Libraries and Passwords - Information Management Today

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Security Affairs

NOVEMBER 5, 2021

Two popular npm libraries, coa and rc. have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. The post npm libraries coa and rc. while compromised rc versions are 1.2.9,

Libraries

Libraries Passwords Access Security

Critical Apache Roller flaw allows to retain unauthorized access even after a password change

Security Affairs

APRIL 15, 2025

A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. where active user sessions are not properly invalidated after password changes. where active user sessions are not properly invalidated after password changes. All versions 6.1.4 are affected. version 6.1.5

Passwords

Passwords Access Libraries Big data

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. As of September 5, 2024, the Internet Archive held more than 42.1 million print materials, 13 million videos, 1.2

Archiving

Archiving Data breaches Passwords File names

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. It is one of the largest libraries in the world. ” reads the announcement.

Libraries

Libraries Ransomware Manufacturing Education

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

AUGUST 20, 2019

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. It overloaded the #authenticate method on the Identity class.

Libraries

Libraries Mining Passwords Authentication

Backdoor mechanism found in Ruby strong_password library

Security Affairs

JULY 8, 2019

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The attacker created a new version of the library (version 0.0.7 version 0.0.7

Libraries

Libraries Passwords Security IT

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Security Affairs

AUGUST 17, 2019

Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. “ SafeBreach Labs discovered a new vulnerability in Trend Micro Password Manager software.” ” reads the post published by SafeBreach. Another researcher, Tr?n

Passwords

Passwords Authentication Libraries Security

Two Linux botnets already exploit Log4Shell flaw in Log4j

Security Affairs

DECEMBER 12, 2021

Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library.

Honeypots

Honeypots Libraries Passwords Authentication

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Libraries

Libraries e-Delivery Risk Passwords

Epic Manchego gang uses Excel docs that avoid detection

Security Affairs

SEPTEMBER 7, 2020

The trick used by the Epic Macnchego gang consists of compiling the documents with a.NET library called EPPlus , instead of the standard Microsoft Office software. ” The library can generate files in multiple spreadsheet formats, it also supports Excel 2019. .” ” reads the analysis published by NVISO.

Libraries

Libraries Phishing Passwords Security

Threat actors hacked the Dropbox Sign production environment

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Passwords

Passwords Authentication Access Phishing

New malware Cthulhu Stealer targets Apple macOS users

Security Affairs

AUGUST 23, 2024

The malicious code is written in GoLang, upon mounting the dmg it prompts users to enter their system and MetaMask passwords using the macOS osascript tool. Once the user inputs their credentials, the malware stores them in a directory and uses Chainbreak to dump Keychain passwords. ” reads the report published by Cado Security.

Passwords

Passwords Blockchain Libraries Archiving

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Security Affairs

MARCH 10, 2020

Individuals can also buy computer files, financial information, PII, and usernames and passwords taken from computers infected with malicious software (malware) located both in the U.S. Once payment was complete, the FBI obtained the gamer accounts, including the user name and password for each account.” storefront.”

Sales

Sales Passwords Libraries Authentication

Experts released PoC exploit for critical Progress Software OpenEdge bug

Security Affairs

MARCH 11, 2024

“When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS local authentication provider to grant user-id and password logins on operating platforms supported by active releases of OpenEdge, a vulnerability in the authentication routines may lead to unauthorized access on attempted logins.”

Authentication

Authentication Passwords Libraries Access

Security Affairs most-read cyber stories of 2021

Security Affairs

JANUARY 1, 2022

email and password pairs leaked online. The Largest compilation of emails and passwords (COMB), more than 3.2 A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants. The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver.

Security

Security Libraries Ransomware Passwords

Thousands of servers easy to hack due to a LibSSH Flaw

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. This means that if a remote attacker sends the “SSH2_MSG_USERAUTH_SUCCESS” response to libssh, the library considers that the authentication has been successfully completed.

Libraries

Libraries Authentication Passwords Security

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

SEPTEMBER 14, 2020

. “By forging an authentication token for specific Netlogon functionality, he was able to call a function to set the computer password of the Domain Controller to a known value. After that, the attacker can use this new password to take control over the domain controller and steal credentials of a domain admin.”

Authentication

Authentication Passwords Libraries Paper

XCSSET MacOS malware targets Telegram, Google Chrome data and more

Security Affairs

JULY 25, 2021

In order to target Telegram, the malware creates the archive “telegram.applescript” for the “keepcoder.Telegram” folder which is located in the Group Containers folder (“~/Library/Group Containers/6N38VWS5BX.ru.keepcoder.Telegram”). This differs from the practice on iOS. ” reads the analysis published by Trend Micro.

Libraries

Libraries Passwords Archiving Access

Experts warn of critical Zero-Day in Apache OfBiz

Security Affairs

DECEMBER 28, 2023

SonicWall researchers pointed out that the Apache OfBiz is part of the supply chain of prominent software, such as Atlassian’s JIRA (used by over 120K companies ). “As a result, like with many supply chain libraries, the impact of this vulnerability could be severe if leveraged by threat actors.”

Authentication

Authentication Libraries Passwords Information Security

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. gopsutil – a process utility library, used for system and processes monitoring.

Mining

Mining Libraries Cloud Communications

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Security Affairs

NOVEMBER 2, 2022

The company pointed out that no one’s content, passwords, or payment information were accessed, it also remarked that the issue was quickly resolved. The investigation revealed that the code accessed by the attackers contained some credentials, primarily, API keys, used by the development team.

Access

Access Phishing Passwords Authentication

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Security Affairs

APRIL 8, 2021

To see if your email address has been exposed in this data leak or other security breaches, use our personal data leak checker with a library of 15+ billion breached records. Brute-forcing the passwords of LinkedIn profiles and email addresses. Change the password of your LinkedIn and email accounts.

Passwords

Passwords Phishing Personal data Libraries

Unsecured Git server exposed Nissan North America

Security Affairs

JANUARY 8, 2021

– Nissan internal core mobile library – Nissan/Infiniti NCAR/ICAR services – client acquisition and retention tools – sale / market research tools + data – various marketing tools – the vehicle logistics portal (2/n) — tillie, doer of crime (@antiproprietary) January 4, 2021.

Libraries

Libraries Marketing Sales Passwords

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 1, 2023

Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms. CVE-2023-49103 – The vulnerability resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL. The vulnerability impacts ownCloud owncloud/graphapi 0.2.x

IT

IT Libraries Cybersecurity Passwords

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory. The only limitation on how to carry out a Zerologon attack is that the attacker must have access to the target network.

Authentication

Authentication Passwords Analytics Libraries

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

CVE-2021-45077 : Plaintext Password Storage. Researchers discovered multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions. CVE-2021-23147 : Insufficient UART Protection Mechanisms.

Communications

Communications Libraries Encryption Passwords

Message Decryption Key for Signal Desktop application stored in plain text

Security Affairs

OCTOBER 23, 2018

The key is stored in plain text to a local file called %AppData%Signalconfig.json on Windows PCs and on a Mac at ~/Library/Application Support/Signal/config.json. The issue could be easily addressed by requiring users to set a password that would be used to encrypt the key the database encryption key. Source Bleeping Computer.

Encryption

Encryption Passwords Libraries Cybersecurity

WAGO Industrial Switches affected by multiple flaws

Security Affairs

JUNE 13, 2019

Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.” The validity of the password hashes and the embedded keys were also verified by emulating the device. Both libraries are affected by known vulnerabilities, some of which rated as critical.

Libraries

Libraries Passwords IoT Security

Cisco addresses a High-severity flaw in CMX Software

Security Affairs

JANUARY 14, 2021

out of 10, could be exploited by a remote authenticated attacker to change the password for any account user on affected systems. “A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system.”

Passwords

Passwords Authentication Analytics Libraries

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

It is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and like a parasite infects the machine. Symbiote can be loaded by the linker via the LD_PRELOAD directive before any other shared objects allowing to “hijack the imports” from the other library files loaded for the application.

Libraries

Libraries Passwords Security IT

Data of 2 million MyFreeCams users sold on a hacker forum

Security Affairs

JANUARY 22, 2021

Stolen records belong to 2 million user records of MyFreeCams Premium members, they include usernames, email addresses, MyFreeCams Token (MFC Token) amounts, and passwords in plain text. In response to the incident, MyFreeCams reset the passwords of impacted users. ” reported CyberNews. .” ” reported CyberNews.

Sales

Sales Passwords Marketing Libraries

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Security Affairs

JANUARY 12, 2024

As a result, like with many supply chain libraries, the impact of this vulnerability could be severe if leveraged by threat actors.” SonicWall researchers pointed out that the Apache OfBiz is part of the supply chain of prominent software, such as Atlassian’s JIRA (used by over 120K companies ). “As reads the report published by SonicWall.

Honeypots

Honeypots Authentication Libraries Passwords

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Security Affairs

FEBRUARY 16, 2019

. “The campaign exploits legitimate operating system processes as well as security vendor products from companies like Avast and GAS Tecnologia to gain information about the target machine and steal password information, as well as keystate information and clipboard usage.” ” reads the analysis published by Cybereason.

Passwords

Passwords Archiving Libraries Security

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records. Change the password of your LinkedIn and email accounts. Consider using a password manager to create unique strong passwords and store them securely.

Archiving

Archiving Passwords Data collection Sales

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

. “The malware is uploaded as gzip compressed tarball archives of binaries, scripts, and libraries. The libraries reside under the directory c/lib I thought it would be required to run the binaries in the tarball , but the binaries are compiled statically, so the libraries are extraneous.” ” wrote Cashdollar.

IoT

IoT Honeypots Libraries Archiving

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Security Affairs

DECEMBER 31, 2020

The Emotet campaign uses malicious emails that attempt to trick recipients into opening the zipped archive with the password included in the message. Emails accessed in this way require user action: open the file, unzip it with a password. Emails accessed in this way require user action: open the file, unzip it with a password.

Passwords

Passwords Archiving Libraries Government

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Security Affairs

SEPTEMBER 28, 2023

Google also addressed this month the following vulnerabilities in the Chrome browser: [$TBD][ 1478889 ] High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05 [$2000][ 1475798 ] High CVE-2023-5187: Use after free in Extensions.

Libraries

Libraries Passwords Security IT

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

Security Affairs

NOVEMBER 28, 2023

The vulnerability, tracked as CVE-2023-49103 , resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL. According to the advisory , in containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key.

Cybersecurity

Cybersecurity Libraries Passwords Access

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

CERT-FR’s alert states that the Pysa ransomware code based on public Python libraries. “ “The password database was leaked shortly before the attack. ” Once compromised the target network, attackers attempt to exfiltrate the company’s accounts and passwords database. .”

Ransomware

Ransomware Government Encryption Passwords

macOS: Bashed Apples of Shlayer and Bundlore

Security Affairs

JULY 14, 2021

The openssl program is a command line tool in macOS for using the various cryptography functions (SSL, TLS) of OpenSSL’s crypto library from the shell. During the installation process, Bundlore also ensures to collect the user’s password by presenting a misleading prompt as shown below (see Figure 9). cloudfront[.]net

Encryption

Encryption Passwords Libraries Security

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Security Affairs

JULY 26, 2022

Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL files. In this campaign, the spam message contains an HTML file that has base64 encoded images and a password-protected ZIP file. The password-protected zip file contains an ISO file (i.e.

Passwords

Passwords File names Libraries Security

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

MARCH 13, 2023

In order to compromise a target system, the samples require special conditions on it, such as the use of specific arguments and targeted services already being installed (with weak passwords). For MySQL and Postgres services, the malware scans for open ports 3306 and 5432, then pings the host’s database with a certain username and password.

Passwords

Passwords Libraries Authentication Communications

Commando VM – Using Windows for pen testing and red teaming

Security Affairs

MARCH 29, 2019

Organized toolsets (Tools folder on the desktop with Info Gathering, Exploitation, Password Attacks, etc.) With a library of offensive tools, it makes it easy for blue teams to keep up with offensive tooling and attack trends.” Windows-based C2 frameworks like Covenant (dotnet) and PoshC2 (PowerShell). ” concluded FireEye.

Passwords

Passwords Libraries Security IT

Emotet Botnet dismantled in a joint international operation

Security Affairs

JANUARY 27, 2021

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The Dutch National Police’s as part of the criminal investigation discovered a database containing email addresses, usernames, and passwords stolen by the bots.

Libraries

Libraries Passwords Ransomware IT

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Critical Apache Roller flaw allows to retain unauthorized access even after a password change

Webinars

Trending Sources

Internet Archive data breach impacted 31M users

Webinars

Rhysida ransomware gang is auctioning data stolen from the British Library

A backdoor mechanism found in tens of Ruby libraries

Backdoor mechanism found in Ruby strong_password library

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Two Linux botnets already exploit Log4Shell flaw in Log4j

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Epic Manchego gang uses Excel docs that avoid detection

Threat actors hacked the Dropbox Sign production environment

New malware Cthulhu Stealer targets Apple macOS users

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Experts released PoC exploit for critical Progress Software OpenEdge bug

Security Affairs most-read cyber stories of 2021

Thousands of servers easy to hack due to a LibSSH Flaw

Zerologon attack lets hackers to completely compromise a Windows domain

XCSSET MacOS malware targets Telegram, Google Chrome data and more

Experts warn of critical Zero-Day in Apache OfBiz

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Unsecured Git server exposed Nissan North America

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Hackers are using Zerologon exploits in attacks in the wild

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Message Decryption Key for Signal Desktop application stored in plain text

WAGO Industrial Switches affected by multiple flaws

Cisco addresses a High-severity flaw in CMX Software

Symbiote, a nearly-impossible-to-detect Linux malware?

Data of 2 million MyFreeCams users sold on a hacker forum

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

CERT France – Pysa ransomware is targeting local governments

macOS: Bashed Apples of Shlayer and Bundlore

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Golang-Based Botnet GoBruteforcer targets web servers

Commando VM – Using Windows for pen testing and red teaming

Emotet Botnet dismantled in a joint international operation

Stay Connected