Libraries, Presentation and Security - Information Management Today

Bugs in open-source libraries impact 70% of modern software

Security Affairs

MAY 26, 2020

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them. ” reads the report.

Libraries

Libraries Security Access IT

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Security Affairs

JANUARY 30, 2024

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc) , including a heap-based buffer overflow tracked as CVE-2023-6246. in August 2022.

Libraries

Libraries Access Security IT

Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2

Security Affairs

NOVEMBER 17, 2020

The analysis of a shellcode requires know-how of which system library and functions will be invoked to help its execution, and depends on the operating system it can be a wide variation of commands from direct calls to an OS functions calls to the hash of the API of certain OS libraries. radare2 is one example of those tools.

Libraries

Libraries IT Security Information Security

Webinars

Going Beyond Chatbots: Connecting AI to Your Tools, Systems, & Data

Automation, Evolved: Your New Playbook for Smarter Knowledge Work

MORE WEBINARS

Google discloses a severe flaw in widely used Libgcrypt encryption library

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. It provides functions for all cryptographic building blocks and is present in major Linux distributions like Fedora and Gentoo, along with macOS package manager Homebrew. users is required.

Libraries

Libraries Encryption Privacy IT

Experts disclosed a 22-year-old bug in popular SQLite Database library

Security Affairs

OCTOBER 25, 2022

A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database library, which was introduced in October 2000. through 3.39.1. .

Libraries

Libraries Security IT Information Security

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

Security Affairs

JANUARY 29, 2020

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD. ” reads the advisory published by Qualys. Pierluigi Paganini.

Libraries

Libraries Security IT Information Security

Duo Labs presents CRXcavator Service that analyzes Chrome Extensions

Security Affairs

FEBRUARY 24, 2019

Researchers at Duo Labs has launched a new service called CRXcavator that allows users to analyze Chrome extensions and deliver security reports on them. Researchers at Duo Labs, a division of Duo Security, has launched a new service called CRXcavator that allows users to analyze Chrome extensions and deliver security reports on them.

Libraries

Libraries Communications Security Access

Expert found a backdoor in XZ tools used many Linux distributions

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm

Libraries

Libraries Authentication Access Risk

Thousands of servers easy to hack due to a LibSSH Flaw

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. ” reads the security advisory. Experts pointed out that GitHub and OpenSSH implementations of the libssh library are not affected by the flaw. Pierluigi Paganini.

Libraries

Libraries Authentication Passwords Security

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Draytek VigorConnect and Kingsoft WPS Office vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Libraries Cybersecurity Risk

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

The company pointed out that crash dumps should not include the signing key, but a race condition allowed the key to be present in the crash dump (this issue has been fixed by the company). The investigation revealed that the system crash in April of 2021 resulted in a snapshot of the crashed process (“crash dump”).

Authentication

Authentication Libraries Access Government

Experts found critical RCE in Spotify’s Backstage

Security Affairs

NOVEMBER 15, 2022

Researchers from the security firm Oxeye discovered a critical Remote Code Execution in Spotify’s Backstage (CVSS Score of 9.8). The issue can be exploited by triggering a recently disclosed VM sandbox escape vulnerability (CVE-2022-36067 aka Sandbreak) in the vm2 third-party library. ” reads the advisory published by Oxeye.

Libraries

Libraries Authentication Paper Risk

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

“LD_PRELOAD forces binaries to load specific libraries before others, allowing the preloaded libraries to override any function from any library. One of the ways to use LD_PRELOAD is to add the crafted library to /etc/ld.so.preload.” ” continues the analysis. Pro-Ocean deploys an XMRig miner 5.11.1

Cloud

Cloud Libraries Mining IT

A few binary plating 0-days for Windows

Security Affairs

MARCH 15, 2019

We contacted Microsoft, but they claimed that it was not a product vulnerability since security had been weakened by 3rd party applications that allowed overly permissive file access. Those modules are used for authentication and key exchange in Internet Protocol security.

Libraries

Libraries Authentication Access IT

China-linked APT group uses new Macma macOS backdoor version

Security Affairs

JULY 24, 2024

In addition to this shared infrastructure, Macma and other malware in the Daggerfly’s arsenal, including Mgbot all contain code from a single, shared library or framework. Elements of this library have been used to build Windows, macOS, Linux, and Android threats. ” continues the report.

Libraries

Libraries IT Information Security Security

Experts discovered DLL hijacking issues in Kaspersky and Trend Micro solutions

Security Affairs

DECEMBER 2, 2019

Experts discovered several DLL hijacking flaws in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application. The first issue in Kaspersky Secure Connection (KSDE) VPN client, tracked as CVE-2019-15689, could be exploited by an attacker to implant and run an arbitrary unsigned executable. .

Libraries

Libraries Authentication Security IT

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Authentication

Authentication Libraries Access Security

Generative AI: A double-edged sword for application security

OpenText Information Management

OCTOBER 25, 2024

GenAI can improve cybersecurity processes, such as automated threat detection, code review, and security testing. However, the same technology presents unique security challenges that traditional methods struggle to address. GenAI applications have both a supply chain to be secured and distinct vulnerabilities.

Security

Security Libraries Paper Cybersecurity

KindleDrip exploit – Hacking a Kindle device with a simple email

Security Affairs

JANUARY 22, 2021

Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that could have allowed an attacker to take over victims’ devices. Realmode Labs reported the flaws to Amazon on October 17 and the company released security updates to address them on December 10, 2020. ” continues the post.

Authentication

Authentication Libraries Phishing Security

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

The following schema is an effort to present in a single high-level diagram the workflow of the most popular Latin American trojans. Next, an email template used by Javali to lure victims is presented. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. MSI file – The Javali Dropper.

Libraries

Libraries Communications Phishing Encryption

Malicious Clicker apps in Google Play have 20M+ installs

Security Affairs

OCTOBER 24, 2022

Security researchers at McAfee have discovered 16 malicious clicker apps available in the official Google Play store that were installed more than 20 million times. All 16 Clicker apps reported by McAfee experts have been removed from Google Play, the security firm also shared. out of 5 stars. ” concludes the report.

Libraries

Libraries Personal data Cloud Security

OpenAI: A Redis bug caused a recent ChatGPT data exposure incident

Security Affairs

MARCH 26, 2023

On Friday, OpenAI revealed that the recent exposure of users’ personal information and chat titles in its chatbot service was caused by a bug in the Redis open-source library. we had a significant issue in ChatGPT due to a bug in an open source library, for which a fix has now been released and we have just finished validating.

Libraries

Libraries IT Security Data breaches

e-Records 2020 Call for Presentations

The Texas Record

AUGUST 20, 2020

This event is organized by the Texas State Library and Archives Commission (TSLAC) and co-sponsored with the Texas Department of Information Resources (DIR) to promote electronic records management in Texas government. TSLAC and DIR are looking for learner-focused presentations designed to engage virtual audiences.

Records Management

Records Management Communications Government Libraries

Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns

Security Affairs

JANUARY 5, 2022

Microsoft is warning of continuing attempts by nation-state actors and cybercriminals to exploit recently discovered vulnerabilities in the Apache Log4j library to deploy malware on vulnerable systems. The post Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns appeared first on Security Affairs.

Libraries

Libraries Mining IT Security

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. ” The researcher presented his findings in a speech at the OPCDE virtual cybersecurity summit. ” reads a blog post published by Guerrero-Saade. Pierluigi Paganini.

Libraries

Libraries Cybersecurity Access IT

Backdoored pirated applications targets Apple macOS users

Security Affairs

JANUARY 21, 2024

Each pirated application included the following components: Malicious dylib , a library loaded by the application that acts as a dropper. “ Upon executing the FinalShell.dmg application, the dylib library loads the backdoor “bd.log” and the downloader “fl01.log” log” from a remote server.

Libraries

Libraries IT Information Security Security

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Security Affairs

MARCH 3, 2020

The Kimsuky APT group has been analyzed by several security teams. The “ AutoUpdate.dll” library then gains persistence by setting the following registry key “ HKCUSoftwareMicrosoftWindowsCurrentVersionRunOnceWindowsDefender ”. In the following tables are presented some information about the two DLLs extracted.

IT

IT File names Libraries Communications

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. CERT-FR’s alert states that the Pysa ransomware code based on public Python libraries. ” The code responsible for creating these files has not yet been identified.

Ransomware

Ransomware Government Encryption Passwords

Mockingjay process injection technique allows EDR bypass

Security Affairs

JUNE 27, 2023

Mockingjay is a new process injection technique that can be exploited to bypass security solutions to execute malware on compromised systems. A new process injection technique dubbed Mockingjay can be exploited by attackers to bypass security controls and gain unauthorized access to compromised systems. ” concludes the report.

Libraries

Libraries Security Access IT

ESET analyzes Turla APT’s usage of weaponized PowerShell

Security Affairs

JUNE 2, 2019

. “To confound detection, its operators recently started using PowerShell scripts that provide direct, in- memory loading and execution of malware executables and libraries. The PowerShell scripts used by Turla in recent attacks allow direct, in-memory loading and execution of malicious executables and libraries avoiding detection.

Libraries

Libraries Security Cloud Cybersecurity

Malicious file analysis – Example 01

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. Some files are more used in attacks.

Libraries

Libraries Metadata Education Security

Lazarus APT employed an exploit in a Dell firmware driver in recent attacks

Security Affairs

OCTOBER 4, 2022

ESET experts presented their findings at this year’s Virus Bulletin conference highlighting the use of vulnerable drivers in the attack chain, defining the technique as Bring Your Own Vulnerable Driver (BYOVD). The library modify kernel variables and remove kernel callbacks in the attempt to disable the features. Pierluigi Paganini.

Libraries

Libraries Phishing Security IT

French telephone operator La Poste Mobile suffered a ransomware attack

Security Affairs

JULY 10, 2022

On the other hand, it is possible that files present in the computers of La Poste Mobile employees have been affected. Recent incidents attributed to the group include attacks on a Foxconn factory, a Canadian fighter jet training company, and a popular German library service. “Our IT teams are currently diagnosing the situation.

Ransomware

Ransomware Personal data Libraries Phishing

September 2018 Security Notes address a total of 14 flaws in SAP products

Security Affairs

SEPTEMBER 12, 2018

SAP today just released the September 2018 set of Security Notes that address a total of 14 flaws in its products, including a critical flaw in SAP Business Client. The September 2018 Security Patch Day includes other 13 Security Notes, three were rated High severity, 9 Medium risk, and 1 Low severity. Pierluigi Paganini.

Security

Security Financial Services Libraries Authentication

GoFetch side-channel attack against Apple systems allows secret keys extraction

Security Affairs

MARCH 25, 2024

Researchers explained that DMPs are present in many Apple CPUs, the researchers demonstrated how to extract keys from OpenSSL Diffie-Hellman, Go RSA, as well as CRYSTALS Kyber and Dilithium. Developers of cryptographic libraries can either set the DOIT bit and DIT bit bits, which disable the DMP on some CPUs.”

Libraries

Libraries Paper Access Security

macOS: Bashed Apples of Shlayer and Bundlore

Security Affairs

JULY 14, 2021

These malware are the most predominant malware in macOS, also with a history of evading and bypassing the built-in Xprotect, Gatekeeper, Notarization and File Quarantine security features of macOS. SQLite is a transactional SQL database engine present in macOS generally used to create databases that can be transported across machines.

Encryption

Encryption Passwords Libraries Security

Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access

Security Affairs

AUGUST 26, 2022

The Log4Shell flaw ( CVE-2021-44228 ) made the headlines in December after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability ( aka Log4Shell ) that affects the Apache Log4j Java-based logging library. Pierluigi Paganini.

Access

Access Libraries Communications Government

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Security Affairs

JULY 9, 2022

The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file. The post Ongoing Raspberry Robin campaign leverages compromised QNAP devices appeared first on Security Affairs.

Manufacturing

Manufacturing Libraries Communications IT

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

The Last Watchdog

MARCH 29, 2022

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. By no means has the cybersecurity community been blind to the complex security challenges spinning out of digital transformation. Log4j, for instance, is a ubiquitous logging library.

Security

Security Cloud Digital transformation Cybersecurity

UNC2565 threat actors continue to improve the GOOTLOADER malware

Security Affairs

JANUARY 29, 2023

Upon visiting the website, the victim will notice that it is presented as an online forum directly answering his query. This is a trojanized JavaScript library containing an obfuscated JScript file, which will ultimately execute GOOTLOADER.POWERSHELL. This forum hosted a ZIP archive that contains the malicious.js file inside.

Libraries

Libraries Archiving Ransomware IT

75% of medical infusion pumps affected by known vulnerabilities

Security Affairs

MARCH 3, 2022

. “We reviewed crowdsourced data from scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations using IoT Security for Healthcare from Palo Alto Networks.” The post 75% of medical infusion pumps affected by known vulnerabilities appeared first on Security Affairs.

IoT

IoT Risk Libraries Security

e-Records 2021 Call for Presentations

The Texas Record

JULY 12, 2021

This event is organized by the Texas State Library and Archives Commission (TSLAC) and co-sponsored with the Texas Department of Information Resources (DIR) to promote electronic records management in Texas government. TSLAC and DIR are looking for learner-focused presentations designed to engage virtual audiences.

Records Management

Records Management Government Communications Libraries

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

Security Affairs

OCTOBER 5, 2022

The experts also discovered that the libraries bundled with the malicious Tor Browser is infected with spyware. “More importantly, one of the libraries bundled with the malicious Tor Browser is infected with spyware that collects various personal data and sends it to a command and control server. “The file freebl3.dll

Libraries

Libraries Personal data Passwords Cloud

FIN6 recently expanded operations to target eCommerce sites

Security Affairs

AUGUST 31, 2019

Once clicked, the URL displayed the message, ‘Online preview is not available,’ then presented a second URL leading to a compromised or rogue domain, where the victim could download the payload under the guise of a job description.” The post FIN6 recently expanded operations to target eCommerce sites appeared first on Security Affairs.

Retail

Retail Libraries Sales Phishing

Bugs in open-source libraries impact 70% of modern software

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Webinars

Trending Sources

Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2

Webinars

Google discloses a severe flaw in widely used Libgcrypt encryption library

Experts disclosed a 22-year-old bug in popular SQLite Database library

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

Duo Labs presents CRXcavator Service that analyzes Chrome Extensions

Expert found a backdoor in XZ tools used many Linux distributions

Thousands of servers easy to hack due to a LibSSH Flaw

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Experts found critical RCE in Spotify’s Backstage

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

A few binary plating 0-days for Windows

China-linked APT group uses new Macma macOS backdoor version

Experts discovered DLL hijacking issues in Kaspersky and Trend Micro solutions

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

Generative AI: A double-edged sword for application security

KindleDrip exploit – Hacking a Kindle device with a simple email

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Malicious Clicker apps in Google Play have 20M+ installs

OpenAI: A Redis bug caused a recent ChatGPT data exposure incident

e-Records 2020 Call for Presentations

Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Backdoored pirated applications targets Apple macOS users

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

CERT France – Pysa ransomware is targeting local governments

Mockingjay process injection technique allows EDR bypass

ESET analyzes Turla APT’s usage of weaponized PowerShell

Malicious file analysis – Example 01

Lazarus APT employed an exploit in a Dell firmware driver in recent attacks

French telephone operator La Poste Mobile suffered a ransomware attack

September 2018 Security Notes address a total of 14 flaws in SAP products

GoFetch side-channel attack against Apple systems allows secret keys extraction

macOS: Bashed Apples of Shlayer and Bundlore

Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

UNC2565 threat actors continue to improve the GOOTLOADER malware

75% of medical infusion pumps affected by known vulnerabilities

e-Records 2021 Call for Presentations

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

FIN6 recently expanded operations to target eCommerce sites

Stay Connected