article thumbnail

Internet Archive data breach impacted 31M users

Security Affairs

” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. As of September 5, 2024, the Internet Archive held more than 42.1 million print materials, 13 million videos, 1.2

Archiving 304
article thumbnail

Researchers disclose critical sandbox escape bug in vm2 sandbox library

Security Affairs

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. servers, it has approximately four million weekly downloads and its library is part of 722 packages. servers, it has approximately four million weekly downloads and its library is part of 722 packages.

Libraries 245
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Malicious npm packages spotted delivering njRAT Trojan

Security Affairs

The script attempted to download and execute a file named patch.exe that was used to install the njRAT remote access trojan. In early November, the same team of researchers discovered an npm package that contains malicious code designed to steal sensitive Discord and browser files.

Libraries 346
article thumbnail

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

article thumbnail

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Security Affairs

Hash 757dfeacabf4c2f771147159d26117818354af14050e6ba42cc00f4a3d58e51f Threat Kimsuky loader Brief Description Scr file, initial loader Ssdeep 12288:APWcT1z2aKqkP/mANd2JiEWKZ52zfeCkIAYfLeXcj6uuLl:uhT1z4q030JigZUaULeXc3uLl. Figure 2: Written file (AutoUpdate.dll) in the “%AppData%LocalTemp” path. Table 2: AutoUpdate.dll Information.

IT 363
article thumbnail

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Security Affairs

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving 272
article thumbnail

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Security Affairs

User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.” “The specific flaw exists within the way Internet Explorer prompts the user after a file is downloaded. ” reads the advisory published by ZDI. states Trend Micro.

Archiving 343