Access, Libraries and Security - Information Management Today

Critical flaw in Apache Parquet’s Java Library allows remote code execution

Security Affairs

APRIL 4, 2025

Experts warn of a critical vulnerability impacting Apache Parquet’s Java Library that could allow remote code execution. Apache Parquet’s Java Library is a software library for reading and writing Parquet files in the Java programming language. Applying these actions will reduce risks and protect your systems.

Libraries

Libraries Big data Risk Ransomware

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Security Affairs

JANUARY 30, 2024

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc) , including a heap-based buffer overflow tracked as CVE-2023-6246.

Libraries

Libraries Access Security IT

Foreign adversary hacked email communications of the Library of Congress says

Security Affairs

NOVEMBER 18, 2024

The Library of Congress discloses the compromise of some of its IT systems, an alleged foreign threat actor hacked their emails. Only email communications between congressional offices and some library staff, including the Congressional Research Service, from January to September, were affected. ” reported the NBC News.

Libraries

Libraries Communications Access Government

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Bugs in open-source libraries impact 70% of modern software

Security Affairs

MAY 26, 2020

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them. ” reads the report.

Libraries

Libraries Security Access IT

How to Package and Price Embedded Analytics

Just by embedding analytics, application owners can charge 24% more for their product. How much value could you add? This framework explains how application enhancements can extend your product offerings. Brought to you by Logi Analytics.

Analytics

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

JANUARY 22, 2020

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. 600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches in Daytona Beach, Florida, following a cyberattack.

Libraries

Libraries Ransomware Encryption Access

British Library suffers major outage due to cyberattack

Security Affairs

NOVEMBER 1, 2023

Last weekend, the British Library suffered a cyberattack that caused a major IT outage, impacting many of its services. The British Library is facing a major outage that impacts the website and many of its services following a cyber attack that took place on October 28. ” reads a tweet published by the library. .”

Libraries

Libraries Cybersecurity Security IT

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. It is one of the largest libraries in the world. ” reads the announcement.

Libraries

Libraries Ransomware Manufacturing Education

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 million print materials, 13 million videos, 1.2

Archiving

Archiving Data breaches Passwords File names

5 Early Indicators Your Embedded Analytics Will Fail

Many application teams leave embedded analytics to languish until something—an unhappy customer, plummeting revenue, a spike in customer churn—demands change. But by then, it may be too late. In this White Paper, Logi Analytics has identified 5 tell-tale signs your project is moving from “nice to have” to “needed yesterday.".

Analytics

FBI seized other domains used by the shadow eBook library Z-Library

Security Affairs

MAY 6, 2023

The FBI disrupted once again the illegal eBook library Z-Library the authorities seized several domains used by the service. The Federal Bureau of Investigation (FBI) seized multiple domains used by the illegal shadow eBook library Z-Library. The library is still reachable through TOR and I2P networks.

Libraries

Libraries Access Cybersecurity Security

A flaw in libcue library impacts GNOME Linux systems

Security Affairs

OCTOBER 10, 2023

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts.

Libraries

Libraries Security IT Access

CVE-2024-44243 macOS flaw allows persistent malware installation

Security Affairs

JANUARY 15, 2025

Microsoft disclosed details of a now-patched macOS flaw, tracked as CVE-2024-44243 (CVSS score: 5.5), that allows attackers with “root” access to bypass System Integrity Protection ( SIP ). Monitoring anomalous behavior in these processes is essential, as such entitlements can potentially bypass security mechanisms.

Libraries

Libraries Access Privacy IT

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Security Affairs

NOVEMBER 5, 2021

Two popular npm libraries, coa and rc. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. Two npm libraries that have a total of 23 million weekly downloads, a data that is worrisome. The post npm libraries coa and rc. while compromised rc versions are 1.2.9,

Libraries

Libraries Passwords Access Security

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Think your customers will pay more for data visualizations in your application? Five years ago they may have. But today, dashboards and visualizations have become table stakes. Discover which features will differentiate your application and maximize the ROI of your embedded analytics. Brought to you by Logi Analytics.

Analytics

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 2, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Tomcat path equivalence vulnerability, tracked as CVE-2025-24813 , to its Known Exploited Vulnerabilities (KEV) catalog. PoC is online.

IT

IT File names Libraries Cybersecurity

Telegram flaw could have allowed access to users secret chats

Security Affairs

FEBRUARY 16, 2021

Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS versions of the instant messaging app Telegram. The “ rlottie ” folder caught their attention, it was the folder used for the Samsung native library for playing Lottie animations, originally created by Airbnb.

Access

Access Libraries Encryption Security

Instagram RCE gave hackers remote access to your device

Security Affairs

SEPTEMBER 24, 2020

The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg. A malicious code could allow the hackers to access a device’s phone contacts, camera, GPS data, and files stored into the device. ” reads the analysis published by CheckPoint.

Access

Access Libraries Communications IT

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Security Affairs

NOVEMBER 2, 2022

Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File hosting service Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub. reads the advisory published by the Microsoft-owned company.

Access

Access Phishing Passwords Authentication

GitLab addressed critical auth bypass flaws in CE and EE

Security Affairs

MARCH 13, 2025

GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). ” GitHub doesn’t use ruby-saml for authentication but found its vulnerabilities in GitLab and alerted their security team to mitigate potential attacks. ” continues the analysis.

Authentication

Authentication Libraries Data breaches Security

Cisco addressed severe flaws in its Secure Client

Security Affairs

MARCH 8, 2024

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338.

Security

Security IT Authentication Libraries

Malicious npm package ‘fallguys’ removed from the official repository

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The fallguys library claimed to provide an interface to the “ Fall Guys: Ultimate Knockout ” game API. ” reads the npm’s advisory. .” Pierluigi Paganini.

Libraries

Libraries Access Security IT

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Security Affairs

SEPTEMBER 3, 2024

Vulnerabilities in Microsoft apps for macOS could allow attackers to steal permissions and access sensitive data. These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. When an app requests access to a resource, a permission pop-up is triggered for user approval.

Libraries

Libraries Risk Access Security

Security Affairs most-read cyber stories of 2021

Security Affairs

JANUARY 1, 2022

The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Two kids found a screensaver bypass in Linux Mint.

Security

Security Libraries Ransomware Passwords

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. v1: Pulse Connect Secure MAR-10334057-3.v1:

Security

Security Authentication Libraries Passwords

Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access

Security Affairs

AUGUST 26, 2022

An Iran-linked Mercury APT group exploited the Log4Shell vulnerability in SysAid applications for initial access to the targeted organizations. The APT group was officially linked by the US government to Iran’s Ministry of Intelligence and Security. ” reads the report published by Microsoft. Pierluigi Paganini.

Access

Access Libraries Communications Government

While attackers begin exploiting a second Log4j flaw, a third one emerges

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library.

Libraries

Libraries Ransomware Access Security

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

Security Affairs

DECEMBER 27, 2023

Security firm Barracuda addressed a new zero-day, affecting its Email Security Gateway (ESG) appliances, that is actively exploited by the China-linked UNC4841 group. “Spreadsheet::ParseExcel is an open source library used by the Amavis virus scanner within the ESG appliance.” ” reads the advisory.

Libraries

Libraries Access Cybersecurity Security

Samsung fixes a zero-click issue affecting its phones

Security Affairs

MAY 7, 2020

Samsung addressed this month a critical 0-click vulnerability that was discovered by security researchers from Google. Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014. system libraries.” or libhwui.so

IT

IT Libraries Security Access

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Security Affairs

OCTOBER 27, 2022

DEV-0206 is an access broker tracked by Microsoft, which uses malvertising campaigns to compromise networks worldwide. The discovery made by Microsoft is very interesting because it is the first time that researchers found evidence that worm operators leverage an access broker to compromise enterprise networks. Pierluigi Paganini.

Ransomware

Ransomware Access Encryption Data collection

OrBit, a new sophisticated Linux malware still undetected

Security Affairs

JULY 7, 2022

OrBit allows operators to achieve remote access capabilities over SSH, harvests credentials, and logs TTY commands. “Unlike other threats that hijack shared libraries by modifying the environment variable LD_PRELOAD, this malware uses 2 different ways to load the malicious library. . ” continues the experts.

Libraries

Libraries Cybersecurity Authentication Access

Drupal addresses two XSS flaws by updating the CKEditor

Security Affairs

MARCH 20, 2020

Drupal developers released security updates for versions 8.8.x x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x x that address two XSS vulnerabilities that affect the CKEditor library. or 8.7.12 , include CKEditor version 4.14

Libraries

Libraries Risk Access Security

Expert found a backdoor in XZ tools used many Linux distributions

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm

Libraries

Libraries Authentication Access Risk

Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets

Security Affairs

JANUARY 20, 2025

Crooks used names typosquatting popular libraries, such as @async-mutex/mutex , dexscreener , solana-transaction-toolkit and solana-stable-web-huks. Equally vital is maintaining strict access controls around private keys, limiting who can view or import them in development environments.”

Libraries

Libraries Authentication IT Access

What Counts as “Good Faith Security Research?”

Krebs on Security

JUNE 3, 2022

The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. ” What constitutes “good faith security research?” ” The new DOJ policy comes in response to a Supreme Court ruling last year in Van Buren v.

Security

Security Computer and Electronics Access Libraries

Security Affairs newsletter Round 343

Security Affairs

DECEMBER 5, 2021

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 343 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Security

Security Healthcare Ransomware Libraries

Microsoft February 2022 Patch Tuesday security updates fix a zero-day

Security Affairs

FEBRUARY 9, 2022

Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products, including a zero-day bug. Successful exploitation of this vulnerability could allow attackers to elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

Security

Security Libraries Access IT

Securing Easy Appointments and earning CVE-2022-0482

Security Affairs

APRIL 11, 2022

Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings.

Security

Security Cybersecurity Libraries Access

Malicious npm packages spotted delivering njRAT Trojan

Security Affairs

DECEMBER 1, 2020

npm security staff removed two packages that contained malicious code to install the njRAT remote access trojan (RAT) on developers’ computers. “This time, the typosquatting packages identified by us are laced with a popular Remote Access Trojan (RAT).” ” states the post published by Sonatype.

Libraries

Libraries File names Access Security

U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 28, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856 (CVSS score of 8.8)

IT

IT Libraries Cybersecurity Risk

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. EventBot can intercept SMS messages and bypass two-factor authentication mechanisms by abusing Android’s accessibility feature. ” concludes the report.

Financial Services

Financial Services Libraries Encryption Authentication

NginRAT – A stealth malware targets e-store hiding on Nginx servers

Security Affairs

DECEMBER 2, 2021

Threat actors are targeting e-stores with remote access malware, dubbed NginRAT, that hides on Nginx servers bypassing security solutions. Researchers from security firm Sansec recently discovered a new Linux remote access trojan (RAT), tracked as CronRAT , that hides in the Linux task scheduling system (cron) on February 31st.

Libraries

Libraries Access Security IT

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Libraries

Libraries e-Delivery Risk Passwords

Security Affairs newsletter Round 391

Security Affairs

OCTOBER 30, 2022

Every week the best security articles from Security Affairs free for you in your email box. Twilio discloses another security incident that took place in June A massive cyberattack hit Slovak and Polish Parliaments How will Twitter change under Elon Musk? A new round of the weekly SecurityAffairs newsletter arrived!

Security

Security Ransomware Libraries Data breaches

Critical flaw in Apache Parquet’s Java Library allows remote code execution

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Webinars

Trending Sources

Foreign adversary hacked email communications of the Library of Congress says

Webinars

Bugs in open-source libraries impact 70% of modern software

How to Package and Price Embedded Analytics

Malware attack took down 600 computers at Volusia County Public Library

British Library suffers major outage due to cyberattack

Rhysida ransomware gang is auctioning data stolen from the British Library

Internet Archive data breach impacted 31M users

5 Early Indicators Your Embedded Analytics Will Fail

FBI seized other domains used by the shadow eBook library Z-Library

A flaw in libcue library impacts GNOME Linux systems

CVE-2024-44243 macOS flaw allows persistent malware installation

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog

Telegram flaw could have allowed access to users secret chats

Instagram RCE gave hackers remote access to your device

Dropbox discloses unauthorized access to 130 GitHub source code repositories

GitLab addressed critical auth bypass flaws in CE and EE

Cisco addressed severe flaws in its Secure Client

Malicious npm package ‘fallguys’ removed from the official repository

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Security Affairs most-read cyber stories of 2021

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access

While attackers begin exploiting a second Log4j flaw, a third one emerges

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

Samsung fixes a zero-click issue affecting its phones

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

OrBit, a new sophisticated Linux malware still undetected

Drupal addresses two XSS flaws by updating the CKEditor

Expert found a backdoor in XZ tools used many Linux distributions

Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets

What Counts as “Good Faith Security Research?”

Security Affairs newsletter Round 343

Microsoft February 2022 Patch Tuesday security updates fix a zero-day

Securing Easy Appointments and earning CVE-2022-0482

Malicious npm packages spotted delivering njRAT Trojan

U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog

EventBot, a new Android mobile targets financial institutions across Europe

NginRAT – A stealth malware targets e-store hiding on Nginx servers

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Security Affairs newsletter Round 391

Stay Connected