Security Affairs

JULY 17, 2024

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer. ” states Trend Micro.

Archiving 126

Archiving Ransomware Libraries Passwords 126

The Last Watchdog

AUGUST 19, 2024

Related: Europe mandates resiliency Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software supply chains, especially in light of the SolarWinds and Colonial Pipeline attacks. He drew a vivid parallel between food safety and software security.

Security 173

Security Libraries Cloud Cybersecurity 173

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Authentication 132

Authentication Libraries Access Security 132

Security Affairs

MARCH 8, 2024

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338.

Security 132

Security IT Authentication Libraries 132

Security Affairs

SEPTEMBER 3, 2024

These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. The researchers analyzed the exploitability of the platform’s permission-based security model, which is based on the Transparency, Consent, and Control ( TCC ) framework.

Libraries 129

Libraries Risk Access Security 129

Security Affairs

AUGUST 28, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856 (CVSS score of 8.8)

IT 125

IT Libraries Cybersecurity Risk 125

Security Affairs

MAY 14, 2024

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability. Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. “CVE-2024-4761: Out of bounds write in V8.

Libraries 131

Libraries Access Security IT 131

eSecurity Planet

DECEMBER 19, 2023

Various forms of AI, such as machine learning (ML) and large language models (LLM), already dominated headlines throughout 2023 and will continue to present both overhyped possibilities and realized potential in 2024.

Cybersecurity 139

Cybersecurity Cloud Ransomware Risk 139

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm

Libraries 139

Libraries Authentication Access Risk 139

CILIP

JANUARY 16, 2024

CILIP welcomes publication of Sanderson Review of Public Libraries CILIP has welcomed the publication of the findings of Baroness Sanderson of Welton’s Independent Review of Public Libraries, announced today at an event at the House of Lords attended by our CEO, Nick Poole.

Libraries 86

Libraries Government Education Communications 86

The Last Watchdog

JUNE 26, 2024

June 26, 2024, CyberNewsWire — FireTail today announced a free version of its enterprise-level API security tools, making them accessible to developers and organizations of all sizes. FireTail , a disruptor in API security, unveils free access for all to its cutting-edge API security platform. McLean, Va.,

Access 130

Access Security IT Libraries 130

Security Affairs

MAY 24, 2024

Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, in the Chrome browser, it is the eighth zero-day exploited in attacks disclosed this year.

Libraries 123

Libraries Access Security Risk 123

Security Affairs

SEPTEMBER 14, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance OS Command Injection Vulnerability CVE-2024-8190 (CVSS score of 7.2)

Cloud 131

Cloud IT Libraries Cybersecurity 131

Security Affairs

JULY 16, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog. CISA orders federal agencies to fix this vulnerability by August 5, 2024. GeoServer versions prior to 2.23.6,

IT 128

IT Libraries Cybersecurity Risk 128

Security Affairs

SEPTEMBER 20, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance a path traversal vulnerability CVE-2024-8190 (CVSS score of 9.4)

Cloud 126

Cloud IT Authentication Cybersecurity 126

Security Affairs

FEBRUARY 4, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 121

Security Ransomware Passwords Data breaches 121

Security Affairs

JULY 4, 2024

Technology company Splunk released security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform. The vulnerability CVE-2024-36985 is a Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise. and 9.2.2, and 9.0.10

Cloud 132

Cloud Analytics Libraries Authentication 132

Security Affairs

SEPTEMBER 19, 2024

Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score of 9.4), actively exploited in attacks in the wild against a limited number of customers. The vulnerability is a path traversal security issue. is End-of-Life , and no longer receives updates for OS or third-party libraries.

Cloud 122

Cloud Authentication Libraries Access 122

Security Affairs

SEPTEMBER 14, 2024

Ivanti warned that recently patched flaw CVE-2024-8190 in Cloud Service Appliance (CSA) is being actively exploited in the wild. Ivanti warned that a newly patched vulnerability, tracked as CVE-2024-8190 (CVSS score of 7.2), in its Cloud Service Appliance (CSA) is being actively exploited. to address the vulnerability.

Cloud 123

Cloud Libraries Authentication Cybersecurity 123

CILIP

OCTOBER 27, 2023

Invitation to Tender - Anti-Racist Library Collections training for Wales Content Developers needed for the Anti-Racist Library Collections project. There is scope to develop one, two or three anti-racist library collection modules that will form a program of training for public libraries across Wales.

Libraries 87

Libraries Government Security 87

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 million print materials, 13 million videos, 1.2 Internet Archive hacked. 54% were already in @haveibeenpwned.

Archiving 119

Archiving Data breaches Passwords File names 119

eSecurity Planet

MAY 2, 2024

Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. Password manager : Stores passwords securely, enforces quality, permits safe internal and external sharing, and ties into HR software for effective off-boarding of users.

Cybersecurity 103

Cybersecurity Ransomware Passwords Cloud 103

Schneier on Security

JUNE 14, 2024

The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024. The event will also be available via Zoom. The list is maintained on this page.

Libraries 113

Libraries 113

eSecurity Planet

OCTOBER 15, 2024

But as more teams rely on Kubernetes, security challenges have come sharply into focus. Organizations can better protect their applications and data by following well-established security best practices. Proper security measures, therefore, play a crucial role in managing the risks associated with Kubernetes deployments.

Security 68

Security Encryption Authentication Access 68

Security Affairs

SEPTEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Draytek VigorConnect and Kingsoft WPS Office vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

IT 129

IT Libraries Cybersecurity Risk 129

Security Affairs

NOVEMBER 18, 2024

The Library of Congress discloses the compromise of some of its IT systems, an alleged foreign threat actor hacked their emails. Only email communications between congressional offices and some library staff, including the Congressional Research Service, from January to September, were affected. ” reported the NBC News.

Libraries 65

Libraries Communications Access Government 65

eSecurity Planet

JANUARY 8, 2024

Speed remains critical to security, but more importantly, patching teams need to make progress with patch and vulnerability management. Here’s a roundup of the week’s major vulnerabilities that security teams should mitigate or patch. No organization should remain vulnerable six months after vendors issue patches!

Encryption 108

Encryption Libraries Cybersecurity Communications 108

Security Affairs

MARCH 11, 2024

ai have published technical details and a proof-of-concept (PoC) exploit for the critical security flaw CVE-2024-1403 in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security vulnerability in OpenEdge Release 11.7.18 Researchers from Horizon3.ai

Authentication 135

Authentication Passwords Libraries Access 135

Security Affairs

AUGUST 12, 2024

In late July 2024, Kaspersky researchers detected a series of targeted cyberattacks against the Russian government and IT organizations. “This library is a backdoor packed with the VMProtect tool. . “This library is a backdoor packed with the VMProtect tool. Kaspersky named this campaign has EastWind.

Libraries 136

Libraries Encryption Cloud Archiving 136

Security Affairs

JANUARY 26, 2024

Jenkins maintainers addressed several security vulnerabilities, including a critical remote code execution (RCE) flaw. The maintainers of the open-source platform have addressed nine security vulnerabilities, including a critical flaw, tracked as CVE-2024-23897 , that could lead to remote code execution (RCE).

Libraries 141

Libraries Access Security IT 141

CILIP

AUGUST 1, 2024

Indicative contract fee: £6,000 inclusive of VAT Timescale for delivery: September 2024 – November 2024 The outputs will be used to develop a new evidence-based campaign to promote better pro-library regulation for eBook lending in the public and academic library sectors in the UK.

Libraries 90

Libraries Education Access Security 90

CILIP

JULY 22, 2024

AI and the Digital Humanities at CILIP Conference 2024 Photo of Mia Ridge, Digital Curator at the British Library Digital Curator at the British Library, Mia Ridge reflects on the ‘AI and the digital humanities’ session at CILIP Conference 2024. Labelling generative AI images and texts is vital.

Libraries 65

Libraries Mining Metadata Archiving 65

The Last Watchdog

OCTOBER 1, 2024

1, 2024 — ForAllSecure , the world’s most advanced application security testing company, today announced it is changing its corporate name to Mayhem Security (“Mayhem”), signaling a new era of growth and opportunity aligned with its award-winning Mayhem Application Security platform.

Security 113

Security Education Cybersecurity Libraries 113

Security Affairs

APRIL 4, 2024

The attack technique was named HTTP/2 CONTINUATION Flood, the researcher Bartek Nowotarski reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. CVE-2024-27983 – An attacker can make the Node.js CVE-2024-2758 – Tempesta FW rate limits are not enabled by default. Version from 8.0.0

Libraries 138

Libraries IT Information Security Security 138

CILIP

JULY 29, 2024

CILIP in the press – Summer 2024 This summer, CILIP’s public affairs and general election activities have been raising awareness about the value and significance of libraries in all sectors, and have placed libraries at the heart of the political conversation. paywalled) Full story from the Telegraph Libraries give us power.

Libraries 52

Libraries Government Risk Security 52

Security Affairs

APRIL 9, 2024

December 14, 2023: Vendor requests extension March 22, 2024: Patch release April 09, 2024: Public release of this report Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, smart TVs) running on LG43UM7000PLA webOS 5.5.0 – 04.50.51

Authentication 139

Authentication Libraries Access Information Security 139

eSecurity Planet

JANUARY 2, 2024

And issues with Barracuda’s Email Secure Gateway persist, with an FBI safety warning about an older vulnerability still outstanding. Your IT and security teams should stay alert and aware during holidays, consistently patching known vulnerabilities and updating systems to the most recent versions of software. 1020000 1.26.10-gke.1235000

Authentication 94

Authentication Libraries Security Cybersecurity 94