Communications, Libraries and Security - Information Management Today

Foreign adversary hacked email communications of the Library of Congress says

Security Affairs

NOVEMBER 18, 2024

The Library of Congress discloses the compromise of some of its IT systems, an alleged foreign threat actor hacked their emails. Only email communications between congressional offices and some library staff, including the Congressional Research Service, from January to September, were affected. ” reported the NBC News.

Libraries

Libraries Communications Access Government

Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library

Security Affairs

DECEMBER 1, 2021

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network Security Services (NSS) set of cryptography libraries.

Libraries

Libraries Security CMS Communications

Boston Public Library discloses cyberattack

Security Affairs

AUGUST 30, 2021

The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network. The affected systems were taken offline to prevent the threat from spreading.

Libraries

Libraries Communications Cybersecurity IT

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Popular open-source PJSIP library is affected by critical flaws

Security Affairs

MARCH 2, 2022

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library.

Libraries

Libraries Communications Security IT

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

Security Affairs

JULY 7, 2022

The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue , tracked as CVE-2022-2274 , affecting the popular library. which was released on June 21, 2022.

Libraries

Libraries Encryption Communications Security

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. ” reads the post published by Aqua Security. gopsutil – a process utility library, used for system and processes monitoring.

Mining

Mining Libraries Cloud Communications

New EvilQuest ransomware targets macOS users

Security Affairs

JULY 1, 2020

Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected machine. According to Felix Seele, it establishes a reverse shell to communicate with the C2 server. " exists.

Ransomware

Ransomware Libraries Encryption Communications

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

Automated teller machine vendor Diebold Nixdorf has released security updates to address a remote code execution vulnerability in older ATMs. Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. Pierluigi Paganini.

Libraries

Libraries Communications Financial Services Security

Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year

Security Affairs

OCTOBER 28, 2022

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. “ This is the seventh Chrome zero-day fixed by Google this year, below is the full list: CVE-2022-3075 (September 2) – Insufficient data validating in the Mojo collection of runtime libraries.

Libraries

Libraries IT Communications Access

Google rolled out emergency fixes to address actively exploited Chrome zero-day

Security Affairs

SEPTEMBER 3, 2022

Mojo is a collection of runtime libraries providing a platform-agnostic abstraction of common IPC primitives, a message IDL format, and a bindings library with code generation for multiple target languages to facilitate convenient message passing across arbitrary inter- and intra-process boundaries. Pierluigi Paganini.

Libraries

Libraries Communications Security IT

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). Researchers discovered multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions. Pierluigi Paganini.

Communications

Communications Libraries Encryption Passwords

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

Security Affairs

JULY 5, 2024

The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files.” Cybersecurity and Infrastructure Security Agency (CISA) also published alerts on the two flaws in September and October.

Libraries

Libraries Communications Cybersecurity Risk

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its Known Exploited Vulnerabilities Catalog. Attackers loads the library file exp_lin.so In March 2022, the U.S.

Libraries

Libraries Honeypots Communications Cybersecurity

What Counts as “Good Faith Security Research?”

Krebs on Security

JUNE 3, 2022

The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. ” What constitutes “good faith security research?” ” The new DOJ policy comes in response to a Supreme Court ruling last year in Van Buren v.

Security

Security Computer and Electronics Access Libraries

Quad7 botnet evolves to more stealthy tactics to evade detection

Security Affairs

SEPTEMBER 10, 2024

According to Sekoia, the operators have enhanced the botnet’s communication shifting away from using open SOCKS proxies for relaying malicious traffic in an attempt to evade detection. The botnet now uses the KCP protocol, which communicates over UDP via a new tool called FsyNet. ” reads the report.

Communications

Communications Libraries Encryption Security

CISA warns of vulnerabilities in Hitachi Energy products

Security Affairs

DECEMBER 3, 2021

CISA has released six advisories to warn organizations about security vulnerabilities affecting Hitachi Energy products. The advisories address tens of vulnerabilities, most of them are related to third-party libraries used by the products such as OpenSSL, LibSSL, libxml2, and GRUB2. Some of the flaws are remotely exploitable.

Retail

Retail Libraries Communications Cybersecurity

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

The Mac RAT implements a C&C communication similar to the Linux variant. Like the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm. “Both Mac and Linux variants use the WolfSSL library for SSL communications. ” continues the report.

Libraries

Libraries Communications Encryption Authentication

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . ” concludes the report.

Financial Services

Financial Services Libraries Encryption Authentication

Threat actors are using the Tox P2P messenger as C2 server

Security Affairs

AUGUST 24, 2022

Tox has been used in the last months by threat actors as a communication channel between ransomware gangs and their victims. The binary is written in C and has only statically linked the c-toxcore library. The post Threat actors are using the Tox P2P messenger as C2 server appeared first on Security Affairs. Pierluigi Paganini.

Communications

Communications Ransomware Libraries Encryption

EastWind campaign targets Russian organizations with sophisticated backdoors

Security Affairs

AUGUST 12, 2024

. “Attackers use the classic DLL sideloading technique: when the desktop.exe file is launched, the malicious VERSION.dll library is loaded into the corresponding process” reads the report published by Kaspersky. “This library is a backdoor packed with the VMProtect tool. ” continues the report.

Libraries

Libraries Encryption Cloud Archiving

Security Affairs newsletter Round 188 – News of the week

Security Affairs

NOVEMBER 11, 2018

The best news of the week with Security Affairs. Apple T2 security chip in new MacBooks disconnects Microphone when lid is closed. Google dorks were the root cause of a catastrophic compromise of CIAs communications. Apache Struts users have to update FileUpload library to fix years-old flaws. 20% discount. Paper Copy.

Security

Security IoT Insurance Libraries

DinodasRAT Linux variant targets users worldwide

Security Affairs

MARCH 31, 2024

Both Linux and Windows versions of DinodasRAT communicates with the C2 over TCP or UDP. 0x1A DealProxy Proxy C2 communication through a remote proxy. 0x1A DealProxy Proxy C2 communication through a remote proxy. The library uses the Tiny Encryption Algorithm ( TEA ) in CBC mode to cipher and decipher the data.

Libraries

Libraries Encryption Communications Government

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

Recently, the Chinese security firm Rising detected a Linux variant of the SFile ransomware that uses the RSA+AES algorithm mode. Researchers at security firm ESET discovered an SFile ransomware variant supporting the FreeBSD platform that was used in attacks against a partially state-owned company in China. as the suffix name.

Ransomware

Ransomware Encryption Libraries Communications

Security Affairs newsletter Round 222 – News of the week

Security Affairs

JULY 13, 2019

The best news of the week with Security Affairs. Backdoor mechanism found in Ruby strong_password library. UK ICO fines British Airways £183 Million under GDPR over 2018 security breach. Prototype Pollution flaw discovered in all versions of Lodash Library. Microsoft released Patch Tuesday security updates for July 2019.

Security

Security Libraries Data breaches Ransomware

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

Security Affairs

JULY 24, 2023

OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted communication over a network. Qualys security researchers have been able to independently verify the vulnerability, develop a PoC exploit on installations of Ubuntu Desktop 22.04 ” reads the advisory.

Libraries

Libraries Authentication Encryption Security

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

Security researchers at Cylance discovered that the OceanLotus APT (also known as APT32 or Cobalt Kitty , group is using a loader leveraging steganography to deliver a version of Denes backdoor and an updated version of Remy backdoor. ” reads the report published by the experts. Pierluigi Paganini.

Libraries

Libraries Encryption Communications Manufacturing

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

DECEMBER 15, 2020

PyMICROPSIA communicated with C2 with HTTP POST requests, it uses different Uniform Resource Identifier (URI) paths and variables that depend on the functionality invoked. ’ PyMICROPSIA uses Python libraries to implements multiple operations, including data theft, Windows process and systems interaction. Audio recording.

Communications

Communications Libraries IT Security

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. If a path is passed, then the library is only loaded from the specific path. Avira.OE.NativeCore.dll: malicious DLL used during the DLL side-loading process.

Libraries

Libraries Communications Phishing Encryption

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Security Affairs

MARCH 7, 2019

UPnP-enabled devices running outdated software are exposed to a wide range of attacks exploiting known flaws in UPnP libraries. UPnP works with network protocols to configure communications in the network.” The UPnP communication protocol is widely adopted even if it is known to be vulnerable. ” continues the expert.

Libraries

Libraries Communications Data collection Security

Instagram RCE gave hackers remote access to your device

Security Affairs

SEPTEMBER 24, 2020

An attacker could trigger the vulnerability by sending a crafted malicious image to the victim via email, WhatsApp, SMS, or any other communications platform and then saved to a victim’s device. The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg.

Access

Access Libraries Communications IT

Delivering Malware Through Abandoned Amazon S3 Buckets

Schneier on Security

FEBRUARY 12, 2025

These buckets contained software libraries that are still used. That hampers their ability to communicate with vulnerable installations. Software supply-chain security is an absolute mess. Here’s a supply-chain attack just waiting to happen. And it’s not going to be easy, or cheap, to fix.

Libraries

Libraries Communications Government IT

News alert: Security Journey accelerates secure coding training platform enhancements

The Last Watchdog

JULY 13, 2023

Pittsburgh, PA – July 13, 2023 – Security Journey, a best-in-class application security education company, has today announced an acceleration of its secure coding training platform enhancements. undergraduate computer science programs mandate courses in application security.

Security

Security Education Communications Libraries

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

. “The malware is uploaded as gzip compressed tarball archives of binaries, scripts, and libraries. The libraries reside under the directory c/lib I thought it would be required to run the binaries in the tarball , but the binaries are compiled statically, so the libraries are extraneous.” ” wrote Cashdollar.

IoT

IoT Honeypots Libraries Archiving

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Security Affairs

NOVEMBER 25, 2022

Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. The most recent OpenSSL version was released in 2018.

Libraries

Libraries Manufacturing Communications Security

A new attack vector exploits the Log4Shell vulnerability on servers locally

Security Affairs

DECEMBER 19, 2021

Security researchers devised a new attack vector exploiting the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. WebSockets is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. ” states the analysis published by the experts.

Communications

Communications Risk Libraries Cybersecurity

New malware Cthulhu Stealer targets Apple macOS users

Security Affairs

AUGUST 23, 2024

Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information. Cado Security researchers have discovered a malware-as-a-service (MaaS) targeting macOS users dubbed Cthulhu Stealer. ” reads the report published by Cado Security.

Passwords

Passwords Blockchain Libraries Archiving

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable. The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. Pierluigi Paganini.

Financial Services

Financial Services Libraries Mining Retail

node-ipc NPM Package sabotage to protest Ukraine invasion

Security Affairs

MARCH 17, 2022

The Node-ipc node module allows local and remote inter-process communication with support for Linux, macOS, and Windows. of the library wipe the content of arbitrary files and replace it with a heart emoji. ” reads the analysis published by security firm Synk. ” reads the analysis published by security firm Synk.

Libraries

Libraries Communications Security IT

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Security Affairs

JULY 9, 2022

The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file. Then msiexec.exe launches a legitimate Windows utility, fodhelper.exe, which in turn run rundll32.exe

Manufacturing

Manufacturing Libraries Communications IT

Google fixes the fourth Chrome zero-day in 2022

Security Affairs

JULY 4, 2022

The flaw is a heap buffer overflow that resides in the Web Real-Time Communications (WebRTC) component, it is the fourth zero-day patched by the IT giant in 2022. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” ” Google added.

Libraries

Libraries Communications Access IT

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

The researchers pointed out that the Doki is a new multi-threaded malware leverages an undocumented technique for C2 communications by abusing the Dogecoin cryptocurrency blockchain in a unique way. The malware uses the embedTLS library for cryptographic functions and network communication. ” continues the report.

Blockchain

Blockchain Mining Cloud Communications

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

Upon receiving a request, it executes the encoded JavaScript code using the Microsoft.JScript library. Our investigation also uncovered two additional variations that utilize cloud storage services for communication instead of direct HTTP requests. . “SharpJSHandler operates by listening for HTTP requests.

Archiving

Archiving Military Communications Phishing

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Security Affairs

SEPTEMBER 5, 2024

Attackers spread the backdoor as a dynamic library (DLL, SO), the malware allows attackers to fully control the compromised environment. Upon executing the backdoor, it continuously communicates with its C2 server, awaiting instructions. The communication relies on GZIP-compressed and AES-GCM-encrypted messages.

IT

IT Communications Encryption Libraries

Wslink, a previously undescribed loader for Windows binaries

Security Affairs

OCTOBER 28, 2021

“Accepting a connection is followed by an RSA handshake with a hardcoded 2048-bit public key to securely exchange both the key and IV to be used for 256-bit AES in CBC mode. The decrypted module is loaded into memory using the MemoryModule library. The preceding component that registers the Wslink service is not known.”

Encryption

Encryption Libraries Communications Security

Foreign adversary hacked email communications of the Library of Congress says

Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library

Webinars

Trending Sources

Boston Public Library discloses cyberattack

Webinars

Popular open-source PJSIP library is affected by critical flaws

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

New EvilQuest ransomware targets macOS users

Critical RCE affects older Diebold Nixdorf ATMs

Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year

Google rolled out emergency fixes to address actively exploited Chrome zero-day

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

New Go-based Redigo malware targets Redis servers

What Counts as “Good Faith Security Research?”

Quad7 botnet evolves to more stealthy tactics to evade detection

CISA warns of vulnerabilities in Hitachi Energy products

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

EventBot, a new Android mobile targets financial institutions across Europe

Threat actors are using the Tox P2P messenger as C2 server

EastWind campaign targets Russian organizations with sophisticated backdoors

Security Affairs newsletter Round 188 – News of the week

DinodasRAT Linux variant targets users worldwide

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs newsletter Round 222 – News of the week

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

PyMICROPSIA Windows malware includes checks for Linux and macOS

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Instagram RCE gave hackers remote access to your device

Delivering Malware Through Abandoned Amazon S3 Buckets

News alert: Security Journey accelerates secure coding training platform enhancements

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

A new attack vector exploits the Log4Shell vulnerability on servers locally

New malware Cthulhu Stealer targets Apple macOS users

Oracle critical patch advisory addresses 284 flaws, 33 critical

node-ipc NPM Package sabotage to protest Ukraine invasion

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Google fixes the fourth Chrome zero-day in 2022

Doki, an undetectable Linux backdoor targets Docker Servers

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Wslink, a previously undescribed loader for Windows binaries

Stay Connected