Document, Libraries and Security - Information Management Today

GitLab addressed critical auth bypass flaws in CE and EE

Security Affairs

MARCH 13, 2025

GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). ” Attackers with a valid signed SAML document can impersonate users within the same SAML IdP, risking data breaches and privilege escalation. GitLab CE/EE versions 17.7.7, addressed the issue.

Authentication

Authentication Libraries Data breaches Security

What are the Best Document Management Capabilities?

AIIM

APRIL 8, 2021

Document Management is the use of a software application to track digital documents from creation through approval and publication. It serves in many ways to apply a formal governance framework to the document creation and collaborative editing processes. Five Key Document Management Capabilities. Version control.

ECM

ECM Cloud Access File names

The Document that Microsoft Eluded AppLocker and AMSI

Security Affairs

MARCH 20, 2019

Experts analyzed an Office document containing a payload that is able to bypass Microsoft AppLocker and Anti-Malware Scan Interface (AMSI), Introduction. Initial document view. Analyzing the document view with more attention it possible to notice a suspicious chunk of strings in the smallest box in the left of the document: Figure 3.

Security

Security IT Libraries Paper

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Epic Manchego gang uses Excel docs that avoid detection

Security Affairs

SEPTEMBER 7, 2020

A recently discovered cybercrime gang, tracked as Epic Manchego , is using a new technique to create weaponized Excel files that are able to bypass security checks. The phishing messages carry weaponized Excel documents that are able to bypass security checks and that had low detection rates. EPPlus is such a tool.”

Libraries

Libraries Phishing Passwords Security

Attackers Increasingly Adopting Regsvr32 Utility Execution Via Office Documents

Security Affairs

FEBRUARY 10, 2022

exe heavily via various types of Microsoft Office documents. Regsvr32 is a Microsoft-signed command line utility in Windows which allows users to register and unregister DLLs (Dynamic Link Library). Microsoft Word/Rich Text Format data/Composite Document —. This blog details the use of regsvr32.exe Pierluigi Paganini.

Libraries

Libraries Ransomware Security IT

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

Security Affairs

MAY 14, 2024

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day. CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability An attacker can exploit this vulnerability to gain SYSTEM privileges. ” reads the advisory.

Security

Security Libraries IT Information Security

Microsoft Patch Tuesday security updates fixed 3 actively exploited flaws

Security Affairs

NOVEMBER 14, 2023

Patch Tuesday security updates for November 2023 fixed three vulnerabilities actively exploited in the wild. ” – CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability An attacker can exploit this flaw to bypass Windows Defender SmartScreen checks and other prompts.

Security

Security Cloud Libraries Phishing

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. v1: Pulse Connect Secure MAR-10334057-3.v1:

Security

Security Authentication Libraries Passwords

0patch releases free unofficial patches for Windows 0days exploited in the wild

Security Affairs

MARCH 27, 2020

A few days ago, Microsoft warned of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. The vulnerabilities affects the way Windows Adobe Type Manager Library handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. See the link for more details.

Libraries

Libraries Risk Security IT

Text4Shell, a remote code execution bug in Apache Commons Text library

Security Affairs

OCTOBER 19, 2022

Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. ” wrote the security team. Pierluigi Paganini.

Libraries

Libraries Security IT Information Security

Microsoft warns of targeted attacks exploiting Windows zero-day flaws

Security Affairs

MARCH 23, 2020

Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries

Libraries Risk Authentication Security

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Security Affairs

JUNE 17, 2022

The infection sequence can be carried out using a combination of Microsoft APIs, command-line interface (CLI) scripts, and PowerShell scripts, the enterprise security firm added. The versioning settings are under list settings for each document library. . ” continues the report. ” concludes the report.

Libraries

Libraries Encryption Ransomware Cloud

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Libraries

Libraries e-Delivery Risk Passwords

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Draytek VigorConnect and Kingsoft WPS Office vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Libraries Cybersecurity Risk

Microsoft patch Tuesday security updates fix PrintNightmare flaws

Security Affairs

AUGUST 10, 2021

Microsoft released patch Tuesday security updates for August that address 120 CVEs in Microsoft products including a zero-day actively exploited in the wild. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine.

Security

Security Libraries IT

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Artificial Intelligence

Artificial Intelligence Security Ransomware Data breaches

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Security Affairs

MARCH 3, 2020

The Kimsuky APT group has been analyzed by several security teams. The “ AutoUpdate.dll” library then gains persistence by setting the following registry key “ HKCUSoftwareMicrosoftWindowsCurrentVersionRunOnceWindowsDefender ”. scr” file, the document is named “ ??? ??.hwp Table 3: Information about legit document with “.hwp”

IT

IT File names Libraries Communications

Microsoft addresses three Windows issues actively exploited

Security Affairs

APRIL 14, 2020

Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including three Windows issues that have been exploited in attacks in the wild. Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including two remote code execution flaws in Windows that are actively exploited. Pierluigi Paganini.

Libraries

Libraries Authentication Security Risk

The Emotet botnet is back and hits 100K recipients per day

Security Affairs

DECEMBER 26, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities.

Ransomware

Ransomware Libraries Cybersecurity Security

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. If a path is passed, then the library is only loaded from the specific path. Avira.OE.NativeCore.dll: malicious DLL used during the DLL side-loading process.

Libraries

Libraries Communications Phishing Encryption

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. since August. Pierluigi Paganini.

Government

Government Libraries Cybersecurity Phishing

Cisco Talos discloses technicals details of Chrome, Firefox flaws

Security Affairs

JULY 5, 2020

The first issue, tracked as CVE-2020-6463, is a memory corruption vulnerability that affects PDFium, an open source PDF library used by Chrome and other applications. An attacker could trigger the issue by tricking the user into opening a specially crafted document that contains JavaScript code. Pierluigi Paganini.

Libraries

Libraries IT Security Information Security

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs

OCTOBER 5, 2023

The research of zero-day exploits for popular applications such as WhatsApp is even more complex due to the security mechanisms implemented by the developers of the mobile OSs and the app. According to the documents, a company was selling a zero-click exploit for a remote code execution (RCE) vulnerability in WhatsApp for around $1.7

Marketing

Marketing Libraries Sales Government

Threat actors hacked the Dropbox Sign production environment

Security Affairs

MAY 2, 2024

Dropbox Sign is a service that allows users to electronically sign and request signatures on documents. It integrates with Dropbox storage, so users can sign and store documents in one place without ever leaving the Dropbox platform.

Passwords

Passwords Authentication Access Phishing

Cyber Defense Magazine – July 2020 has arrived. Enjoy it!

Security Affairs

JULY 2, 2020

OVER 165 PAGESALWAYS FREE – LOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. appeared first on Security Affairs. Always free, no strings attached. Pierluigi Paganini.

B2C

B2C IT Libraries Information Security

Security Affairs newsletter Round 266

Security Affairs

MAY 31, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 266 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! NetWalker ransomware gang threatens to release Michigan State University files.

Security

Security Data breaches Ransomware Sales

Researcher published PoC exploit for Ghostscript zero-day

Security Affairs

SEPTEMBER 7, 2021

Security researcher Nguyen The Duc published on GitHub the proof-of-concept exploit code for a Ghostscript zero-day vulnerability. Ghostscript is a suite of software based on an interpreter for Adobe Systems’ PostScript and Portable Document Format (PDF) page description languages. Airbnb, Dropbox, and Yandex).

Libraries

Libraries Education Security IT

Cyber Defense Magazine – August 2020 has arrived. Enjoy it!

Security Affairs

AUGUST 5, 2020

OVER 145 PAGESALWAYS FREE – LOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. appeared first on Security Affairs. Always free, no strings attached. Pierluigi Paganini.

B2C

B2C IT Libraries Information Security

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

Below are the improvements implemented after the investigation: Identified and resolved race Condition that allowed the signing key to be present in crash dumps Enhanced prevention, detection, and response for key material erroneously included in crash dumps Enhanced credential scanning to better detect presence of signing key in the debugging environment (..)

Authentication

Authentication Libraries Access Government

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Security Affairs

MARCH 28, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving

Archiving File names Education Libraries

China-linked APT group uses new Macma macOS backdoor version

Security Affairs

JULY 24, 2024

In addition to this shared infrastructure, Macma and other malware in the Daggerfly’s arsenal, including Mgbot all contain code from a single, shared library or framework. Elements of this library have been used to build Windows, macOS, Linux, and Android threats. ” concludes the report.

Libraries

Libraries IT Information Security Security

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

The activity of the cyber espionage group was first documented by ESET experts Matthieu Faou and Francis Labelle in a talk at the Virus Bulletin 2020 security conference. The malware samples analyzed by the researchers are slightly obfuscated using string obfuscation and dynamic Windows API library loading.

Military

Military Phishing Passwords Government

Apple out-of-band patches fix remote code execution bugs in iOS and macOS

Security Affairs

NOVEMBER 10, 2022

Apple released out-of-band patches for iOS and macOS to fix a couple of code execution vulnerabilities in the libxml2 library. Apple released out-of-band patches for iOS and macOS to address two code execution flaws, tracked as CVE-2022-40303 and CVE-2022-40304 , in the libxml2 library for parsing XML documents.

Libraries

Libraries Security IT Information Security

The return of the AdvisorsBot malware

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. Once opened, the document kindly asks to the users to enable the macro scripts, heavily obfuscated to avoid static detection. Figure 2 – Document view inviting to enable macro.

Libraries

Libraries Phishing Security IT

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Security Affairs

DECEMBER 31, 2020

Security Center under the Ministry of National Defense recorded a large number of virus-infected e-mails addressed to several state institutions. postal system operators to specify their security rules and filters, ”says Rytis Rainys, Director of NKSC. Security Center. Security Center. “The National Cyber ??Security

Passwords

Passwords Archiving Libraries Government

Malicious file analysis – Example 01

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. Microsoft Office Documents. Microsoft Office Documents. PEframe is an open source tool to perform static analysis of malware executables and malicious MS Office documents.

Libraries

Libraries Metadata Education Security

Lazarus APT employed an exploit in a Dell firmware driver in recent attacks

Security Affairs

OCTOBER 4, 2022

Threat actors sent spear-phishing emails using malicious Amazon-themed documents as lures. The experts spotted a dynamically linked library, codenamed FudModule.dll, that tries to disable various Windows monitoring features. The library modify kernel variables and remove kernel callbacks in the attempt to disable the features.

Libraries

Libraries Phishing Security IT

Zeus Sphinx continues to be used in Coronavirus-themed attacks

Security Affairs

MAY 12, 2020

IBM security researcher continues to monitor the evolution of the infamous Zeus Sphinx banking Trojan (aka Zloader or Terdot ) that receives frequent updates and that was involved in active coronavirus scams. . Zeus Sphinx is distributed through malspam campaigns that use weaponized office documents. 2 Trojan that was leaked online.

Libraries

Libraries Sales Government IT

Generative AI: A double-edged sword for application security

OpenText Information Management

OCTOBER 25, 2024

GenAI can improve cybersecurity processes, such as automated threat detection, code review, and security testing. However, the same technology presents unique security challenges that traditional methods struggle to address. GenAI applications have both a supply chain to be secured and distinct vulnerabilities.

Security

Security Libraries Paper Cybersecurity

Threat actors continue to exploit Log4Shell in VMware Horizon Systems

Security Affairs

JUNE 24, 2022

Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), published a joint advisory to warn of hacking attempts exploiting the Log4Shell flaw in VMware Horizon servers to compromise target networks. ” reads the advisory. Follow me on Twitter: @securityaffairs and Facebook.

Access

Access Libraries Cybersecurity Security

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations. It also hides malicious processes using library injection and encrypts the malicious payload. Pierluigi Paganini.

Mining

Mining Libraries Encryption Access

New PyLocky Ransomware stands out for anti-machine learning capability

Security Affairs

SEPTEMBER 12, 2018

Security experts from Trend Micro have spotted a new strain of ransomware involved in attacks in July and August, the malicious code was posing as the Locky ransomware. exe will drop malware components — several C++ and Python libraries and the Python 2.7 When successfully run, the Facture_23100.31.07.2018.exe Pierluigi Paganini.

Ransomware

Ransomware Libraries Encryption Archiving

Tips for Maximizing Your Sharepoint Investment

AIIM

JULY 15, 2021

There are certain outcomes to be aware of and avoid : Implementation is Half Baked: Maybe security is not thought through. Sensitive Data is Compromised: Without proper security precautions, data can be exposed to the wrong groups or employees, or even shared outside of your organization. Tip #1: Planning is Everything.

Libraries

Libraries Metadata Access Security

Red TIM Research found two rare flaws in Ericsson OSS-RC component

Security Affairs

OCTOBER 25, 2021

In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing tool ELEX used in systems like Ericsson Network Manager. SecurityAffairs – hacking, cyber security). CVE-2021-32569.

Cleanup

Cleanup Data migration Libraries Passwords

GitLab addressed critical auth bypass flaws in CE and EE

What are the Best Document Management Capabilities?

Webinars

Trending Sources

The Document that Microsoft Eluded AppLocker and AMSI

Webinars

Epic Manchego gang uses Excel docs that avoid detection

Attackers Increasingly Adopting Regsvr32 Utility Execution Via Office Documents

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

Microsoft Patch Tuesday security updates fixed 3 actively exploited flaws

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

0patch releases free unofficial patches for Windows 0days exploited in the wild

Text4Shell, a remote code execution bug in Apache Commons Text library

Microsoft warns of targeted attacks exploiting Windows zero-day flaws

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

Microsoft patch Tuesday security updates fix PrintNightmare flaws

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Microsoft addresses three Windows issues actively exploited

The Emotet botnet is back and hits 100K recipients per day

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

CISA alert warns of Emotet attacks on US govt entities

Cisco Talos discloses technicals details of Chrome, Firefox flaws

A WhatsApp zero-day exploit can cost several million dollars

Threat actors hacked the Dropbox Sign production environment

Cyber Defense Magazine – July 2020 has arrived. Enjoy it!

Security Affairs newsletter Round 266

Researcher published PoC exploit for Ghostscript zero-day

Cyber Defense Magazine – August 2020 has arrived. Enjoy it!

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

China-linked APT group uses new Macma macOS backdoor version

XDSpy APT remained undetected since at least 2011

Apple out-of-band patches fix remote code execution bugs in iOS and macOS

The return of the AdvisorsBot malware

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Malicious file analysis – Example 01

Lazarus APT employed an exploit in a Dell firmware driver in recent attacks

Zeus Sphinx continues to be used in Coronavirus-themed attacks

Generative AI: A double-edged sword for application security

Threat actors continue to exploit Log4Shell in VMware Horizon Systems

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

New PyLocky Ransomware stands out for anti-machine learning capability

Tips for Maximizing Your Sharepoint Investment

Red TIM Research found two rare flaws in Ericsson OSS-RC component

Stay Connected