Security Affairs

JANUARY 30, 2024

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc) , including a heap-based buffer overflow tracked as CVE-2023-6246. in August 2022.

Libraries 141

Libraries Access Security IT 141

Schneier on Security

SEPTEMBER 27, 2023

Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said.

Libraries 128

Libraries Security IT 128

Security Affairs

DECEMBER 27, 2021

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures.

Libraries 145

Libraries Honeypots Security IT 145

Security Affairs

OCTOBER 10, 2023

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts.

Libraries 132

Libraries IT Security Access 132

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Libraries 139

Libraries IT Security Information Security 139

Krebs on Security

MARCH 17, 2022

For example, the popular library ES5-ext hadn’t updated its code in nearly two years. If so, the code broadcasts a “Call for peace:” A message that appears for Russian users of the popular es5-ext code library on GitHub. The message has been Google-Translated from Russian to English. ”

Libraries 351

Libraries IT Security 351

CILIP

FEBRUARY 1, 2024

New Future Libraries project to support resilience and strategic growth in Public Libraries Future Libraries is a two-part initiative from CILIP to challenge and engage librarians and library leaders to reimagine libraries in a world of evolving living and working patterns in the context of a rapidly changing world.

Libraries 96

Libraries IT 96

CILIP

JUNE 7, 2024

Trust Libraries: 10 Pledges for libraries to a new Government A General Election is just round the corner and its outcome will affect us all, with a new government and potentially hundreds of new MPs taking their seats in the House of Commons.

Libraries 92

Libraries Government Access IT 92

Data Breach Today

JUNE 17, 2020

Treck Issues 'Ripple20' Fixes for 19 Flaws in Its Widely Used TCP/IP Library Time for another internet of things update nightmare: Researchers have found that a little-known but widely used TCP/IP software library built into millions of internet-connected devices has 19 flaws that need fixing.

Libraries 271

Libraries IT 271

Data Breach Today

NOVEMBER 2, 2023

Also: Iranian State Hackers Stalk Middle Eastern Governments This week, Canada banned WeChat and Kaspersky apps, REvil members faced trial in a Russian military court, the British Library experienced an IT outage, Iranian state-backed hackers targeted Middle East governments and European officials extended the ban on Meta's behavioral advertising practices. (..)

Military 288

Military Libraries Government IT 288

Data Breach Today

APRIL 15, 2020

The software giant had previously warned users about two vulnerabilities in the Adobe Type Manager Library that were being exploited in the wild. Software Giant Had Previously Warned 2 Vulnerabilities Were Being Exploited Microsoft issued patches for three zero-day vulnerabilities as part of its most recent Patch Tuesday update.

Libraries 265

Libraries IT 265

CILIP

JUNE 4, 2024

Libraries Change Lives: Prison library tackles low literacy with Poet Laureate workshop Poet Laureate Simon Armitage visited HMP East Sutton Park and brought a new joy in reading and writing poetry for the prisoners. See how libraries are changing lives in your area, view the interactive impact map.

Libraries 78

Libraries IT 78

Security Affairs

JULY 16, 2024

This issue arises because the GeoTools library API, which GeoServer uses, evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library, allowing arbitrary code execution. GeoServer is an open-source server that allows users to share and edit geospatial data.

IT 136

IT Libraries Cybersecurity Risk 136

CILIP

JUNE 17, 2024

Libraries and the fight against truth decay Truth decay is the diminishing role of facts and analysis in public life, it is a phenomenon that erodes civil discourse, causes political paralysis, and leads to general uncertainty around what is and is not. A healthy democracy is helped by an open exchange of views,” said Stijn.

Libraries 88

Libraries IT 88

Krebs on Security

DECEMBER 14, 2021

But this month’s Patch Tuesday is overshadowed by the “ Log4Shell ” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw. Log4Shell is the name picked for a critical flaw disclosed Dec. “Treat it as such.”

Libraries 314

Libraries Cybersecurity Data breaches Cloud 314

Security Affairs

AUGUST 28, 2024

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”. “We We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

IT 134

IT Libraries Cybersecurity Risk 134

CILIP

AUGUST 30, 2024

CILIP writes to Libraries Minister CILIP has written to Sir Chris Bryant, detailing how CILIP can support the new government’s key missions. Chief Executive Louis Coiffait-Gunn reached out to the MP after he was announced as heading up responsibility for public libraries.

Libraries 76

Libraries Government IT 76

Security Affairs

DECEMBER 6, 2023

Below is the list of vulnerabilities addressed by the vendor: CVE-2022-1471 (CVSS score: 9.8) – SnakeYAML library RCE Vulnerability that impacts multiple products. Below is the list of vulnerabilities addressed by the vendor: CVE-2022-1471 (CVSS score: 9.8) – SnakeYAML library RCE Vulnerability that impacts multiple products.

IT 137

IT Libraries Security Information Security 137

CILIP

JANUARY 5, 2024

Libraries, critical thinking and the war on truth – what lies ahead in 2024 Nick Poole, Chief Executive, CILIP will leave CILIP at the end of March 2024. As a profession, our responsibility is not to ‘see both sides’ of the debate about volunteerism and cuts to library services.

Libraries 98

Libraries Education Government Access 98

CILIP

MARCH 1, 2024

Libraries in 19 councils at risk of ‘fire sale’ with new Exceptional Financial Support Framework Image of birmingham library via wikimedia commons CILIP is sounding the alarm over a potential 'fire sale' of library buildings following the Government announcement of 'exceptional financial support' to 19 Councils.

Libraries 88

Libraries Sales Risk Government 88

CILIP

AUGUST 6, 2024

Approaching AI at the National Library of Scotland Image of the National Library of Scotland by Magnus Hagdorn, from Flickr Robert Cawston, Director of Digital and Service Transformation, introduces a new AI Statement for the National Library of Scotland.

Libraries 78

Libraries Artificial Intelligence Metadata Data collection 78

Security Affairs

DECEMBER 1, 2023

Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms. CVE-2023-49103 – The vulnerability resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL.

IT 134

IT Libraries Cybersecurity Passwords 134

Security Affairs

OCTOBER 28, 2022

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. “ This is the seventh Chrome zero-day fixed by Google this year, below is the full list: CVE-2022-3075 (September 2) – Insufficient data validating in the Mojo collection of runtime libraries.

Libraries 143

Libraries IT Communications Access 143

CILIP

AUGUST 5, 2024

CILIP statement on the fire damage at Spellow Hub Library in Liverpool Spellow Hub library is located in Liverpool, and was transformed into a 'library of the future' in 2023. Across the country, public libraries should be safe, welcoming and inclusive communities, open to all free of charge.

Libraries 78

Libraries Education Access IT 78

Security Affairs

NOVEMBER 18, 2024

The Library of Congress discloses the compromise of some of its IT systems, an alleged foreign threat actor hacked their emails. Only email communications between congressional offices and some library staff, including the Congressional Research Service, from January to September, were affected. ” reported the NBC News.

Libraries 73

Libraries Communications Access Government 73

The Last Watchdog

JUNE 26, 2024

FireTail’s unique combination of open-source code libraries, inline API call evaluation, security posture management, and centralized audit trails helps eliminate vulnerabilities and protect APIs in real-time. •The That’s why we offer both this free tier, as well as our open source libraries.” McLean, Va.,

Access 130

Access Security IT Libraries 130

CILIP

JUNE 24, 2024

Library brings local history to life for London school children Guildhall Library in the City of London created an open and accessible space that got children out of the classroom and gave them hands-on experience of history. The free workshops consisted of discussion and creative writing, including a slideshow and a plague game.

Libraries 76

Libraries Access IT 76

Security Affairs

SEPTEMBER 14, 2024

is End-of-Life , and no longer receives updates for OS or third-party libraries. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. to its Known Exploited Vulnerabilities (KEV) catalog. Ivanti released a security update for Ivanti CSA 4.6

Cloud 139

Cloud IT Libraries Cybersecurity 139

Security Affairs

MARCH 8, 2024

An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process.” An authenticated, local attacker can exploit the flaw to elevate privileges on an affected device. ” reads the advisory.

Security 139

Security IT Authentication Libraries 139

Security Affairs

SEPTEMBER 5, 2024

Attackers spread the backdoor as a dynamic library (DLL, SO), the malware allows attackers to fully control the compromised environment. Trend Micro Researchers spotted the Chinese-speaking threat actor Earth Lusca using a new multiplatform backdoor called KTLVdoor. It may also be shared with other Chinese-speaking threat actors.

IT 127

IT Communications Encryption Libraries 127

CILIP

OCTOBER 25, 2024

Libraries Change Lives parliamentary reception unites MPs, Lords and Library Leaders Florence Eshalomi, Labour MP for Vauxhall and Camberwell Green speaking at the parliamentary event “Libraries represent the very best of us. Without that I don’t think I’d be standing here today.” “One

Libraries 59

Libraries Education Government Access 59

Security Affairs

SEPTEMBER 7, 2024

CVE-2024-7262 Kingsoft WPS Office Path Traversal Vulnerability: An improper path validation vulnerability in Kingsoft WPS Office (versions 12.2.0.13110 to 12.2.0.16412) allows attackers to load arbitrary Windows libraries via the promecefpluginhost.exe.

IT 137

IT Libraries Cybersecurity Risk 137