Authentication and Libraries - Information Management Today

Google OAuth client library flaw allowed to deploy of malicious payloads

Security Affairs

MAY 19, 2022

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. or higher), and Google App Engine. Pierluigi Paganini.

Libraries

Libraries Authentication Cybersecurity Security

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. It is one of the largest libraries in the world. ” reads the announcement.

Libraries

Libraries Ransomware Manufacturing Education

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

AUGUST 20, 2019

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. It overloaded the #authenticate method on the Identity class.

Libraries

Libraries Mining Passwords Authentication

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Remote code execution bug discovered in the popular JsonWebToken library

Security Affairs

JANUARY 10, 2023

The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken ( JWT ) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS score: 7.6), that could lead to remote code execution. addressed the issue.

Libraries

Libraries Security awareness Authentication Security

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Think your customers will pay more for data visualizations in your application? Five years ago they may have. But today, dashboards and visualizations have become table stakes. Discover which features will differentiate your application and maximize the ROI of your embedded analytics. Brought to you by Logi Analytics.

Analytics

Expert found a backdoor in XZ tools used many Linux distributions

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm

Libraries

Libraries Authentication Access Risk

Experts released PoC exploit for critical Progress Software OpenEdge bug

Security Affairs

MARCH 11, 2024

Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. ” The vulnerability CVE-2024-1403 (CVSS score 10) is an authentication bypass issue that impacts OpenEdge versions 11.7.18 If a match occurs, authentication is granted.

Authentication

Authentication Passwords Libraries Access

Experts warn of critical Zero-Day in Apache OfBiz

Security Affairs

DECEMBER 28, 2023

Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Experts warn of a zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. ” reads the report published by SonicWall.

Authentication

Authentication Libraries Passwords Information Security

Thousands of servers easy to hack due to a LibSSH Flaw

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. The flaw is an authentication-bypass vulnerability that was introduced in Libssh version 0.6 and above have an authentication bypass vulnerability in the server code. .

Libraries

Libraries Authentication Passwords Security

Experts found critical RCE in Spotify’s Backstage

Security Affairs

NOVEMBER 15, 2022

The issue can be exploited by triggering a recently disclosed VM sandbox escape vulnerability (CVE-2022-36067 aka Sandbreak) in the vm2 third-party library. The researchers explained that the template engine utilizes the vm2 library to prevent the execution of untrusted code. ” reads the advisory published by Oxeye.

Libraries

Libraries Authentication Paper Risk

OrBit, a new sophisticated Linux malware still undetected

Security Affairs

JULY 7, 2022

“Unlike other threats that hijack shared libraries by modifying the environment variable LD_PRELOAD, this malware uses 2 different ways to load the malicious library. “The shared object hooks functions from 3 libraries: libc, libcap and Pluggable Authentication Module (PAM). ” continues the experts.

Libraries

Libraries Cybersecurity Authentication Access

Microsoft warns of targeted attacks exploiting Windows zero-day flaws

Security Affairs

MARCH 23, 2020

Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries

Libraries Risk Authentication Security

Two Linux botnets already exploit Log4Shell flaw in Log4j

Security Affairs

DECEMBER 12, 2021

Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library.

Honeypots

Honeypots Libraries Passwords Authentication

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Libraries

Libraries e-Delivery Risk Passwords

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

Security Affairs

APRIL 9, 2024

Most of the Internet-facing devices are in South Korea, Hong Kong, the U.S., Sweden, and Finland. running on LG43UM7000PLA webOS 5.5.0 – 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 43 (mullet-mebin) – 03.33.85 running on OLED55CXPUA webOS 6.3.3-442

Authentication

Authentication Libraries Access Information Security

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

The attackers forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key.

Authentication

Authentication Libraries Access Government

Threat actors hacked the Dropbox Sign production environment

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Passwords

Passwords Authentication Access Phishing

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

EventBot is a mobile banking trojan and infostealer that abuses Android’s accessibility features to steal user data from financial applications, read user SMS messages, and steal SMS messages to allow the malware to bypass two-factor authentication.” ” reads the analysis published by Cybereason. ” concludes the report.

Financial Services

Financial Services Libraries Encryption Authentication

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.

Authentication

Authentication Passwords Analytics Libraries

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Security Affairs

JANUARY 12, 2024

In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467 , to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF). in the Apache OfBiz.

Honeypots

Honeypots Authentication Libraries Passwords

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The malicious build interferes with the authentication in sshd through systemd.

Authentication

Authentication Libraries Access Security

Unauthenticated Command Injection bug opens D-Link VPN routers to hack

Security Affairs

DECEMBER 8, 2020

Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. The third flaw is an Authenticated Crontab Injection that could allow an authenticated user to inject arbitrary CRON entries that will then be executed as root.

Authentication

Authentication Access Libraries Security

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

SEPTEMBER 14, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. published a detailed analysis of the flaw.

Authentication

Authentication Passwords Libraries Paper

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

In order to discover potential targets and locate the information it needs to authenticate against, the script passively collects data from /.ssh/config,bash_history, gopsutil – a process utility library, used for system and processes monitoring. gopsutil – a process utility library, used for system and processes monitoring.

Mining

Mining Libraries Cloud Communications

Microsoft addresses three Windows issues actively exploited

Security Affairs

APRIL 14, 2020

The two RCE flaws in Windows, tracked as CVE-2020-1020 and CVE-2020-0938 , are related to the Adobe Type Manager Library. In March, Microsoft warned of hackers exploiting the two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries

Libraries Authentication Security Risk

Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw

Security Affairs

SEPTEMBER 19, 2024

An attacker could chain the issue with the recently disclosed flaw CVE-2024-8190 to bypass admin authentication and execute arbitrary commands on the appliance. “Ivanti is disclosing a critical vulnerability in Ivanti CSA 4.6 is End-of-Life , and no longer receives updates for OS or third-party libraries. Patch 519). .

Cloud

Cloud Authentication Libraries Access

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 20, 2024

An attacker could chain the issue with the recently disclosed flaw CVE-2024-8190 to bypass admin authentication and execute arbitrary commands on the appliance. Patch 519). “If CVE-2024-8963 is used in conjunction with CVE-2024-8190 an attacker can bypass admin authentication and execute arbitrary commands on the appliance.”

Cloud

Cloud IT Authentication Cybersecurity

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Security Affairs

NOVEMBER 2, 2022

These legitimate-looking emails directed employees to visit a fake CircleCI login page, enter their GitHub username and password, and then use their hardware authentication key to pass a One Time Password (OTP) to the malicious site.” ” reads the advisory published by the company.

Access

Access Phishing Passwords Authentication

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

Security Affairs

JULY 24, 2023

The ssh-agent is a program that caches private keys for SSH public key authentication, reducing the need for regular passphrase input. The vulnerability can be exploited only if certain libraries are installed on systems running the vulnerable versions and the SSH authentication agent is forwarded to an attacker-controlled system.

Libraries

Libraries Authentication Encryption Security

EastWind campaign targets Russian organizations with sophisticated backdoors

Security Affairs

AUGUST 12, 2024

. “Attackers use the classic DLL sideloading technique: when the desktop.exe file is launched, the malicious VERSION.dll library is loaded into the corresponding process” reads the report published by Kaspersky. “This library is a backdoor packed with the VMProtect tool.

Libraries

Libraries Encryption Cloud Archiving

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Security Affairs

DECEMBER 17, 2023

“Today we experienced an exploit on the Ledger Connect Kit, a Javascript library that implements a button allowing users to connect their Ledger device to third party DApps (wallet-connected Web sites). ” The initial observation suggests that the account probably did not have Multi-Factor Authentication (MFA) enabled.

Phishing

Phishing Libraries Authentication Access

Ivanti Cloud Service Appliance flaw is being actively exploited in the wild

Security Affairs

SEPTEMBER 14, 2024

Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. is End-of-Life , and no longer receives updates for OS or third-party libraries. An attacker can trigger this high-severity vulnerability to achieve remote code execution under specific conditions. to address the vulnerability.

Cloud

Cloud Libraries Authentication Cybersecurity

CISA Urges Exchange Online Authentication Update

eSecurity Planet

JUNE 30, 2022

CISA noted that Basic authentication is simple and pretty convenient but unsecured by design. And it’s incompatible with multi-factor authentication (MFA) systems , so admins might be discouraged from enabling it. or Microsoft Active Directory Authentication Library uses tokens that expire quickly and cannot be reused elsewhere.

Authentication

Authentication Libraries Cloud Passwords

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

Below is the list of flaws discovered by the researchers: CVE-2021-20173 : Post Authentication Command Injection via SOAP Interface. Researchers discovered multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions.

Communications

Communications Libraries Encryption Passwords

KindleDrip exploit – Hacking a Kindle device with a simple email

Security Affairs

JANUARY 22, 2021

The experts discovered that Amazon did not verify the authenticity of the email sender, this means that attackers can spoof an email address that is present in the list of approved addresses. ” continues the post. “To test this, I used an email spoofing service to spoof an email message and send an e-book to my device.

Authentication

Authentication Libraries Phishing Security

Cisco addressed severe flaws in its Secure Client

Security Affairs

MARCH 8, 2024

resides in the SAML authentication process of Cisco Secure Client, an unauthenticated, remote attacker can exploit the flaw to conduct a carriage return line feed (CRLF) injection attack against a user. An authenticated, local attacker can exploit the flaw to elevate privileges on an affected device. ” reads the advisory.

Security

Security IT Authentication Libraries

Cisco addresses a High-severity flaw in CMX Software

Security Affairs

JANUARY 14, 2021

out of 10, could be exploited by a remote authenticated attacker to change the password for any account user on affected systems. “A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system.”

Passwords

Passwords Authentication Analytics Libraries

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 14, 2024

Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. is End-of-Life , and no longer receives updates for OS or third-party libraries. An attacker can trigger this high-severity vulnerability to achieve remote code execution under specific conditions. “An reads the advisory.

Cloud

Cloud IT Libraries Cybersecurity

A few binary plating 0-days for Windows

Security Affairs

MARCH 15, 2019

The initial vulnerability that we discovered in October 2012 was related to the “Internet Key Exchange and Authenticated Internet Protocol Keying Modules”. Those modules are used for authentication and key exchange in Internet Protocol security. Tracking high-privileges libraries calls with DLL-based loggers.

Libraries

Libraries Authentication Access IT

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

that allows remote authenticated attackers to execute arbitrary code as the root user via maliciously crafted meeting room. Another sample documented by the experts allows attackers to parse incoming web request data, while another file could be used to intercept certificate-based multi-factor authentication. ” reads the MAR.

Security

Security Authentication Libraries Passwords

SolarWinds Serv-U bug exploited for Log4j attacks

Security Affairs

JANUARY 19, 2022

The vulnerability, tracked as CVE-2021-35247 , was discovered by Microsoft security researcher Jonathan Bar Or while monitoring attacks exploiting the vulnerabilities in the Log4j library. SolarWinds released Serv-U 15.3 that addresses the vulnerability by performing additional validation and sanitization.

Authentication

Authentication Ransomware Libraries Security

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. Hunt also verified the authenticity of the information included in the stolen archive.

Archiving

Archiving Data breaches Passwords File names

1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials

Security Affairs

SEPTEMBER 1, 2022

This finding suggests a potential supply chain vulnerability, these AWS access tokens are often exposed through shared library, third-party SDK, or other shared components used by the development teams. “The credentials could expose private authentication data and keys belonging to every banking and financial app using the SDK.

Cloud

Cloud Authentication B2B Libraries

A high-severity flaw affects VMware Workstation, Fusion and vSphere products.

Security Affairs

JUNE 10, 2020

“VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. VMware also addressed a high-severity privilege escalation vulnerability, tracked as CVE-2020-3961, that affects Horizon Client for Windows.

Cloud

Cloud Libraries Access Authentication

Google OAuth client library flaw allowed to deploy of malicious payloads

Rhysida ransomware gang is auctioning data stolen from the British Library

Webinars

Trending Sources

A backdoor mechanism found in tens of Ruby libraries

Webinars

Remote code execution bug discovered in the popular JsonWebToken library

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Expert found a backdoor in XZ tools used many Linux distributions

Experts released PoC exploit for critical Progress Software OpenEdge bug

Experts warn of critical Zero-Day in Apache OfBiz

Thousands of servers easy to hack due to a LibSSH Flaw

Experts found critical RCE in Spotify’s Backstage

OrBit, a new sophisticated Linux malware still undetected

Microsoft warns of targeted attacks exploiting Windows zero-day flaws

Two Linux botnets already exploit Log4Shell flaw in Log4j

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Threat actors hacked the Dropbox Sign production environment

EventBot, a new Android mobile targets financial institutions across Europe

Hackers are using Zerologon exploits in attacks in the wild

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

Unauthenticated Command Injection bug opens D-Link VPN routers to hack

Zerologon attack lets hackers to completely compromise a Windows domain

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Microsoft addresses three Windows issues actively exploited

Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Dropbox discloses unauthorized access to 130 GitHub source code repositories

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

EastWind campaign targets Russian organizations with sophisticated backdoors

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Ivanti Cloud Service Appliance flaw is being actively exploited in the wild

CISA Urges Exchange Online Authentication Update

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

KindleDrip exploit – Hacking a Kindle device with a simple email

Cisco addressed severe flaws in its Secure Client

Cisco addresses a High-severity flaw in CMX Software

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

A few binary plating 0-days for Windows

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

SolarWinds Serv-U bug exploited for Log4j attacks

Internet Archive data breach impacted 31M users

1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials

A high-severity flaw affects VMware Workstation, Fusion and vSphere products.

Stay Connected