Security Affairs

MARCH 23, 2020

Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries 336

Libraries Risk Authentication Security 336

WIRED Threat Level

AUGUST 22, 2019

Opinion: Millions of folks filling out the 2020 Census on public library computers also are putting themselves at risk.

Libraries 146

Libraries Risk Security 146

Security Affairs

MARCH 20, 2020

x that fix two XSS vulnerabilities affecting the CKEditor library. x that address two XSS vulnerabilities that affect the CKEditor library. “The Drupal project uses the third-party library CKEditor , which has released a security improvement that is needed to protect some Drupal configurations.”

Libraries 347

Libraries Risk Access Security 347

Security Affairs

JUNE 28, 2022

Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set. “OpenSSL version 3.0.4, Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Libraries 328

Libraries Paper Risk Security 328

Security Affairs

JULY 16, 2024

This issue arises because the GeoTools library API, which GeoServer uses, evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library, allowing arbitrary code execution. GeoServer versions prior to 2.23.6,

IT 328

IT Libraries Cybersecurity Risk 328

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm

Libraries 352

Libraries Authentication Access Risk 352

Security Affairs

AUGUST 28, 2024

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”. “We We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

IT 320

IT Libraries Cybersecurity Risk 320

Data Breach Today

MARCH 17, 2025

Over 23,000 Code Repositories at Risk After Malicious Code Added to GitHub Actions Attackers subverted a widely used tool for software development environment GitHub, potentially allowing them to steal secrets from thousands of private code repositories as well as compromise other widely used "open source libraries, binaries and artifacts" that use (..)

Libraries 232

Libraries Risk 232

CILIP

MARCH 18, 2024

Libraries at Risk: Update CILIP has written to eight councils in the Libraries at Risk Campaign, launched the #DearChancellor campaign on social media, and written a formal letter to Lord Parkinson to initiate dialogue on the future of libraries. View all the #DearChancellor tweets on X (formerly Twitter).

Libraries 81

Libraries Risk Sales Government 81

Security Affairs

DECEMBER 23, 2021

NVIDIA has assessed its products to determine if they are vulnerable to the Log4shell vulnerability in Log4J library. NVIDIA also informed customers that CUDA Toolkit Visual Profiler includes Log4j files, but the good news is that the application is not using the library. “Log4j is included in CUDA Toolkit.

Libraries 294

Libraries IT Risk Security 294

The Last Watchdog

JANUARY 2, 2024

In today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks. Here are some of the key challenges that organizations encounter in their efforts to mitigate cyber risks in the current environment. Improve overall security posture and reduce cyber risks.

Risk 202

Risk Security awareness Education Compliance 202

The Last Watchdog

MARCH 24, 2025

Its a question of how much risk your organization is willing to take, based on the data you must protect and its long-term value. We recommend using Dr. Michele Moscas theorem of quantum risk against an optimistic vs. pessimistic probability analysis. This is where the concern of harvest now, decrypt later attacks apply.

Encryption 130

Encryption Financial Services Risk Libraries 130

Security Affairs

JULY 5, 2024

PanelView Plus devices are human-machine interfaces (HMI) in industrial environments, the exploitation of the flaws can potentially disrupt operations, posing serious risks to organizations relying on these devices. The device has the functionality, through a CIP class, to execute exported functions from libraries. and prior).

Libraries 328

Libraries Communications Cybersecurity Risk 328

Security Affairs

MAY 24, 2021

Compound that with the number of libraries, tools and vendors that are present and can be leveraged in a modern network, and we have a major issue on our hands.” The post 13 flaws in Nagios IT Monitoring Software pose serious risk to orgs appeared first on Security Affairs. Pierluigi Paganini.

Risk 271

Risk IT Authentication Libraries 271

Security Affairs

NOVEMBER 15, 2022

The issue can be exploited by triggering a recently disclosed VM sandbox escape vulnerability (CVE-2022-36067 aka Sandbreak) in the vm2 third-party library. The researchers explained that the template engine utilizes the vm2 library to prevent the execution of untrusted code. ” reads the advisory published by Oxeye.

Libraries 302

Libraries Authentication Paper Risk 302

Security Affairs

SEPTEMBER 14, 2024

Dual-homed CSA configurations with ETH-0 as an internal network, as recommended by Ivanti, are at a significantly reduced risk of exploitation.” is End-of-Life , and no longer receives updates for OS or third-party libraries. Ivanti released a security update for Ivanti CSA 4.6 to address the vulnerability.

Cloud 336

Cloud IT Libraries Cybersecurity 336

CILIP

FEBRUARY 20, 2024

Protect funding for public libraries at risk In this election year it is more important than ever to bring libraries into the public and political spotlight as central government cuts council budgets across the country. The Libraries at Risk Monitor builds on the Know your Rights campaign, which has been running since 2023.

Libraries 79

Libraries Risk Government IT 79

Security Affairs

DECEMBER 11, 2021

Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 ( aka Log4Shell ), in the Apache Log4j Java-based logging library. p0rz9 revealed that the CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups

Libraries 346

Libraries Cloud Access Cybersecurity 346

Security Affairs

APRIL 14, 2020

The two RCE flaws in Windows, tracked as CVE-2020-1020 and CVE-2020-0938 , are related to the Adobe Type Manager Library. In March, Microsoft warned of hackers exploiting the two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries 332

Libraries Authentication Security Risk 332

Security Affairs

SEPTEMBER 7, 2024

This flaw enables attackers to download arbitrary files from the underlying operating system with root privileges, posing a significant security risk. Below are the descriptions for these vulnerabilities: CVE-2021-20123 Draytek VigorConnect Path Traversal Vulnerability: A local file inclusion issue in Draytek VigorConnect 1.6.0-B3

IT 331

IT Libraries Cybersecurity Risk 331

Security Affairs

DECEMBER 1, 2023

Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms. CVE-2023-49103 – The vulnerability resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL.

IT 322

IT Libraries Cybersecurity Passwords 322

Security Affairs

SEPTEMBER 8, 2024

This issue arises because the GeoTools library API, which GeoServer uses, evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library, allowing arbitrary code execution. GeoServer versions prior to 2.23.6,

Libraries 340

Libraries Encryption Cybersecurity Access 340

Security Affairs

JUNE 9, 2019

The SpiService.exe is associated with XFS, the Extension for Financial Services DLL library (MSXFS.dll) that is specifically used by ATMs.” “The library provides a special API for the communication with the ATM’s PIN pad and the cash dispenser.” ” reads the post published by the experts.

Libraries 279

Libraries Communications Financial Services Security 279

Security Affairs

SEPTEMBER 14, 2024

Dual-homed CSA configurations with ETH-0 as an internal network, as recommended by Ivanti, are at a significantly reduced risk of exploitation.” is End-of-Life , and no longer receives updates for OS or third-party libraries. ” Ivanti released a security update for Ivanti CSA 4.6 to address the vulnerability.

Cloud 316

Cloud Libraries Authentication Cybersecurity 316

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers discovered multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions.

Communications 360

Communications Libraries Encryption Passwords 360

CILIP

MARCH 6, 2024

CILIP has previously signalled deep concern over the lack of financial support to Local Authorities and the fact that the recently announced ‘Exceptional Financial Support’ (EFS) package will prompt a ‘fire sale’ of vital assets, including public libraries, in the 19 Councils concerned.

Libraries 85

Libraries Sales Risk Government 85

CILIP

MARCH 1, 2024

Libraries in 19 councils at risk of ‘fire sale’ with new Exceptional Financial Support Framework Image of birmingham library via wikimedia commons CILIP is sounding the alarm over a potential 'fire sale' of library buildings following the Government announcement of 'exceptional financial support' to 19 Councils.

Libraries 88

Libraries Sales Risk Government 88

Security Affairs

OCTOBER 6, 2023

is a buffer overflow issue that resides in the GNU C Library’s dynamic loader ld.so “A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so This could put countless systems at risk, especially given the extensive use of glibc across Linux distributions.” ” concludes the report.

Libraries 320

Libraries Risk Security IT 320

Security Affairs

DECEMBER 14, 2021

US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. beta9 to 2.14.1. . beta9 to 2.14.1.

Libraries 289

Libraries Cybersecurity Security Risk 289

Security Affairs

JUNE 7, 2019

Komodo’s Agama Wallet allows users to store KMD and BTC cryptocurrencies, but the presence of a backdoor posed a serious risk to them. “Today, Komodo were made aware of an issue with one of the libraries used by the Agama wallet, potentially putting some user funds at risk.” JavaScript library.

IT 240

IT Libraries Risk Security 240

Security Affairs

AUGUST 7, 2023

According to the report the ad fraud library used in this campaign implements specific tricks to avoid detection and inspection, such as delaying the initiation of its fraudulent activities. What’s more, all the intricate configurations of this library can be remotely modified and pushed using Firebase Storage or Messaging service.

Libraries 246

Libraries Risk IT Access 246

Security Affairs

JANUARY 22, 2022

The Dutch National Cybersecurity Centre (NCSC) warns organizations of risks associated with cyberattacks exploiting the Log4J vulnerability. ” The risk that cybercriminal groups and nation-state actors could exploit Log4j vulnerabilities in future attacks is still high. Follow me on Twitter: @securityaffairs and Facebook.

Cybersecurity 302

Cybersecurity Ransomware Libraries Risk 302

Security Affairs

NOVEMBER 25, 2022

Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. ” continues the report. that dates back to 2009. .

Libraries 256

Libraries Manufacturing Security Communications 256

Security Affairs

JANUARY 8, 2021

– Nissan internal core mobile library – Nissan/Infiniti NCAR/ICAR services – client acquisition and retention tools – sale / market research tools + data – various marketing tools – the vehicle logistics portal (2/n) — tillie, doer of crime (@antiproprietary) January 4, 2021.

Libraries 313

Libraries Marketing Sales Passwords 313

eSecurity Planet

SEPTEMBER 22, 2022

Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. Indeed the Python module is often used by popular frameworks and applications for machine learning, which increases the risk significantly.

Libraries 113

Libraries Archiving Risk Security 113

Security Affairs

DECEMBER 19, 2021

. “However WebSockets are accompanied by security risks that are largely unseen. While they are useful, they also introduce a fair amount of risk as they do not include many security controls to limit their utilization.” ” states the analysis published by the experts. as soon as possible. .

Communications 302

Communications Risk Libraries Cybersecurity 302