Examples, Libraries and Security - Information Management Today

Bugs in open-source libraries impact 70% of modern software

Security Affairs

MAY 26, 2020

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them. ” reads the report.

Libraries

Libraries Security Access IT

Malicious file analysis – Example 01

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. Example: peframe file_name.

Libraries

Libraries Metadata Education Security

A flaw in libcue library impacts GNOME Linux systems

Security Affairs

OCTOBER 10, 2023

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts.

Libraries

Libraries Security IT Access

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Google expert disclosed details of an unpatched flaw in SymCrypt library

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. Specially crafted certificates could be provided in multiple ways, for example in digitally signed and encrypted messages via the S/MIME protocol. Pierluigi Paganini.

Libraries

Libraries Encryption Security IT

How to Package and Price Embedded Analytics

Just by embedding analytics, application owners can charge 24% more for their product. How much value could you add? This framework explains how application enhancements can extend your product offerings. Brought to you by Logi Analytics.

Analytics

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

Security Affairs

JANUARY 29, 2020

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Libraries

Libraries Security IT Information Security

OrBit, a new sophisticated Linux malware still undetected

Security Affairs

JULY 7, 2022

“Unlike other threats that hijack shared libraries by modifying the environment variable LD_PRELOAD, this malware uses 2 different ways to load the malicious library. SO file) that can be placed either in persistent storage, for example /lib/libntpVnQE6mk/, or in shim-memory under /dev/shm/ldx/. Pierluigi Paganini.

Libraries

Libraries Cybersecurity Authentication Access

While attackers begin exploiting a second Log4j flaw, a third one emerges

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library.

Libraries

Libraries Ransomware Access Security

Drupal addresses two XSS flaws by updating the CKEditor

Security Affairs

MARCH 20, 2020

Drupal developers released security updates for versions 8.8.x x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x x that address two XSS vulnerabilities that affect the CKEditor library. Drupal 8 versions prior to 8.7.x

Libraries

Libraries Risk Access Security

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Krebs on Security

MARCH 17, 2022

For example, the popular library ES5-ext hadn’t updated its code in nearly two years. If so, the code broadcasts a “Call for peace:” A message that appears for Russian users of the popular es5-ext code library on GitHub. The message has been Google-Translated from Russian to English. ” . ”

Libraries

Libraries IT Security

Apache releases the third patch to address a new Log4j flaw

Security Affairs

DECEMBER 18, 2021

Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library a third security vulnerability made the headlines.

Libraries

Libraries Security Ransomware IT

What Counts as “Good Faith Security Research?”

Krebs on Security

JUNE 3, 2022

The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. ” What constitutes “good faith security research?” ” The new DOJ policy comes in response to a Supreme Court ruling last year in Van Buren v.

Security

Security Computer and Electronics Access Libraries

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e.

Libraries

Libraries Paper Security Cybersecurity

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. ” reads the post published by Aqua Security. gopsutil – a process utility library, used for system and processes monitoring.

Mining

Mining Libraries Cloud Communications

UK National Cyber Security Centre urge to drop Python 2

Security Affairs

AUGUST 26, 2019

The UK National Cyber Security Centre (NCSC) urges developers to drop Python 2 due to imminent End-of-Life to avoid attacks on a large scale. The UK National Cyber Security Centre (NCSC) is recommending developers to drop Python 2.x x due to the imminent End-of-Life. “Python 2.7 will not be maintained past 2020.

Security

Security Risk Ransomware Libraries

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Security Affairs

DECEMBER 17, 2023

“Today we experienced an exploit on the Ledger Connect Kit, a Javascript library that implements a button allowing users to connect their Ledger device to third party DApps (wallet-connected Web sites). This is a good example of the industry working swiftly together to address security challenges.” and 1.1.7).”

Phishing

Phishing Libraries Authentication Access

INFRA:HALT flaws impact OT devices from hundreds of vendors

Security Affairs

AUGUST 4, 2021

IN FRA:HALT is a set of vulnerabilities affecting a popular TCP/IP library commonly OT devices manufactured by more than 200 vendors. “Forescout Research Labs and JFrog Security Research exploited two of the Remote Code Execution vulnerabilities in their lab and show the potential effects of a successful attack.”

Manufacturing

Manufacturing Libraries Cloud Security

The first iPhone Rapid Security Response update released by Apple fails to install

Security Affairs

MAY 2, 2023

Apple has released its first Rapid Security Response update, but many iPhone users reported problems during the installation of the iOS Security Response. On June 2022, Apple announced that the Rapid Security Response feature would be available starting with iOS 16.4.1, ” “iOS Security Response 16.4.1 (a)

Security

Security Libraries Education Cybersecurity

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. trendmrcio[.]com,

Ransomware

Ransomware Libraries File names Encryption

Google addresses two new Chrome zero-day flaws

Security Affairs

NOVEMBER 12, 2020

Google experts did not disclose the way the flaws have been exploited in the attacks, for example, it is not clear if they were chained by threat actors. “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”

Libraries

Libraries Security IT Information Security

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

Recently, the Chinese security firm Rising detected a Linux variant of the SFile ransomware that uses the RSA+AES algorithm mode. “For example, the variant captured this time uses nuctech-gj0okyci (nuctech is the English name of Nuctech Technology Co., as the suffix name. .” Pierluigi Paganini.

Ransomware

Ransomware Encryption Libraries Communications

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

Security Affairs

JULY 24, 2023

OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted communication over a network. Qualys security researchers have been able to independently verify the vulnerability, develop a PoC exploit on installations of Ubuntu Desktop 22.04 ” reads the advisory published by Qualys.

Libraries

Libraries Authentication Encryption Security

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Security Affairs

JUNE 17, 2022

With the example limit of 1, encrypt the file twice. The infection sequence can be carried out using a combination of Microsoft APIs, command-line interface (CLI) scripts, and PowerShell scripts, the enterprise security firm added. The versioning settings are under list settings for each document library. . Pierluigi Paganini.

Libraries

Libraries Encryption Ransomware Cloud

Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2

Security Affairs

NOVEMBER 17, 2020

The analysis of a shellcode requires know-how of which system library and functions will be invoked to help its execution, and depends on the operating system it can be a wide variation of commands from direct calls to an OS functions calls to the hash of the API of certain OS libraries. radare2 is one example of those tools.

Libraries

Libraries IT Security Information Security

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

DECEMBER 13, 2021

Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. Pierluigi Paganini.

Mining

Mining Honeypots Libraries IT

A few binary plating 0-days for Windows

Security Affairs

MARCH 15, 2019

We contacted Microsoft, but they claimed that it was not a product vulnerability since security had been weakened by 3rd party applications that allowed overly permissive file access. Those modules are used for authentication and key exchange in Internet Protocol security.

Libraries

Libraries Authentication Access IT

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Security Affairs

NOVEMBER 27, 2018

The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 million downloads a week. It has been estimated that the tainted version of the library was downloaded by nearly 8 million developers. For example: $ npm ls event-stream flatmap -stream. through 5.1.0

Libraries

Libraries Encryption IT Security

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Security Affairs

SEPTEMBER 16, 2024

. “We released a fix for CVE-2024-38112 in our July 2024 security updates which broke this attack chain. See [ CVE-2024-38112 – Security Update Guide – Microsoft – Windows MSHTML Platform Spoofing Vulnerability[([link] Customers should both the July 2024 and September 2024 security update to fully protect themselves.”

Archiving

Archiving File names Libraries Passwords

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Security Affairs

MARCH 3, 2020

The Kimsuky APT group has been analyzed by several security teams. The “ AutoUpdate.dll” library then gains persistence by setting the following registry key “ HKCUSoftwareMicrosoftWindowsCurrentVersionRunOnceWindowsDefender ”. An example of the C2 registration is the following: Figure 12: Network traffic performed by the malware.

IT

IT File names Libraries Communications

Feedify cloud service architecture compromised by MageCart crime gang

Security Affairs

SEPTEMBER 16, 2018

The script loads various resources from Feedify’s infrastructure, including a library named “feedbackembad -min-1.0.js Below an example script dubbed MagentoCore. <script but apparently, the hackers re-infected the library. Security Affairs – cybercrime, MageCart ). js ,” which was compromised by MageCart.

Cloud

Cloud Libraries Access Security

node-ipc NPM Package sabotage to protest Ukraine invasion

Security Affairs

MARCH 17, 2022

of the library wipe the content of arbitrary files and replace it with a heart emoji. This security incident involves destructive acts of corrupting files on disk by one maintainer and their attempts to hide and restate that deliberate sabotage in different forms. ” reads the analysis published by security firm Synk.

Libraries

Libraries Communications Security IT

Zeus Sphinx continues to be used in Coronavirus-themed attacks

Security Affairs

MAY 12, 2020

IBM security researcher continues to monitor the evolution of the infamous Zeus Sphinx banking Trojan (aka Zloader or Terdot ) that receives frequent updates and that was involved in active coronavirus scams. . The post Zeus Sphinx continues to be used in Coronavirus-themed attacks appeared first on Security Affairs.

Libraries

Libraries Sales Government IT

GhostTouch: how to remotely control touchscreens with EMI

Security Affairs

MAY 27, 2022

Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals. “In places like a cafe, library, meeting room, or conference lobbies, people might place their smartphone face-down on the table2. “We demonstrate the feasibility of this attack in the real world.”

Paper

Paper Libraries Passwords Authentication

Fleckpe Android malware totaled +620K downloads via Google Play Store

Security Affairs

MAY 5, 2023

Upon executing one of the infected apps, it loads a heavily obfuscated native library containing a dropper that decrypts and runs malicious code from the app assets. Once discovered, the apps have been quickly removed from the Play Store, but the threat actors might have already uploaded other tainted apps that have yet to be discovered.

Libraries

Libraries Cybersecurity Security IT

Generative AI: A double-edged sword for application security

OpenText Information Management

OCTOBER 25, 2024

GenAI can improve cybersecurity processes, such as automated threat detection, code review, and security testing. However, the same technology presents unique security challenges that traditional methods struggle to address. GenAI applications have both a supply chain to be secured and distinct vulnerabilities.

Security

Security Libraries Paper Cybersecurity

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

LinkedIn’s refusal to treat malicious scraping as a security problem can potentially allow cybercriminals to gather data on new victims with impunity. To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.

Archiving

Archiving Passwords Data collection Sales

Multiple malicious packages in PyPI repository found stealing AWS secrets

Security Affairs

JUNE 25, 2022

The malicious packages, which were reported to PyPI, are: loglib-modules — appears to target developers familiar with the legitimate ‘loglib’ library. pyg-modules — appears to target developers familiar with the legitimate ‘pyg’ library. ” reads the post published by Sonatype. . com:8000/upload.

Libraries

Libraries Metadata Security IT

KindleDrip exploit – Hacking a Kindle device with a simple email

Security Affairs

JANUARY 22, 2021

Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that could have allowed an attacker to take over victims’ devices. Realmode Labs reported the flaws to Amazon on October 17 and the company released security updates to address them on December 10, 2020. Pierluigi Paganini.

Authentication

Authentication Libraries Phishing Security

Magecart attacks are still around but are more difficult to detect

Security Affairs

JUNE 22, 2022

Magecart threat actors have switched most of their operations server-side to avoid detection of security firms. Malwarebytes researchers observed the use of 3 different themes by the threat actor to hide their skimmer, named after JavaScript libraries: hal-data[.]org/gre/code.js org” and “js.staticounter[.]net,”

Cleanup

Cleanup CMS Libraries Phishing

Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure

The Last Watchdog

AUGUST 19, 2024

Related: Europe mandates resiliency Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software supply chains, especially in light of the SolarWinds and Colonial Pipeline attacks. He drew a vivid parallel between food safety and software security.

Security

Security Libraries Cloud Cybersecurity

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Security Affairs

MARCH 7, 2019

UPnP-enabled devices running outdated software are exposed to a wide range of attacks exploiting known flaws in UPnP libraries. In early 2013, researchers at Rapid7 published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” that evaluated the global exposure of UPnP-enabled network devices.

Libraries

Libraries Communications Data collection Security

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

Security Affairs

JULY 17, 2024

Trend Micro researchers discovered that the flaw was actively exploited in the wild in May and reported it to Microsoft which addressed the zero-day with the July 2024 Patch Tuesday security updates. The archives are disseminated in cloud-sharing websites, Discord servers, and online libraries, and other means.

Archiving

Archiving Ransomware Libraries Passwords

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Security Affairs

APRIL 8, 2021

To see if your email address has been exposed in this data leak or other security breaches, use our personal data leak checker with a library of 15+ billion breached records. An example of leaked data: What’s the impact of the leak? Consider using a password manager to create strong passwords and store them securely.

Passwords

Passwords Phishing Personal data Libraries

macOS: Bashed Apples of Shlayer and Bundlore

Security Affairs

JULY 14, 2021

These malware are the most predominant malware in macOS, also with a history of evading and bypassing the built-in Xprotect, Gatekeeper, Notarization and File Quarantine security features of macOS. An example of one such DMG file with bash scripts is shown below (see Figure 1). Figure 1: DMG file initiating bash script installation.

Encryption

Encryption Passwords Libraries Security

Bugs in open-source libraries impact 70% of modern software

Malicious file analysis – Example 01

Webinars

Trending Sources

A flaw in libcue library impacts GNOME Linux systems

Webinars

Google expert disclosed details of an unpatched flaw in SymCrypt library

How to Package and Price Embedded Analytics

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

OrBit, a new sophisticated Linux malware still undetected

While attackers begin exploiting a second Log4j flaw, a third one emerges

Drupal addresses two XSS flaws by updating the CKEditor

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Apache releases the third patch to address a new Log4j flaw

What Counts as “Good Faith Security Research?”

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

UK National Cyber Security Centre urge to drop Python 2

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

INFRA:HALT flaws impact OT devices from hundreds of vendors

The first iPhone Rapid Security Response update released by Apple fails to install

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Google addresses two new Chrome zero-day flaws

Experts warn of attacks using a new Linux variant of SFile ransomware

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2

Log4Shell was in the wild at least nine days before public disclosure

A few binary plating 0-days for Windows

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Feedify cloud service architecture compromised by MageCart crime gang

node-ipc NPM Package sabotage to protest Ukraine invasion

Zeus Sphinx continues to be used in Coronavirus-themed attacks

GhostTouch: how to remotely control touchscreens with EMI

Fleckpe Android malware totaled +620K downloads via Google Play Store

Generative AI: A double-edged sword for application security

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Multiple malicious packages in PyPI repository found stealing AWS secrets

KindleDrip exploit – Hacking a Kindle device with a simple email

Magecart attacks are still around but are more difficult to detect

Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

macOS: Bashed Apples of Shlayer and Bundlore

Stay Connected