2024, Libraries and Security - Information Management Today

CVE-2024-44243 macOS flaw allows persistent malware installation

Security Affairs

JANUARY 15, 2025

Microsoft disclosed details of a now-patched macOS flaw, tracked as CVE-2024-44243 (CVSS score: 5.5), that allows attackers with “root” access to bypass System Integrity Protection ( SIP ). Monitoring anomalous behavior in these processes is essential, as such entitlements can potentially bypass security mechanisms.

Libraries

Libraries Access Privacy IT

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 million print materials, 13 million videos, 1.2 Internet Archive hacked. 54% were already in @haveibeenpwned.

Archiving

Archiving Data breaches Passwords File names

Foreign adversary hacked email communications of the Library of Congress says

Security Affairs

NOVEMBER 18, 2024

The Library of Congress discloses the compromise of some of its IT systems, an alleged foreign threat actor hacked their emails. Only email communications between congressional offices and some library staff, including the Congressional Research Service, from January to September, were affected. ” reported the NBC News.

Libraries

Libraries Communications Access Government

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Security Affairs

SEPTEMBER 16, 2024

Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warns that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024. MSHTML is a platform used by Internet Explorer. “Yes.

Archiving

Archiving File names Libraries Passwords

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

Security Affairs

MAY 14, 2024

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day. CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability An attacker can exploit this vulnerability to gain SYSTEM privileges. ” reads the advisory.

Security

Security Libraries IT Information Security

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. GeoServer versions prior to 2.23.6, In Mid-July, the U.S.

Libraries

Libraries Encryption Cybersecurity Access

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

Security Affairs

JANUARY 28, 2024

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public. Exploits are already available.

Libraries

Libraries Authentication IT Security

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Security Affairs

JANUARY 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Libraries

Libraries IT Cybersecurity Risk

Patch Tuesday, May 2024 Edition

Krebs on Security

MAY 14, 2024

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library.

Libraries

Libraries Authentication Ransomware Security

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

Security Affairs

JULY 17, 2024

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer. ” states Trend Micro.

Archiving

Archiving Ransomware Libraries Passwords

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Security Affairs

SEPTEMBER 3, 2024

These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. The researchers analyzed the exploitability of the platform’s permission-based security model, which is based on the Transparency, Consent, and Control ( TCC ) framework.

Libraries

Libraries Risk Access Security

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Authentication

Authentication Libraries Access Security

Cisco addressed severe flaws in its Secure Client

Security Affairs

MARCH 8, 2024

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338.

Security

Security IT Authentication Libraries

U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 28, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856 (CVSS score of 8.8)

IT

IT Libraries Cybersecurity Risk

Google fixes sixth actively exploited Chrome zero-day this year

Security Affairs

MAY 14, 2024

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability. Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. “CVE-2024-4761: Out of bounds write in V8.

Libraries

Libraries Access Security IT

Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

Security Affairs

MAY 24, 2024

Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, in the Chrome browser, it is the eighth zero-day exploited in attacks disclosed this year.

Libraries

Libraries Access Security Risk

CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog

Security Affairs

JULY 16, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog. CISA orders federal agencies to fix this vulnerability by August 5, 2024. GeoServer versions prior to 2.23.6,

IT

IT Libraries Cybersecurity Risk

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 14, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance OS Command Injection Vulnerability CVE-2024-8190 (CVSS score of 7.2)

Cloud

Cloud IT Libraries Cybersecurity

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 20, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance a path traversal vulnerability CVE-2024-8190 (CVSS score of 9.4)

Cloud

Cloud IT Authentication Cybersecurity

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 18, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Libraries

Expert found a backdoor in XZ tools used many Linux distributions

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm

Libraries

Libraries Authentication Access Risk

Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw

Security Affairs

SEPTEMBER 19, 2024

Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score of 9.4), actively exploited in attacks in the wild against a limited number of customers. The vulnerability is a path traversal security issue. is End-of-Life , and no longer receives updates for OS or third-party libraries.

Cloud

Cloud Authentication Libraries Access

Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform

Security Affairs

JULY 4, 2024

Technology company Splunk released security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform. The vulnerability CVE-2024-36985 is a Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise. and 9.2.2, and 9.0.10

Cloud

Cloud Analytics Libraries Authentication

Ivanti Cloud Service Appliance flaw is being actively exploited in the wild

Security Affairs

SEPTEMBER 14, 2024

Ivanti warned that recently patched flaw CVE-2024-8190 in Cloud Service Appliance (CSA) is being actively exploited in the wild. Ivanti warned that a newly patched vulnerability, tracked as CVE-2024-8190 (CVSS score of 7.2), in its Cloud Service Appliance (CSA) is being actively exploited. to address the vulnerability.

Cloud

Cloud Libraries Authentication Cybersecurity

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs

JULY 30, 2024

Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024. “In April 2024, we found a suspicious sample that turned out to be a new version of Mandrake. ” reads the report published by Kaspersky.

Libraries

Libraries Communications Encryption IT

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 4, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Passwords Data breaches

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

The Last Watchdog

DECEMBER 12, 2023

•What should I be most concerned about – and focus on – in 2024? Hackers now leverage GenAI to launch targeted attacks that bypass traditional security systems. Hackers now leverage GenAI to launch targeted attacks that bypass traditional security systems. The comments we received were uniformly insightful and helpful.

Cybersecurity

Cybersecurity Phishing Authentication Analytics

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Draytek VigorConnect and Kingsoft WPS Office vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Libraries Cybersecurity Risk

EastWind campaign targets Russian organizations with sophisticated backdoors

Security Affairs

AUGUST 12, 2024

In late July 2024, Kaspersky researchers detected a series of targeted cyberattacks against the Russian government and IT organizations. “This library is a backdoor packed with the VMProtect tool. . “This library is a backdoor packed with the VMProtect tool. Kaspersky named this campaign has EastWind.

Libraries

Libraries Encryption Cloud Archiving

Experts released PoC exploit for critical Progress Software OpenEdge bug

Security Affairs

MARCH 11, 2024

ai have published technical details and a proof-of-concept (PoC) exploit for the critical security flaw CVE-2024-1403 in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security vulnerability in OpenEdge Release 11.7.18 Researchers from Horizon3.ai

Authentication

Authentication Passwords Libraries Access

Watch out, experts warn of a critical flaw in Jenkins

Security Affairs

JANUARY 26, 2024

Jenkins maintainers addressed several security vulnerabilities, including a critical remote code execution (RCE) flaw. The maintainers of the open-source platform have addressed nine security vulnerabilities, including a critical flaw, tracked as CVE-2024-23897 , that could lead to remote code execution (RCE).

Libraries

Libraries Access Security IT

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

Security Affairs

APRIL 4, 2024

The attack technique was named HTTP/2 CONTINUATION Flood, the researcher Bartek Nowotarski reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. CVE-2024-27983 – An attacker can make the Node.js CVE-2024-2758 – Tempesta FW rate limits are not enabled by default. Version from 8.0.0

Libraries

Libraries IT Information Security Security

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

Security Affairs

APRIL 9, 2024

December 14, 2023: Vendor requests extension March 22, 2024: Patch release April 09, 2024: Public release of this report Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, smart TVs) running on LG43UM7000PLA webOS 5.5.0 – 04.50.51

Authentication

Authentication Libraries Access Information Security

CILIP and school library organisations submit joint response to DfE’s Curriculum & Assessment Review

CILIP

DECEMBER 2, 2024

The Government review was launched in September 2024 and aims to ensure that the national curriculum appropriately balances ambition, excellence, relevance, flexibility, and inclusivity for all children and young people. If they are lost it will be incredibly hard to replace them and their skilled staff. We are still awaiting a response.

Libraries

Libraries Education Government Access

New Golang-based Zergeca Botnet appeared in the threat landscape

Security Affairs

JULY 5, 2024

On May, 2024, the researchers detected a suspicious ELF file at /usr/bin/geomi that was uploaded from Russia to VirusTotal. From early to mid-June 2024, the botnet was used to launch DDoS attacks on organizations in Canada, the United States, and Germany.

Encryption

Encryption Libraries Communications IT

New malware Cthulhu Stealer targets Apple macOS users

Security Affairs

AUGUST 23, 2024

Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information. Cado Security researchers have discovered a malware-as-a-service (MaaS) targeting macOS users dubbed Cthulhu Stealer. ” reads the report published by Cado Security. ” concludes the report.

Passwords

Passwords Blockchain Libraries Archiving

A flaw in the R programming language could allow code execution

Security Affairs

MAY 1, 2024

A vulnerability, tracked as CVE-2024-27322 (CVSS v3: 8.8), in the R programming language could allow arbitrary code execution upon deserializing specially crafted R Data Serialization (RDS) or R package files (RDX). This vulnerability, assigned CVE-2024-27322, involves the use of promise objects and lazy evaluation in R.”

Metadata

Metadata Libraries Access IT

Generative AI: A double-edged sword for application security

OpenText Information Management

OCTOBER 25, 2024

By April 2024, 17% of organizations had already introduced GenAI applications into production, with another 38% making significant investments. GenAI can improve cybersecurity processes, such as automated threat detection, code review, and security testing. Want to dive deeper into how GenAI is reshaping application security?

Security

Security Libraries Paper Cybersecurity

Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure

The Last Watchdog

AUGUST 19, 2024

Related: Europe mandates resiliency Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software supply chains, especially in light of the SolarWinds and Colonial Pipeline attacks. He drew a vivid parallel between food safety and software security.

Security

Security Libraries Cloud Cybersecurity

DuneQuixote campaign targets the Middle East with a complex backdoor

Security Affairs

APRIL 21, 2024

Researchers from Kaspersky discovered the DuneQuixote campaign in February 2024, but they believe the activity may have been active since 2023. The malware is developed in C/C++ without utilizing the Standard Template Library (STL), and certain segments are coded in pure Assembler.”

Libraries

Libraries Communications IT Government

DinodasRAT Linux variant targets users worldwide

Security Affairs

MARCH 31, 2024

In March 2024, Trend Micro researchers uncovered a sophisticated campaign conducted by a threat actor tracked as Earth Krahang while investigating the activity of China-linked APT Earth Lusca. The Linux version of DinodasRAT uses Pidgin’s libqq qq_crypt library functions for encryption and decryption of data.

Libraries

Libraries Encryption Communications Government

Previously unseen Msupedge backdoor targeted a university in Taiwan

Security Affairs

AUGUST 20, 2024

“Msupedge is a backdoor in the form of a dynamic link library (DLL).” Threat actors were observed exploiting a critical vulnerability in PHP, tracked as CVE-2024-4577 (CVSS score of 9.8), to deploy the Msupedge backdoor. ” reads the report published by Symantec.

Libraries

Libraries Communications Access IT

Decade-old local privilege escalation bugs impacts Ubuntu needrestart package

Security Affairs

NOVEMBER 20, 2024

The Qualys Threat Research Unit (TRU) discovered five Local Privilege Escalation (LPE) decade-old security vulnerabilities in the needrestart package that could allow a local attacker to gain root privileges without requiring user interaction. CVE-2024-11003 (CVSS score: 7.8) released in April 2014. ” reads the advisory.

Libraries

Libraries Compliance Access Risk

Vulnerability Recap 11/4/24 – Fourteen-Year Bug Finally Gets Patched

eSecurity Planet

NOVEMBER 4, 2024

October 26, 2024 Windows 11 Downgrade Vulnerability Is Still Wide Open Type of vulnerability: Admin code execution privileges leading to operating system downgrades. He demonstrated the downgrade at Black Hat 2024, reverting fully patched Windows machines back to previous vulnerable states.

Cloud

Cloud Honeypots Authentication Manufacturing

CVE-2024-44243 macOS flaw allows persistent malware installation

Internet Archive data breach impacted 31M users

Webinars

Trending Sources

Foreign adversary hacked email communications of the Library of Congress says

Webinars

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Patch Tuesday, May 2024 Edition

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

Cisco addressed severe flaws in its Secure Client

U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog

Google fixes sixth actively exploited Chrome zero-day this year

Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Expert found a backdoor in XZ tools used many Linux distributions

Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw

Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform

Ivanti Cloud Service Appliance flaw is being actively exploited in the wild

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

EastWind campaign targets Russian organizations with sophisticated backdoors

Experts released PoC exploit for critical Progress Software OpenEdge bug

Watch out, experts warn of a critical flaw in Jenkins

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

CILIP and school library organisations submit joint response to DfE’s Curriculum & Assessment Review

New Golang-based Zergeca Botnet appeared in the threat landscape

New malware Cthulhu Stealer targets Apple macOS users

A flaw in the R programming language could allow code execution

Generative AI: A double-edged sword for application security

Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure

DuneQuixote campaign targets the Middle East with a complex backdoor

DinodasRAT Linux variant targets users worldwide

Previously unseen Msupedge backdoor targeted a university in Taiwan

Decade-old local privilege escalation bugs impacts Ubuntu needrestart package

Vulnerability Recap 11/4/24 – Fourteen-Year Bug Finally Gets Patched

Stay Connected