Krebs on Security

JUNE 3, 2022

The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. ” What constitutes “good faith security research?” ” The new DOJ policy comes in response to a Supreme Court ruling last year in Van Buren v.

Security 292

Security Computer and Electronics Access Libraries 292

Security Affairs

JANUARY 30, 2024

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc) , including a heap-based buffer overflow tracked as CVE-2023-6246. in August 2022.

Libraries 138

Libraries Access Security IT 138

Schneier on Security

SEPTEMBER 27, 2023

Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said.

Libraries 129

Libraries Security IT 129

Schneier on Security

JULY 30, 2021

The time has come for me to find a new home for my (paper) cryptography library. New owner pays all packaging and shipping costs, and possibly a purchase price depending on who you are and what you want to do with the library. If you think you can break it up and sell it, I’ll consider that as a last resort.

Libraries 145

Libraries Paper Education IT 145

Krebs on Security

MARCH 17, 2022

For example, the popular library ES5-ext hadn’t updated its code in nearly two years. If so, the code broadcasts a “Call for peace:” A message that appears for Russian users of the popular es5-ext code library on GitHub. The message has been Google-Translated from Russian to English. ”

Libraries 351

Libraries IT Security 351

Security Affairs

DECEMBER 27, 2021

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures.

Libraries 145

Libraries Honeypots Security IT 145

Security Affairs

OCTOBER 10, 2023

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts.

Libraries 126

Libraries IT Security Access 126

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Libraries 133

Libraries IT Security Information Security 133

Security Affairs

MARCH 8, 2024

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338. ” reads the advisory.

Security 134

Security IT Authentication Libraries 134

The Last Watchdog

JUNE 26, 2024

June 26, 2024, CyberNewsWire — FireTail today announced a free version of its enterprise-level API security tools, making them accessible to developers and organizations of all sizes. FireTail , a disruptor in API security, unveils free access for all to its cutting-edge API security platform. McLean, Va.,

Access 130

Access Security IT Libraries 130

Krebs on Security

DECEMBER 14, 2021

Microsoft , Adobe , and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. 9 in the popular logging library for Java called “ log4j ,” which is included in a huge number of Java applications.

Libraries 314

Libraries Cybersecurity Data breaches Cloud 314

The Last Watchdog

JULY 13, 2023

Pittsburgh, PA – July 13, 2023 – Security Journey, a best-in-class application security education company, has today announced an acceleration of its secure coding training platform enhancements. undergraduate computer science programs mandate courses in application security.

Security 189

Security Education Communications Libraries 189

The Last Watchdog

AUGUST 19, 2024

Related: Europe mandates resiliency Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software supply chains, especially in light of the SolarWinds and Colonial Pipeline attacks. He drew a vivid parallel between food safety and software security.

Security 173

Security Libraries Cloud Cybersecurity 173

Krebs on Security

APRIL 14, 2020

Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. “This is great news for Microsoft and the security community at large.” ” Once again, Adobe has blessed us with a respite from updating its Flash Player program with security fixes. .”

Libraries 284

Libraries Security Authentication IT 284

Security Affairs

JULY 16, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog. GeoServer versions prior to 2.23.6, are vulnerable to Remote Code Execution (RCE) due to unsafe evaluation of property names as XPath expressions.

IT 130

IT Libraries Cybersecurity Risk 130

The Last Watchdog

MARCH 29, 2022

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. By no means has the cybersecurity community been blind to the complex security challenges spinning out of digital transformation. Log4j, for instance, is a ubiquitous logging library.

Security 223

Security Cloud Digital transformation Cybersecurity 223

Security Affairs

AUGUST 28, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856 (CVSS score of 8.8)

IT 127

IT Libraries Cybersecurity Risk 127

Krebs on Security

JANUARY 11, 2022

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. ” “One of the flaws, CVE-2022-21846 , was disclosed to Microsoft by the National Security Agency ,” Narang said. “Thankfully the Windows preview pane is not a vector for this attack.”

Libraries 280

Libraries Security Access IT 280

CILIP

JANUARY 16, 2024

CILIP welcomes publication of Sanderson Review of Public Libraries CILIP has welcomed the publication of the findings of Baroness Sanderson of Welton’s Independent Review of Public Libraries, announced today at an event at the House of Lords attended by our CEO, Nick Poole.

Libraries 86

Libraries Government Education Communications 86

Security Affairs

DECEMBER 6, 2023

Atlassian released security patches to address four critical remote code execution vulnerabilities in its products. Below is the list of vulnerabilities addressed by the vendor: CVE-2022-1471 (CVSS score: 9.8) – SnakeYAML library RCE Vulnerability that impacts multiple products. and later.

IT 131

IT Libraries Security Information Security 131

Krebs on Security

NOVEMBER 14, 2023

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks.

Phishing 287

Phishing Authentication Libraries Access 287

Krebs on Security

MAY 14, 2024

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library.

Libraries 256

Libraries Authentication Ransomware Security 256

Security Affairs

SEPTEMBER 14, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance OS Command Injection Vulnerability CVE-2024-8190 (CVSS score of 7.2)

Cloud 133

Cloud IT Libraries Cybersecurity 133

Security Affairs

OCTOBER 28, 2022

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. “ This is the seventh Chrome zero-day fixed by Google this year, below is the full list: CVE-2022-3075 (September 2) – Insufficient data validating in the Mojo collection of runtime libraries.

Libraries 140

Libraries IT Communications Access 140

Security Affairs

DECEMBER 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms.

IT 128

IT Libraries Cybersecurity Passwords 128

Security Affairs

SEPTEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Draytek VigorConnect and Kingsoft WPS Office vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

IT 131

IT Libraries Cybersecurity Risk 131

AIIM

JULY 15, 2021

There are certain outcomes to be aware of and avoid : Implementation is Half Baked: Maybe security is not thought through. Sensitive Data is Compromised: Without proper security precautions, data can be exposed to the wrong groups or employees, or even shared outside of your organization. Tip #1: Planning is Everything.

Libraries 190

Libraries Metadata Access Security 190

Security Affairs

SEPTEMBER 20, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance a path traversal vulnerability CVE-2024-8190 (CVSS score of 9.4) added the company.

Cloud 128

Cloud IT Authentication Cybersecurity 128

Security Affairs

MAY 14, 2024

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day. CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability An attacker can exploit this vulnerability to gain SYSTEM privileges. ” reads the advisory.

Security 126

Security Libraries IT Information Security 126

The Last Watchdog

AUGUST 8, 2023

8, 2023 – SandboxAQ today announced Sandwich, an open source framework and meta-library of cryptographic algorithms that simplifies modern cryptography management. This provides a much simpler process to create a cryptographic object, such as a secure tunnel, and helps organizations implement crypto-agility. Palo Alto, Calif.,

Libraries 188

Libraries Encryption Access Cybersecurity 188

Schneier on Security

APRIL 11, 2024

There’s an important moral to the story of the attack and its discovery : The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. These code repositories, called libraries, are hosted on sites like GitHub.

Libraries 139

Libraries e-Discovery Cybersecurity Government 139

eSecurity Planet

AUGUST 5, 2021

Open source security has been a big focus of this week’s Black Hat conference, but no open source security initiative is bolder than the one proffered by the Open Source Security Foundation (OpenSSF). ” OpenSSF was formed a year ago by the merger of Linux Foundation, GitHub and industry security groups.

Security 143

Security Big data Libraries Communications 143

Krebs on Security

JUNE 7, 2021

KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. Mind you, I’m not suggesting anyone go do that: Horohorin pointed out that this random number generator was flagged by 20 different antivirus and security products as malicious. Image: Wikipedia.

Encryption 335

Encryption Ransomware Government Communications 335

Security Affairs

DECEMBER 17, 2021

After the disclosure of the exploit, Microsoft researchers reported that Nation-state actors from China, Iran, North Korea, and Turkey are now abusing the Log4Shell (CVE-2021-44228) in the Log4J library in their campaigns. The post Conti ransomware gang exploits Log4Shell bug in its operations appeared first on Security Affairs.

Ransomware 138

Ransomware Energy and Utilities IT Libraries 138

Security Affairs

NOVEMBER 14, 2023

Patch Tuesday security updates for November 2023 fixed three vulnerabilities actively exploited in the wild. ” – CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability An attacker can exploit this flaw to bypass Windows Defender SmartScreen checks and other prompts.

Security 130

Security Libraries Cloud Phishing 130