eSecurity Planet

SEPTEMBER 22, 2022

Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. See the Top Code Debugging and Code Security Tools. The post Unpatched Python Library Affects More Than 300,000 Open Source Projects appeared first on eSecurityPlanet.

Libraries 95

Libraries Archiving Risk Security 95

Preservica

MARCH 18, 2022

Academic libraries are in the midst of rapid, widespread changes as it shifts into the digital age. Our libraries have been a steady flame for patrons to depend on, not just throughout the pandemic, but throughout history. See how Preservica customers are creating engaging internal and public access.

Libraries 96

Libraries Digital preservation Archiving e-Discovery 96

Security Affairs

MARCH 30, 2023

Popular voice and video conferencing software 3CX was the victim of a supply chain attack, SentinelOne researchers reported. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. ” explained 3CX’s CEO Nick Galea.

File names 98

File names Manufacturing Libraries Cybersecurity 98

Krebs on Security

OCTOBER 10, 2023

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. and iPadOS 17.0.3 in response to active attacks.

Libraries 261

Libraries Authentication Communications Cloud 261

Security Affairs

SEPTEMBER 3, 2024

These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. The researchers analyzed the exploitability of the platform’s permission-based security model, which is based on the Transparency, Consent, and Control ( TCC ) framework. ” continues the report.

Libraries 131

Libraries Risk Access Security 131

Security Affairs

MARCH 27, 2020

A few days ago, Microsoft warned of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. The vulnerabilities affects the way Windows Adobe Type Manager Library handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. See the link for more details.

Libraries 142

Libraries Risk Security IT 142

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e.

Libraries 144

Libraries Paper Security Cybersecurity 144

Security Affairs

MARCH 8, 2022

Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including 3 zero-days. Three flaws addressed by the Microsoft March 2022 Patch Tuesday security updates are zero-day issues, and for two of them, CVE-2022-21990 and CVE-2022-24459, public exploits are available.

Libraries 117

Libraries IoT Security Cloud 117

Security Affairs

FEBRUARY 16, 2021

Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users’ secret messages, photos, and videos to remote attackers. Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS versions of the instant messaging app Telegram. ” continues the report.

Access 126

Access Libraries Encryption Security 126

Security Affairs

MAY 7, 2020

Samsung addressed this month a critical 0-click vulnerability that was discovered by security researchers from Google. Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014. system libraries.” or libhwui.so

IT 141

IT Libraries Security Access 141

Security Affairs

NOVEMBER 17, 2020

The analysis of a shellcode requires know-how of which system library and functions will be invoked to help its execution, and depends on the operating system it can be a wide variation of commands from direct calls to an OS functions calls to the hash of the API of certain OS libraries. Video: [link] 2. Slide: [link] 3.

Libraries 123

Libraries IT Security Information Security 123

The Last Watchdog

MAY 6, 2019

Related: Memory hacking becomes a go-to tactic These attacks are referred to in the security community as “fileless attacks” or “memory attacks.” For a comprehensive drill down, please view the accompanying YouTube video of my full interview with Leichter and Jakab at RSA 2019’s broadcast alley. This all happens very quickly.

Security 153

Security Healthcare Marketing Libraries 153

Security Affairs

FEBRUARY 9, 2022

Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products, including a zero-day bug. As usual, let me suggest reading “ THE FEBRUARY 2022 SECURITY UPDATE REVIEW ” published by the Zero Day Initiative, five of the bugs were addressed through the ZDI program.

Security 98

Security Libraries Access IT 98

Security Affairs

JULY 31, 2020

IndieFlix is a US-based entertainment company offering a subscription-based online video streaming service that mainly specializes in independent titles, including feature films, shorts, and documentaries. After CyberNews contacted IndieFlix and Amazon Web Services, the bucket has been secured and is no longer accessible.

Access 87

Access Authentication Marketing Security 87

Security Affairs

OCTOBER 1, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Artificial Intelligence 127

Artificial Intelligence Security Ransomware Data breaches 127

Security Affairs

SEPTEMBER 8, 2020

Microsoft September 2020 Patch Tuesday security updates address 129 vulnerabilities, including twenty critical remote code execution issues. ” CVE-2020-1129 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability , which can be exploited to perform code execution if an affected system views a specially crafted image.

Libraries 117

Libraries Security Information Security IT 117

Enterprise Software Blog

MARCH 15, 2024

However, the abundance of Blazor component libraries overfilling the market today can make it a bit challenging to select the right one. That’s why I gathered the top 7 Blazor component libraries that match all this, empowering developers to create outstanding user interfaces while saving time and effort.

Libraries 59

Libraries Access IT Authentication 59

Security Affairs

NOVEMBER 8, 2020

Every week the best security articles from Security Affairs free for you in your email box. Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 288 appeared first on Security Affairs. Pierluigi Paganini.

Security 88

Security Ransomware Data breaches Libraries 88

Security Affairs

OCTOBER 16, 2018

The security passionate Jose Rodriguez has discovered a new passcode bypass bug that could be exploited on the recently released iOS 12.0.1. Keep swiping to the top left corner until VoiceOver tells you that you can select the Photo Library (“Fototeca” in Rodriguez’ video). Tap to select Photo Library.

Access 111

Access Libraries Security IT 111

Security Affairs

OCTOBER 22, 2018

Lilith Wyatt, a security researcher at Cisco Talos, has discovered a critical remote code execution vulnerability ( CVE-2018-4013 ) in the LIVE555 media streaming library that is used by popular media players, including VLC and MPlayer. LIVE555 Streaming Media is a set of open-source C++ libraries maintained by Live Networks Inc.

Libraries 106

Libraries Security IT 106

Security Affairs

FEBRUARY 21, 2019

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. dll library in 2005.

Libraries 111

Libraries Archiving Security IT 111

The Last Watchdog

NOVEMBER 20, 2019

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Tech consultancy IDC tells us that global spending on security hardware, software and services is on course to top $103 billion in 2019, up 9.4 percent from 2018.

Libraries 174

Libraries Cloud Cybersecurity Security 174

eSecurity Planet

JUNE 17, 2021

Back in the day, security training was largely reserved for IT security specialists and then extended to include IT personnel in general. These days, all employees need to be well educated in security best practices and good habits if the organization wishes to steer clear of ransomware and malware. Elevate Security.

Cybersecurity 133

Cybersecurity Security awareness Phishing Education 133

Security Affairs

JULY 13, 2019

The best news of the week with Security Affairs. Backdoor mechanism found in Ruby strong_password library. UK ICO fines British Airways £183 Million under GDPR over 2018 security breach. Flaw in Zoom video conferencing software lets sites take over webcam on Mac. Kindle Edition. Paper Copy. Once again thank you!

Security 77

Security Libraries Data breaches Ransomware 77

Security Affairs

JUNE 15, 2019

The best news of the week with Security Affairs. Retro video game website Emuparadise suffered a data breach. Google expert disclosed details of an unpatched flaw in SymCrypt library. Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws. A new round of the weekly SecurityAffairs newsletter arrived!

Security 85

Security Metadata Libraries Data breaches 85

Security Affairs

DECEMBER 28, 2023

. “As a result, like with many supply chain libraries, the impact of this vulnerability could be severe if leveraged by threat actors.” ” reads the report published by SonicWall.

Authentication 139

Authentication Libraries Passwords Information Security 139

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” million print materials, 13 million videos, 1.2 As of September 5, 2024, the Internet Archive held more than 42.1

Archiving 121

Archiving Data breaches Passwords File names 121

Security Affairs

SEPTEMBER 14, 2023

The executable is a backdoor that accesses the Linux API and invokes syscalls using the statically linked dietlibc library. “While checking videos on Free Download Manager that are hosted on YouTube, we identified several tutorials demonstrating how to install this software on Linux machines.” ” continues the report.

Cloud 133

Cloud Libraries Passwords IT 133

Security Affairs

FEBRUARY 15, 2019

Security experts at Symantec have discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners. The malicious Monero (XMR) Coinhive cryptomining scripts were delivered leveraging the Google’s legitimate Google Tag Manager (GTM) library. Pierluigi Paganini.

Mining 111

Mining Libraries Analytics Security 111

Security Affairs

JANUARY 12, 2024

“As a result, like with many supply chain libraries, the impact of this vulnerability could be severe if leveraged by threat actors.” reads the report published by SonicWall.

Honeypots 144

Honeypots Authentication Libraries Passwords 144

Security Affairs

OCTOBER 9, 2020

Cisco fixed three high-severity flaws in Webex video conferencing system, Video Surveillance 8000 Series IP Cameras and Identity Services Engine. The most severe of these vulnerabilities is a Remote Code Execution and Denial of Service issue in Cisco’s Video Surveillance 8000 Series IP Cameras. received a CVSS score of 8.8

Authentication 98

Authentication Libraries Access Security 98

Security Affairs

OCTOBER 20, 2018

A security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206 , that affects older versions of the jQuery File Upload plugin since 2010. The jQuery File Upload is a jQuery widget “with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video.”.

File names 111

File names Libraries Security Access 111

Security Affairs

MAY 27, 2022

Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals. Below are a couple of video PoCs of attacks devised by the experts that show GhostTouch attack to answer the phone call and connect the malicious Bluetooth. Redmi 8, and an iPhone SE (2020). Pierluigi Paganini.

Paper 145

Paper Libraries Passwords Authentication 145

Security Affairs

AUGUST 17, 2021

Most of the devices using the platform are video surveillance products such as IP cameras and baby monitors, an attacker could exploit this flaw to eavesdrop audio and video data. and above, please enable AuthKey and DTLS; If using ThroughTek SDK the older versions prior to v3.1.10, please upgrade library to v3.3.1.0

IoT 123

IoT Cloud Libraries Access 123

The Last Watchdog

SEPTEMBER 30, 2024

Its recognition of INE’s strong performance in enterprise, small business, and global impact for technical training showcases the depth and breadth of INE’s online learning library. By consistently updating and expanding our training modules, we ensure that every course reflects the latest in technology and security practices.

Education 100

Education Cybersecurity Libraries Data science 100

Security Affairs

APRIL 3, 2021

The popular video game publisher Activision is warning gamers that threat actors are actively disguising a remote-access trojan (RAT) in Duty Cheat cheat tool. On March 1st, the threat actor published a YouTube video advertising the COD Warzone 2020 as an “undetected” cheat and providing detailed instructions on how to use it.

Libraries 106

Libraries Access Security IT 106

Security Affairs

JANUARY 22, 2021

Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that could have allowed an attacker to take over victims’ devices. Realmode Labs reported the flaws to Amazon on October 17 and the company released security updates to address them on December 10, 2020. Pierluigi Paganini.

Authentication 144

Authentication Libraries Phishing Security 144