Communications and Libraries - Information Management Today

Foreign adversary hacked email communications of the Library of Congress says

Security Affairs

NOVEMBER 18, 2024

The Library of Congress discloses the compromise of some of its IT systems, an alleged foreign threat actor hacked their emails. Only email communications between congressional offices and some library staff, including the Congressional Research Service, from January to September, were affected. ” reported the NBC News.

Libraries

Libraries Communications Access Government

Boston Public Library discloses cyberattack

Security Affairs

AUGUST 30, 2021

The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network. The affected systems were taken offline to prevent the threat from spreading.

Libraries

Libraries Communications Cybersecurity IT

Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library

Security Affairs

DECEMBER 1, 2021

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network Security Services (NSS) set of cryptography libraries. and NSS 3.73

Libraries

Libraries Security CMS Communications

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Popular open-source PJSIP library is affected by critical flaws

Security Affairs

MARCH 2, 2022

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library. on February 24, 2022.

Libraries

Libraries Communications Security IT

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

Security Affairs

JULY 7, 2022

The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue , tracked as CVE-2022-2274 , affecting the popular library. which was released on June 21, 2022.

Libraries

Libraries Encryption Communications Security

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

” The Kinsing miner is a Golang -based Linux agent that uses several Go libraries, including: go-resty – an HTTP and REST client library, used to communicate with a Command and Control (C&C) server. gopsutil – a process utility library, used for system and processes monitoring.

Mining

Mining Libraries Cloud Communications

New EvilQuest ransomware targets macOS users

Security Affairs

JULY 1, 2020

According to Felix Seele, it establishes a reverse shell to communicate with the C2 server. The ransomware also checks for some common anti-virus solutions (e.g. Kaspersky, Norton, Avast, DrWeb, Mcaffee, Bitdefender, and Bullguard). It also attempts to open a reverse shell to the C2 server if the user "mr.x" " exists.

Ransomware

Ransomware Libraries Encryption Communications

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

The SpiService.exe is associated with XFS, the Extension for Financial Services DLL library (MSXFS.dll) that is specifically used by ATMs.” “The library provides a special API for the communication with the ATM’s PIN pad and the cash dispenser.” ” reads the post published by the experts.

Libraries

Libraries Communications Financial Services Security

Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year

Security Affairs

OCTOBER 28, 2022

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. “ This is the seventh Chrome zero-day fixed by Google this year, below is the full list: CVE-2022-3075 (September 2) – Insufficient data validating in the Mojo collection of runtime libraries.

Libraries

Libraries IT Communications Access

Google rolled out emergency fixes to address actively exploited Chrome zero-day

Security Affairs

SEPTEMBER 3, 2022

Mojo is a collection of runtime libraries providing a platform-agnostic abstraction of common IPC primitives, a message IDL format, and a bindings library with code generation for multiple target languages to facilitate convenient message passing across arbitrary inter- and intra-process boundaries.

Libraries

Libraries Communications Security IT

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). Researchers discovered multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions.

Communications

Communications Libraries Encryption Passwords

DinodasRAT Linux variant targets users worldwide

Security Affairs

MARCH 31, 2024

Both Linux and Windows versions of DinodasRAT communicates with the C2 over TCP or UDP. 0x1A DealProxy Proxy C2 communication through a remote proxy. 0x1A DealProxy Proxy C2 communication through a remote proxy. The library uses the Tiny Encryption Algorithm ( TEA ) in CBC mode to cipher and decipher the data.

Libraries

Libraries Encryption Communications Government

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

Security Affairs

JULY 5, 2024

The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files.” ” reads the advisory. ” The flaw impacts FactoryTalk View Machine Edition (versions 13.0, and prior).

Libraries

Libraries Communications Cybersecurity Risk

Quad7 botnet evolves to more stealthy tactics to evade detection

Security Affairs

SEPTEMBER 10, 2024

According to Sekoia, the operators have enhanced the botnet’s communication shifting away from using open SOCKS proxies for relaying malicious traffic in an attempt to evade detection. The botnet now uses the KCP protocol, which communicates over UDP via a new tool called FsyNet. ” reads the report.

Communications

Communications Libraries Encryption Security

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

The attacking server that is defined as the master uses this connection to download the shared library exp_lin.so MODULE LOAD command – this allows for the loading of a module from the dynamic library downloaded at stage 4 at runtime. This library allows for exploitation of the vulnerability and runs arbitrary commands later.

Libraries

Libraries Honeypots Communications Cybersecurity

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

The Mac RAT implements a C&C communication similar to the Linux variant. Like the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm. “Both Mac and Linux variants use the WolfSSL library for SSL communications. ” continues the report.

Libraries

Libraries Communications Encryption Authentication

Threat actors are using the Tox P2P messenger as C2 server

Security Affairs

AUGUST 24, 2022

Tox has been used in the last months by threat actors as a communication channel between ransomware gangs and their victims. The binary is written in C and has only statically linked the c-toxcore library. We are observing it for the first time where Tox protocol is used to run scripts onto the machine.”

Communications

Communications Ransomware Libraries Encryption

EastWind campaign targets Russian organizations with sophisticated backdoors

Security Affairs

AUGUST 12, 2024

. “Attackers use the classic DLL sideloading technique: when the desktop.exe file is launched, the malicious VERSION.dll library is loaded into the corresponding process” reads the report published by Kaspersky. “This library is a backdoor packed with the VMProtect tool. ” continues the report.

Libraries

Libraries Encryption Cloud Archiving

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . Most recent versions of EventBot also include a ChaCha20 library that can improve performance, but it is not currently being used, a circumstance that suggests authors are actively working to optimize EventBot. .

Financial Services

Financial Services Libraries Encryption Authentication

CISA warns of vulnerabilities in Hitachi Energy products

Security Affairs

DECEMBER 3, 2021

CISA’s advisories are related to RTU500 series bidirectional communication interface, Relion protection and control IEDs, Retail Operations and Counterparty Settlement and Billing (CSB) software, the Asset Performance Management (APM) Edge software for transformers, and the PCM600 update manager.

Retail

Retail Libraries Communications Cybersecurity

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Security Affairs

MARCH 7, 2019

UPnP-enabled devices running outdated software are exposed to a wide range of attacks exploiting known flaws in UPnP libraries. UPnP works with network protocols to configure communications in the network.” The UPnP communication protocol is widely adopted even if it is known to be vulnerable. ” continues the expert.

Libraries

Libraries Communications Data collection Security

Instagram RCE gave hackers remote access to your device

Security Affairs

SEPTEMBER 24, 2020

An attacker could trigger the vulnerability by sending a crafted malicious image to the victim via email, WhatsApp, SMS, or any other communications platform and then saved to a victim’s device. The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg.

Access

Access Libraries Communications IT

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

DECEMBER 15, 2020

PyMICROPSIA communicated with C2 with HTTP POST requests, it uses different Uniform Resource Identifier (URI) paths and variables that depend on the functionality invoked. ’ PyMICROPSIA uses Python libraries to implements multiple operations, including data theft, Windows process and systems interaction. Audio recording.

Communications

Communications Libraries IT Security

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Security Affairs

SEPTEMBER 5, 2024

Attackers spread the backdoor as a dynamic library (DLL, SO), the malware allows attackers to fully control the compromised environment. Upon executing the backdoor, it continuously communicates with its C2 server, awaiting instructions. The communication relies on GZIP-compressed and AES-GCM-encrypted messages.

IT

IT Communications Encryption Libraries

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

The two loaders discovered by Cylance and used by the APT group use side-loaded DLLs and an AES128 implementation from Crypto++ library for payload decryption. To make hard the analysis of the malware, backdoor DLLs are heavily obfuscated and C2 communication encrypted.

Libraries

Libraries Encryption Communications Manufacturing

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. If a path is passed, then the library is only loaded from the specific path. Avira.OE.NativeCore.dll: malicious DLL used during the DLL side-loading process.

Libraries

Libraries Communications Phishing Encryption

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable. The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper.

Financial Services

Financial Services Libraries Mining Retail

Delivering Malware Through Abandoned Amazon S3 Buckets

Schneier on Security

FEBRUARY 12, 2025

These buckets contained software libraries that are still used. That hampers their ability to communicate with vulnerable installations. Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. Which means that it won’t be.

Libraries

Libraries Communications Government IT

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

Security Affairs

JULY 24, 2023

OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted communication over a network. The vulnerability can be exploited only if certain libraries are installed on systems running the vulnerable versions and the SSH authentication agent is forwarded to an attacker-controlled system.

Libraries

Libraries Authentication Encryption Security

DuneQuixote campaign targets the Middle East with a complex backdoor

Security Affairs

APRIL 21, 2024

The malware is developed in C/C++ without utilizing the Standard Template Library (STL), and certain segments are coded in pure Assembler.” Notably, the malware can create scheduled tasks using the Golang Go-ole library, which interfaces with the Windows Component Object Model (COM) for Task Scheduler service interaction.

Libraries

Libraries Communications IT Government

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Security Affairs

JULY 9, 2022

The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file. Then msiexec.exe launches a legitimate Windows utility, fodhelper.exe, which in turn run rundll32.exe

Manufacturing

Manufacturing Libraries Communications IT

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

“The SFile ransomware uses the Mbed TLS library, RSA-2048 and AES-256 algorithms for file encryption. The ransomware does not have its own portal; the attackers communicate with victims via email” reported ESET.

Ransomware

Ransomware Encryption Libraries Communications

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

. “The malware is uploaded as gzip compressed tarball archives of binaries, scripts, and libraries. The libraries reside under the directory c/lib I thought it would be required to run the binaries in the tarball , but the binaries are compiled statically, so the libraries are extraneous.” ” wrote Cashdollar.

IoT

IoT Honeypots Libraries Archiving

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Security Affairs

NOVEMBER 25, 2022

Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. ” continues the report. that dates back to 2009.

Libraries

Libraries Manufacturing Communications Security

Previously unseen Msupedge backdoor targeted a university in Taiwan

Security Affairs

AUGUST 20, 2024

The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. “Msupedge is a backdoor in the form of a dynamic link library (DLL).” ” reads the report published by Symantec.

Libraries

Libraries Communications Access IT

Google fixes the fourth Chrome zero-day in 2022

Security Affairs

JULY 4, 2022

The flaw is a heap buffer overflow that resides in the Web Real-Time Communications (WebRTC) component, it is the fourth zero-day patched by the IT giant in 2022. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” ” Google added.

Libraries

Libraries Communications Access IT

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

The researchers pointed out that the Doki is a new multi-threaded malware leverages an undocumented technique for C2 communications by abusing the Dogecoin cryptocurrency blockchain in a unique way. The malware uses the embedTLS library for cryptographic functions and network communication. ” continues the report.

Blockchain

Blockchain Mining Cloud Communications

A new attack vector exploits the Log4Shell vulnerability on servers locally

Security Affairs

DECEMBER 19, 2021

WebSockets is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. Experts pointed out that this new attack vector significantly expands the attack surface and can impact services even running as localhost which were not exposed to any network. .

Communications

Communications Risk Libraries Cybersecurity

Raspberry Robin spotted using two new 1-day LPE exploits

Security Affairs

FEBRUARY 11, 2024

The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file. The malicious code also changed its communication method and lateral movement to avoid detection.

Communications

Communications Manufacturing Libraries Cybersecurity

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

Upon receiving a request, it executes the encoded JavaScript code using the Microsoft.JScript library. Our investigation also uncovered two additional variations that utilize cloud storage services for communication instead of direct HTTP requests. . “SharpJSHandler operates by listening for HTTP requests.

Archiving

Archiving Military Communications Phishing

Critical buffer overflow in CODESYS allows remote code execution

Security Affairs

MARCH 28, 2020

dll (file version 3.5.15.20) library that doesn’t properly validate user-supplied data sent to the web server URL endpoint. “The CmpWebServerHandlerV3 component (when in state 0) attempts to allocate -1 (0xffffffff) bytes for the communication buffer. . The issue resides in the CmpWebServerHandlerV3.dll

Libraries

Libraries Communications Security IT

node-ipc NPM Package sabotage to protest Ukraine invasion

Security Affairs

MARCH 17, 2022

The Node-ipc node module allows local and remote inter-process communication with support for Linux, macOS, and Windows. of the library wipe the content of arbitrary files and replace it with a heart emoji. and bundles the “colors” NPM library, while it doesn’t include the STDOUT console messages. and 10.1.2

Libraries

Libraries Communications Security IT

Wslink, a previously undescribed loader for Windows binaries

Security Affairs

OCTOBER 28, 2021

The decrypted module is loaded into memory using the MemoryModule library. The modules reuse the loader’s functions for communication, keys and sockets, this implies that the malware don’t have to initiate new outbound connections. ” concludes ESET.

Encryption

Encryption Libraries Communications Security

New malware Cthulhu Stealer targets Apple macOS users

Security Affairs

AUGUST 23, 2024

Shown in Figure 10, there are multiple checker functions that check in the installation folders of targeted file stores, typically in “Library/Application Support/[file store]”.” The developers and affiliates of Cthulhu Stealer, operating as the Cthulhu Team, communicate via Telegram and rent out their malware for $500 per month.

Passwords

Passwords Blockchain Libraries Archiving

Foreign adversary hacked email communications of the Library of Congress says

Boston Public Library discloses cyberattack

Webinars

Trending Sources

Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library

Webinars

Popular open-source PJSIP library is affected by critical flaws

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

New EvilQuest ransomware targets macOS users

Critical RCE affects older Diebold Nixdorf ATMs

Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year

Google rolled out emergency fixes to address actively exploited Chrome zero-day

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

DinodasRAT Linux variant targets users worldwide

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

Quad7 botnet evolves to more stealthy tactics to evade detection

New Go-based Redigo malware targets Redis servers

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Threat actors are using the Tox P2P messenger as C2 server

EastWind campaign targets Russian organizations with sophisticated backdoors

EventBot, a new Android mobile targets financial institutions across Europe

CISA warns of vulnerabilities in Hitachi Energy products

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Instagram RCE gave hackers remote access to your device

PyMICROPSIA Windows malware includes checks for Linux and macOS

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Oracle critical patch advisory addresses 284 flaws, 33 critical

Delivering Malware Through Abandoned Amazon S3 Buckets

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

DuneQuixote campaign targets the Middle East with a complex backdoor

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Experts warn of attacks using a new Linux variant of SFile ransomware

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Previously unseen Msupedge backdoor targeted a university in Taiwan

Google fixes the fourth Chrome zero-day in 2022

Doki, an undetectable Linux backdoor targets Docker Servers

A new attack vector exploits the Log4Shell vulnerability on servers locally

Raspberry Robin spotted using two new 1-day LPE exploits

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Critical buffer overflow in CODESYS allows remote code execution

node-ipc NPM Package sabotage to protest Ukraine invasion

Wslink, a previously undescribed loader for Windows binaries

New malware Cthulhu Stealer targets Apple macOS users

Stay Connected