 17, 2024

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer. ” states Trend Micro.

Archiving 321

Archiving Ransomware Libraries Passwords 321

Security Affairs

MAY 14, 2024

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day. CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability An attacker can exploit this vulnerability to gain SYSTEM privileges. ” reads the advisory.

Security 315

Security Libraries IT Information Security 315

Krebs on Security

MAY 14, 2024

CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. ” CVE-2024-30040 is a security feature bypass in MSHTML , a component that is deeply tied to the default Web browser on Windows systems. . First, the zero-days.

Libraries 274

Libraries Authentication Ransomware Security 274

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Authentication 336

Authentication Libraries Access Security 336

Security Affairs

SEPTEMBER 3, 2024

These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. Despite these risks, Microsoft considers the issues low-risk and declined to fix them, stating that some apps need to allow unsigned libraries for plugin support.

Libraries 329

Libraries Risk Access Security 329

Security Affairs

AUGUST 28, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856 (CVSS score of 8.8) This week Google released a security update to address the Chrome zero-day vulnerability CVE-2024-7965 that is actively exploited.

IT 318

IT Libraries Cybersecurity Risk 318

CILIP

OCTOBER 15, 2024

Honorary Fellowship Every year, CILIP invites Honorary Fellowship nominations from its membership to recognise professionals and individuals who have made a lasting impact on the world of libraries, and information and knowledge management. Nick Poole has been awarded Honorary Fellowship for his work within CILIP and across the sector.

Libraries 86

Libraries Access IT 86

Security Affairs

MAY 14, 2024

Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. “CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09″ reads the advisory. 208 for Mac/Windows and 124.0.6367.207 for Linux. .

Libraries 334

Libraries Access Security IT 334

Security Affairs

JULY 4, 2024

The vulnerability CVE-2024-36985 is a Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise. Technology company Splunk released security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform. and 9.2.2, ” reads the advisory.

Cloud 335

Cloud Libraries Analytics Authentication 335

Security Affairs

JULY 16, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer GeoTools eval injection vulnerability, tracked as CVE-2024-36401 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. CISA orders federal agencies to fix this vulnerability by August 5, 2024. GeoServer versions prior to 2.23.6,

IT 327

IT Libraries Cybersecurity Risk 327

Security Affairs

MAY 24, 2024

Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, in the Chrome browser, it is the eighth zero-day exploited in attacks disclosed this year. “Google is aware that an exploit for CVE-2024-5274 exists in the wild.” “Type Confusion in V8.

Libraries 315

Libraries Access Security Risk 315

Security Affairs

JULY 30, 2024

Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024. “In April 2024, we found a suspicious sample that turned out to be a new version of Mandrake. The experts pointed out that libopencv_dnn.so

Libraries 318

Libraries Communications Encryption IT 318

Security Affairs

SEPTEMBER 14, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance OS Command Injection Vulnerability CVE-2024-8190 (CVSS score of 7.2) This week, Ivanti warned that recently patched flaw CVE-2024-8190 in Cloud Service Appliance (CSA) is being actively exploited in the wild. The company note that CSA 4.6

Cloud 334

Cloud IT Libraries Cybersecurity 334

Security Affairs

SEPTEMBER 14, 2024

Ivanti warned that recently patched flaw CVE-2024-8190 in Cloud Service Appliance (CSA) is being actively exploited in the wild. Ivanti warned that a newly patched vulnerability, tracked as CVE-2024-8190 (CVSS score of 7.2), in its Cloud Service Appliance (CSA) is being actively exploited. The company note that CSA 4.6

Cloud 314

Cloud Libraries Authentication Cybersecurity 314

CILIP

FEBRUARY 11, 2025

Libraries Week: Libraries Change Lives in June and Green Libraries Week in October SAVE THE DATES 2025: Libraries Change Lives will take place in June and Green Libraries Week in October. The new annual programme for campaigns is: Libraries Week: Libraries Change Lives , Monday 2 June Sunday 8 June 2025.

Libraries 74

Libraries Education IT 74

CILIP

JANUARY 31, 2025

Invitation to tender: Future ready libraries CILIP is inviting researchers to undertake a gap analysis and consultation with sector experts to create a comprehensive review of training provision for leadership in the public library workforce in England. Contact Hinna Vayani for more details.

Libraries 79

Libraries Access Government 79

Security Affairs

SEPTEMBER 20, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance a path traversal vulnerability CVE-2024-8190 (CVSS score of 9.4) An attacker could chain the issue with the recently disclosed flaw CVE-2024-8190 to bypass admin authentication and execute arbitrary commands on the appliance. Patch 519).

Cloud 321

Cloud IT Authentication Cybersecurity 321

Security Affairs

SEPTEMBER 19, 2024

Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score of 9.4), actively exploited in attacks in the wild against a limited number of customers. is End-of-Life , and no longer receives updates for OS or third-party libraries. The vulnerability is a path traversal security issue.

Cloud 311

Cloud Authentication Libraries Access 311

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm

Libraries 351

Libraries Authentication Access Risk 351

The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. The comments we received were uniformly insightful and helpful.

Cybersecurity 258

Cybersecurity Phishing Authentication Analytics 258

Security Affairs

APRIL 4, 2024

The attack technique was named HTTP/2 CONTINUATION Flood, the researcher Bartek Nowotarski reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. CVE-2024-27983 – An attacker can make the Node.js CVE-2024-2758 – Tempesta FW rate limits are not enabled by default. Version from 8.0.0

Libraries 350

Libraries IT Information Security Security 350

Security Affairs

AUGUST 12, 2024

In late July 2024, Kaspersky researchers detected a series of targeted cyberattacks against the Russian government and IT organizations. “This library is a backdoor packed with the VMProtect tool. . “This library is a backdoor packed with the VMProtect tool. Kaspersky named this campaign has EastWind.

Libraries 345

Libraries Encryption Cloud Archiving 345

Security Affairs

APRIL 9, 2024

December 14, 2023: Vendor requests extension March 22, 2024: Patch release April 09, 2024: Public release of this report Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, smart TVs) running on LG43UM7000PLA webOS 5.5.0 – 04.50.51

Authentication 352

Authentication Libraries Access Information Security 352

Security Affairs

MARCH 8, 2024

Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338. The vulnerability CVE-2024-20337 (CVSS score 8.2) resides in the ISE Posture (System Scan) module of Cisco Secure Client for Linux. ” reads the advisory.

Security 336

Security IT Authentication Libraries 336

CILIP

APRIL 16, 2024

Libraries Change Lives Week anticipates this year’s General Election, puts the sector on a public platform where libraries, library staff and library users can evidence the value of this statutory service - both locally and nationally - to the leaders of tomorrow.

Libraries 79

Libraries Government IT 79

Security Affairs

SEPTEMBER 7, 2024

CVE-2024-7262 Kingsoft WPS Office Path Traversal Vulnerability: An improper path validation vulnerability in Kingsoft WPS Office (versions 12.2.0.13110 to 12.2.0.16412) allows attackers to load arbitrary Windows libraries via the promecefpluginhost.exe. CISA orders federal agencies to fix this vulnerability by September 24, 2024.

IT 329

IT Libraries Cybersecurity Risk 329

Collaboration 2.0

NOVEMBER 11, 2024

We tested the best e-readers from Kindle, Boox, Kobo, Nook, and more that let you carry an entire library everywhere you go.

Libraries 203

Libraries 203

Collaboration 2.0

NOVEMBER 21, 2024

Ditch the heavy books and carry your digital library in one device. We tested the top reading tablets from Kindle, Apple, and more to store all of your must-read titles and textbooks.

Libraries 203

Libraries 203

Collaboration 2.0

JULY 30, 2024

We tested the best gaming PCs from Alienware, Lenovo, HP, and more to help you find the right one for your budget and library.

Libraries 190

Libraries 190

CILIP

DECEMBER 2, 2024

The Government review was launched in September 2024 and aims to ensure that the national curriculum appropriately balances ambition, excellence, relevance, flexibility, and inclusivity for all children and young people. If they are lost it will be incredibly hard to replace them and their skilled staff. We are still awaiting a response.

Libraries 52

Libraries Education Government Access 52

Security Affairs

MARCH 11, 2024

ai have published technical details and a proof-of-concept (PoC) exploit for the critical security flaw CVE-2024-1403 in Progress Software OpenEdge Authentication Gateway and AdminServer. ” The vulnerability CVE-2024-1403 (CVSS score 10) is an authentication bypass issue that impacts OpenEdge versions 11.7.18

Authentication 343

Authentication Passwords Libraries Access 343

Collaboration 2.0

AUGUST 21, 2024

We tested the best e-readers that let you carry an entire library everywhere you go. Our favorites have adjustable displays and page-turning buttons for an easy-to-read experience.

Libraries 189

Libraries 189

Security Affairs

JULY 5, 2024

On May, 2024, the researchers detected a suspicious ELF file at /usr/bin/geomi that was uploaded from Russia to VirusTotal. From early to mid-June 2024, the botnet was used to launch DDoS attacks on organizations in Canada, the United States, and Germany.

Encryption 346

Encryption Libraries Communications IT 346

CILIP

JUNE 7, 2024

Trust Libraries: 10 Pledges for libraries to a new Government A General Election is just round the corner and its outcome will affect us all, with a new government and potentially hundreds of new MPs taking their seats in the House of Commons.

Libraries 92

Libraries Government Access IT 92

Collaboration 2.0

OCTOBER 11, 2024

The right VPN will help you stream safely and access your content libraries without drastically impacting your speed. These are the best VPNs compatible with your smart TV.

Libraries 187

Libraries Access 187

Security Affairs

MAY 1, 2024

A vulnerability, tracked as CVE-2024-27322 (CVSS v3: 8.8), in the R programming language could allow arbitrary code execution upon deserializing specially crafted R Data Serialization (RDS) or R package files (RDX). This vulnerability, assigned CVE-2024-27322, involves the use of promise objects and lazy evaluation in R.”

Metadata 340

Metadata Libraries Access IT 340

Security Affairs

JANUARY 26, 2024

The maintainers of the open-source platform have addressed nine security vulnerabilities, including a critical flaw, tracked as CVE-2024-23897 , that could lead to remote code execution (RCE). The open-source software uses the args4j library to parse CLI command arguments and options on the Jenkins controller.

Libraries 356

Libraries Access Security IT 356