Archiving, Libraries and Security - Information Management Today

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 Internet Archive hacked. Hunt also verified the authenticity of the information included in the stolen archive.

Archiving

Archiving Data breaches Passwords File names

A flaw in the Libarchive library impacts major Linux distros

Security Affairs

NOVEMBER 6, 2019

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. . c in libarchive before 3.4.0

Libraries

Libraries Archiving Security Information Security

Critical bug in WINRAR affects all versions released in the last 19 years

Security Affairs

FEBRUARY 21, 2019

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. dll library in 2005.

Libraries

Libraries Archiving Security IT

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

The malware attempt to connect via SSH on Port 22 and deliver itself as a gzip archive. “The malware is uploaded as gzip compressed tarball archives of binaries, scripts, and libraries. ” The expert discovered that the script executes init2, that is one of the files in the gzip archive, if the directory.

IoT

IoT Honeypots Libraries Archiving

Malware spam campaign exploits WinRAR flaw to deliver Backdoor

Security Affairs

FEBRUARY 25, 2019

Experts discovered a malspam campaign that is distributing a malicious RAR archive that could exploit the WinRAR flaw to install deliver malware on a computer. The flaw is an “Absolute Path Traversal” issue a third-party library, called UNACEV2.DLL, dll library in 2005. dll and released WINRar version 5.70

Archiving

Archiving Libraries Security IT

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Security Affairs

SEPTEMBER 16, 2024

. “We released a fix for CVE-2024-38112 in our July 2024 security updates which broke this attack chain. See [ CVE-2024-38112 – Security Update Guide – Microsoft – Windows MSHTML Platform Spoofing Vulnerability[([link] Customers should both the July 2024 and September 2024 security update to fully protect themselves.”

Archiving

Archiving File names Libraries Passwords

Recently fixed WinRAR bug actively exploited in the wild

Security Affairs

MARCH 15, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving

Archiving Libraries File names Security

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum. LinkedIn’s refusal to treat malicious scraping as a security problem can potentially allow cybercriminals to gather data on new victims with impunity.

Archiving

Archiving Passwords Data collection Sales

EastWind campaign targets Russian organizations with sophisticated backdoors

Security Affairs

AUGUST 12, 2024

Threat actors sent phishing emails with RAR archive attachments containing a Windows shortcut to install malware. “Attackers use the classic DLL sideloading technique: when the desktop.exe file is launched, the malicious VERSION.dll library is loaded into the corresponding process” reads the report published by Kaspersky.

Libraries

Libraries Encryption Cloud Archiving

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

Security Affairs

JULY 17, 2024

Trend Micro researchers discovered that the flaw was actively exploited in the wild in May and reported it to Microsoft which addressed the zero-day with the July 2024 Patch Tuesday security updates. The archives are disseminated in cloud-sharing websites, Discord servers, and online libraries, and other means.

Archiving

Archiving Ransomware Libraries Passwords

XCSSET MacOS malware targets Telegram, Google Chrome data and more

Security Affairs

JULY 25, 2021

Security researchers from Trend Micro continues to monitor the evolution of the XCSSET macOS malware, new variants are able to steal login information from multiple apps, including Telegram and Google Chrome, and send them to C2. The post XCSSET MacOS malware targets Telegram, Google Chrome data and more appeared first on Security Affairs.

Libraries

Libraries Passwords Archiving Access

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Security Affairs

MARCH 28, 2019

The recently patched vulnerability affecting the popular archiver utility WinRAR has been exploited to deliver new malware to targeted users. The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. Pierluigi Paganini.

Archiving

Archiving File names Education Libraries

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

The messages use specially crafted archives containing LNK files disguised as regular documents. These archives mimicked the installation process of Microsoft Defender or exploited current US political issues. Upon receiving a request, it executes the encoded JavaScript code using the Microsoft.JScript library.

Archiving

Archiving Military Communications Phishing

0Patch released unofficial security patch for new DogWalk Windows zero-day

Security Affairs

JUNE 8, 2022

0patch researchers released an unofficial security patch for a Windows zero-day vulnerability dubbed DogWalk. 0patch released an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) dubbed DogWalk. The expert warned to pay special attention to not open .diagcab

Security

Security File names Libraries Archiving

Security Affairs newsletter Round 266

Security Affairs

MAY 31, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 266 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! NetWalker ransomware gang threatens to release Michigan State University files.

Security

Security Data breaches Ransomware Sales

Unwrapping the Archives

The Texas Record

DECEMBER 16, 2020

When most people think of archives, the first thing that comes to mind is Indiana Jones swinging on vines and storing artifacts in giant rooms. While that is an interesting popular image, the archives and archivists here at the Texas State Library and Archives Commission (TSLAC) are the protectors of documented history.

Archiving

Archiving Libraries Paper Access

New malware Cthulhu Stealer targets Apple macOS users

Security Affairs

AUGUST 23, 2024

Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information. Cado Security researchers have discovered a malware-as-a-service (MaaS) targeting macOS users dubbed Cthulhu Stealer. ” reads the report published by Cado Security.

Passwords

Passwords Blockchain Libraries Archiving

Bizarro banking Trojan targets banks in Brazil and abroad

Security Affairs

MAY 17, 2021

. “Once launched, Bizarro downloads a ZIP archive from a compromised website. While writing this article, we saw hacked WordPress, Amazon and Azure servers used for storing archives. It loads the magnification.dll library and gets the address of the deprecated MagSetImageScalingCallback API function,” continues the analysis.

Archiving

Archiving Libraries Authentication IT

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Security Affairs

DECEMBER 31, 2020

Security Center under the Ministry of National Defense recorded a large number of virus-infected e-mails addressed to several state institutions. The Emotet campaign uses malicious emails that attempt to trick recipients into opening the zipped archive with the password included in the message. Security Center. Security Center.

Passwords

Passwords Archiving Libraries Government

New JNEC.a Ransomware delivered through WinRAR exploit

Security Affairs

MARCH 19, 2019

The ransomware was involved in the attacks observed by the Qihoo 360 Threat Intelligence Center in the wild, threat actors used an archive named “vk_4221345.rar” The attacker lures victims to decompress the archive through embedding a corrupt and incomplete female picture. rar” that delivers JNEC. bitcoins (about $200).

Ransomware

Ransomware Archiving Encryption Libraries

New PyLocky Ransomware stands out for anti-machine learning capability

Security Affairs

SEPTEMBER 12, 2018

Security experts from Trend Micro have spotted a new strain of ransomware involved in attacks in July and August, the malicious code was posing as the Locky ransomware. exe will drop malware components — several C++ and Python libraries and the Python 2.7 “The malicious URL leads to a ZIP file (Facture_23100.31.07.2018.zip)

Ransomware

Ransomware Libraries Encryption Archiving

New variant of BBTok Trojan targets users of +40 banks in LATAM

Security Affairs

SEPTEMBER 24, 2023

BBTok is written in Delphi and uses the Visual Component Library (VCL) to dynamically generate interfaces. Upon clicking the link, it results in the download of either a ZIP archive or an ISO image, depending on the operating system of the victim’s machine. The phishing messages include a malicious link.

Phishing

Phishing Libraries Archiving IT

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Security Affairs

APRIL 8, 2021

An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author. Consider using a password manager to create strong passwords and store them securely. Original Post at [link].

Passwords

Passwords Phishing Personal data Libraries

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Security Affairs

FEBRUARY 16, 2019

Researchers at Cybereason’s Nocturnus team have uncovered a new Astaroth Trojan campaign that is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and drop malicious modules. 7zip file as an attachment or include a hyperlink that points to the archive.

Passwords

Passwords Archiving Libraries Security

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

The Dropbox link leads to a RAR archive that masquerades as a Word document by setting the “file_subpath” parameter to point to a filename with a.DOCX extension. “The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files. Pierluigi Paganini.

Archiving

Archiving File names Government Libraries

Security Affairs newsletter Round 239

Security Affairs

NOVEMBER 10, 2019

The best news of the week with Security Affairs. A flaw in the Libarchive library impacts major Linux distros. Specially Crafted ZIP archives allow bypassing secure email gateways. DNA-testing startup Veritas Genetics disclosed a security breach. A new round of the weekly newsletter arrived! Pierluigi Paganini.

Security

Security Ransomware Libraries Archiving

UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

Security Affairs

JUNE 7, 2024

The UA-CERT states that the “sync.exe” file contains the legitimate SyncThing components and SPECTR malware files, including additional libraries and scripts.

Archiving

Archiving Libraries Phishing Passwords

UNC2565 threat actors continue to improve the GOOTLOADER malware

Security Affairs

JANUARY 29, 2023

This forum hosted a ZIP archive that contains the malicious.js Below is the attack chain of this new variant: The user visits an UNC2565-compromised site (usually related to business documents) and downloads a malicious ZIP archive. Recently observed trojanized JavaScript libraries include jQuery, Chroma.js, and Underscore.js.

Libraries

Libraries Archiving Ransomware IT

Black Hat 2018 – Expert demonstrated a new PHP code execution attack

Security Affairs

AUGUST 17, 2018

The security researcher Sam Thomas from Secarma, has discovered a new attack technique that leverages critical deserialization vulnerabilities in PHP programming language. Phar archives are similar to Java JAR archives but are specific for PHP applications. A Phar application or library could be distributed in a single file.

Archiving

Archiving Metadata Libraries Authentication

Experts found data belonging to 82 Million US Users exposed on unprotected Elasticsearch Instances

Security Affairs

DECEMBER 3, 2018

Security experts at HackenProof are warning Open Elasticsearch instances expose over 82 million users in the United States. Elasticsearch is a Java-based search engine based on the free and open-source information retrieval software library Lucene. ” reads a blog post published by HackenProof. citizens (i.e. citizens (i.e.

Data breaches

Data breaches Libraries Analytics Archiving

Thousands of Humana customers have their medical data leaked online by threat actors

Security Affairs

JULY 21, 2021

The leak comes more than four months after Humana, the third-largest health insurance company in the US, notified 65,000 of its health plan members about a security breach where “a subcontractor’s employee disclosed medical records to unauthorized individuals” between October 12, 2020, and December 16, 2020. What was leaked?

Insurance

Insurance Passwords Libraries Access

Unpatched Python Library Affects More Than 300,000 Open Source Projects

eSecurity Planet

SEPTEMBER 22, 2022

Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. See the Top Code Debugging and Code Security Tools. The post Unpatched Python Library Affects More Than 300,000 Open Source Projects appeared first on eSecurityPlanet.

Libraries

Libraries Archiving Risk Security

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

The spear-phishing message appears as a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. The.rar archive contained a dropper named “Abraham Accords & MENA.pdf.lnk.”

Archiving

Archiving Cloud File names Metadata

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

The threat actors leverage spear-phishing emails to deliver archive files utilizing DLL side-loading schemes. The CurKeep payload is very small, it is 10kb in size, contains 26 functions and is not statically compiled with any library. appeared first on Security Affairs. Is it linked to ToddyCat APT?

Government

Government IT Encryption Libraries

Drupal addressed several issues, including a critical file processing bug

Security Affairs

DECEMBER 19, 2019

The most serious issue is related to the Archive_Tar third-party library, it has been assigned a severity rating of critical. Archive_Tar is a tool designed for handling TAR archive files in PHP. ” reads the security advisory published by Drupal for the vulnerability SA-CORE-2019-012. The issue affects Drupal 7x, 8.7.x

CMS

CMS Libraries Archiving Access

Preserving Our Libraries’ Digital Collections is Simple, Powerful, and Affordable

Preservica

MARCH 18, 2022

Academic libraries are in the midst of rapid, widespread changes as it shifts into the digital age. Our libraries have been a steady flame for patrons to depend on, not just throughout the pandemic, but throughout history. See how Preservica customers are creating engaging internal and public access.

Libraries

Libraries Digital preservation Archiving e-Discovery

Enigma info-stealing malware targets the cryptocurrency industry

Security Affairs

FEBRUARY 13, 2023

The attack chain starts with phishing emails or social media messages distributing a RAR archive. The archive contains two files, Interview questions.txt, and Interview conditions.word.exe. The files pose an interview for a fake cryptocurrency role or job opening. ” continues the report.

Archiving

Archiving File names Libraries Phishing

Clasiopa group targets materials research in Asia

Security Affairs

FEBRUARY 25, 2023

The experts noticed that both the Domino and Agile software appear to be using old certificates and the Agile servers use old vulnerable libraries. The attackers used two legitimate software packages, the HCL Domino (formerly IBM Domino) and the Agile DGS and Agile FD servers. Modified versions of the publicly available Lilith RAT.

Passwords

Passwords Libraries Archiving Access

Evilnum APT used Python-based RAT PyVil in recent attacks

Security Affairs

SEPTEMBER 3, 2020

The second layer of Python code decodes and loads to memory the main RAT and the imported libraries. The new infection chain starts by including just one LNK file in the ZIP archive attached to spear-phishing messages. The post Evilnum APT used Python-based RAT PyVil in recent attacks appeared first on Security Affairs.

Phishing

Phishing Encryption File names Metadata

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

“This launcher, dropped into the Tasks directory by the first stager, proxies all calls to wer.dll and its exports to the original legitimate library. The attack chain aims at distributing.RAR archive from the legitimate site file.io .” continues the analysis. Threat actors also used to sign modules to avoid detection.

Encryption

Encryption Libraries Archiving Communications

macOS: Bashed Apples of Shlayer and Bundlore

Security Affairs

JULY 14, 2021

These malware are the most predominant malware in macOS, also with a history of evading and bypassing the built-in Xprotect, Gatekeeper, Notarization and File Quarantine security features of macOS. funzip is a macOS utility that extracts a ZIP or gzip file directly to output from archives or other piped input.

Encryption

Encryption Passwords Libraries Security

Industrial Sector targeted in surgical spear-phishing attacks

Security Affairs

AUGUST 3, 2018

“For example, the archive mentioned above contains an executable file, which has the same name and is a password-protected self-extracting archive. The archive extracts the files and runs a script that installs and launches the actual malware in the system.” states the researchers. Pierluigi Paganini.

Phishing

Phishing Libraries Passwords Archiving

3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online

Security Affairs

SEPTEMBER 24, 2021

billion entries but is also willing to split the archive into smaller portions for potential buyers. To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records. The poster is asking $100,000 for the full database of 3.8

Sales

Sales Passwords Personal data Phishing

Freshly scraped LinkedIn data of 88,000 US business owners shared online

Security Affairs

JULY 1, 2021

The archive was posted on the hacker forum for anyone to access. To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records. What was shared by the threat actor? Follow me on Twitter: @securityaffairs and Facebook.

Data breaches

Data breaches Sales Data collection Libraries

Internet Archive data breach impacted 31M users

A flaw in the Libarchive library impacts major Linux distros

Webinars

Trending Sources

Critical bug in WINRAR affects all versions released in the last 19 years

Webinars

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Malware spam campaign exploits WinRAR flaw to deliver Backdoor

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Recently fixed WinRAR bug actively exploited in the wild

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

EastWind campaign targets Russian organizations with sophisticated backdoors

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

XCSSET MacOS malware targets Telegram, Google Chrome data and more

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

0Patch released unofficial security patch for new DogWalk Windows zero-day

Security Affairs newsletter Round 266

Unwrapping the Archives

New malware Cthulhu Stealer targets Apple macOS users

Bizarro banking Trojan targets banks in Brazil and abroad

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

New JNEC.a Ransomware delivered through WinRAR exploit

New PyLocky Ransomware stands out for anti-machine learning capability

New variant of BBTok Trojan targets users of +40 banks in LATAM

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs newsletter Round 239

UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

UNC2565 threat actors continue to improve the GOOTLOADER malware

Black Hat 2018 – Expert demonstrated a new PHP code execution attack

Experts found data belonging to 82 Million US Users exposed on unprotected Elasticsearch Instances

Thousands of Humana customers have their medical data leaked online by threat actors

Unpatched Python Library Affects More Than 300,000 Open Source Projects

Iran-linked APT TA453 targets Windows and macOS systems

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Drupal addressed several issues, including a critical file processing bug

Preserving Our Libraries’ Digital Collections is Simple, Powerful, and Affordable

Enigma info-stealing malware targets the cryptocurrency industry

Clasiopa group targets materials research in Asia

Evilnum APT used Python-based RAT PyVil in recent attacks

Malware campaign hides a shellcode into Windows event logs

macOS: Bashed Apples of Shlayer and Bundlore

Industrial Sector targeted in surgical spear-phishing attacks

3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online

Freshly scraped LinkedIn data of 88,000 US business owners shared online

Stay Connected