Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e.

Libraries 361

Libraries Paper Security Cybersecurity 361

Security Affairs

MARCH 8, 2022

Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including 3 zero-days. Three flaws addressed by the Microsoft March 2022 Patch Tuesday security updates are zero-day issues, and for two of them, CVE-2022-21990 and CVE-2022-24459, public exploits are available.

Libraries 296

Libraries IoT Security Cloud 296

Security Affairs

FEBRUARY 16, 2021

Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users’ secret messages, photos, and videos to remote attackers. Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS versions of the instant messaging app Telegram. ” continues the report.

Access 318

Access Libraries Encryption Security 318

Security Affairs

MAY 7, 2020

Samsung addressed this month a critical 0-click vulnerability that was discovered by security researchers from Google. Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014. system libraries.” or libhwui.so

IT 353

IT Libraries Security Access 353

Security Affairs

NOVEMBER 17, 2020

The analysis of a shellcode requires know-how of which system library and functions will be invoked to help its execution, and depends on the operating system it can be a wide variation of commands from direct calls to an OS functions calls to the hash of the API of certain OS libraries. Video: [link] 2. Slide: [link] 3.

Libraries 311

Libraries IT Security Information Security 311

Security Affairs

FEBRUARY 9, 2022

Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products, including a zero-day bug. As usual, let me suggest reading “ THE FEBRUARY 2022 SECURITY UPDATE REVIEW ” published by the Zero Day Initiative, five of the bugs were addressed through the ZDI program.

Security 246

Security Libraries Access IT 246

Security Affairs

DECEMBER 5, 2021

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 343 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Security 265

Security Healthcare Ransomware Libraries 265

Security Affairs

JULY 31, 2020

IndieFlix is a US-based entertainment company offering a subscription-based online video streaming service that mainly specializes in independent titles, including feature films, shorts, and documentaries. After CyberNews contacted IndieFlix and Amazon Web Services, the bucket has been secured and is no longer accessible.

Access 219

Access Authentication Marketing Security 219

Security Affairs

OCTOBER 1, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Artificial Intelligence 321

Artificial Intelligence Security Ransomware Data breaches 321

Security Affairs

SEPTEMBER 8, 2020

Microsoft September 2020 Patch Tuesday security updates address 129 vulnerabilities, including twenty critical remote code execution issues. ” CVE-2020-1129 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability , which can be exploited to perform code execution if an affected system views a specially crafted image.

Libraries 295

Libraries Security Information Security IT 295

Security Affairs

NOVEMBER 8, 2020

Every week the best security articles from Security Affairs free for you in your email box. Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 288 appeared first on Security Affairs. Pierluigi Paganini.

Security 221

Security Ransomware Data breaches Libraries 221

Security Affairs

OCTOBER 16, 2018

The security passionate Jose Rodriguez has discovered a new passcode bypass bug that could be exploited on the recently released iOS 12.0.1. Keep swiping to the top left corner until VoiceOver tells you that you can select the Photo Library (“Fototeca” in Rodriguez’ video). Tap to select Photo Library.

Access 277

Access Libraries Security IT 277

Security Affairs

OCTOBER 22, 2018

Lilith Wyatt, a security researcher at Cisco Talos, has discovered a critical remote code execution vulnerability ( CVE-2018-4013 ) in the LIVE555 media streaming library that is used by popular media players, including VLC and MPlayer. LIVE555 Streaming Media is a set of open-source C++ libraries maintained by Live Networks Inc.

Libraries 267

Libraries Security IT 267

Security Affairs

FEBRUARY 21, 2019

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. dll library in 2005.

Libraries 279

Libraries Archiving Security IT 279

Security Affairs

JULY 13, 2019

The best news of the week with Security Affairs. Backdoor mechanism found in Ruby strong_password library. UK ICO fines British Airways £183 Million under GDPR over 2018 security breach. Flaw in Zoom video conferencing software lets sites take over webcam on Mac. Kindle Edition. Paper Copy. Once again thank you!

Security 195

Security Libraries Data breaches Ransomware 195

Security Affairs

JUNE 15, 2019

The best news of the week with Security Affairs. Retro video game website Emuparadise suffered a data breach. Google expert disclosed details of an unpatched flaw in SymCrypt library. Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws. A new round of the weekly SecurityAffairs newsletter arrived!

Security 216

Security Metadata Libraries Data breaches 216

Security Affairs

DECEMBER 28, 2023

. “As a result, like with many supply chain libraries, the impact of this vulnerability could be severe if leveraged by threat actors.” ” reads the report published by SonicWall.

Authentication 350

Authentication Libraries Passwords Information Security 350

Security Affairs

SEPTEMBER 14, 2023

The executable is a backdoor that accesses the Linux API and invokes syscalls using the statically linked dietlibc library. “While checking videos on Free Download Manager that are hosted on YouTube, we identified several tutorials demonstrating how to install this software on Linux machines.” ” continues the report.

Cloud 334

Cloud Libraries Passwords IT 334

Security Affairs

FEBRUARY 15, 2019

Security experts at Symantec have discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners. The malicious Monero (XMR) Coinhive cryptomining scripts were delivered leveraging the Google’s legitimate Google Tag Manager (GTM) library. Pierluigi Paganini.

Mining 278

Mining Libraries Analytics Security 278

Security Affairs

OCTOBER 9, 2020

Cisco fixed three high-severity flaws in Webex video conferencing system, Video Surveillance 8000 Series IP Cameras and Identity Services Engine. The most severe of these vulnerabilities is a Remote Code Execution and Denial of Service issue in Cisco’s Video Surveillance 8000 Series IP Cameras. received a CVSS score of 8.8

Authentication 246

Authentication Libraries Access Security 246

Security Affairs

OCTOBER 20, 2018

A security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206 , that affects older versions of the jQuery File Upload plugin since 2010. The jQuery File Upload is a jQuery widget “with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video.”.

File names 277

File names Libraries Security Access 277

Security Affairs

MAY 27, 2022

Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals. Below are a couple of video PoCs of attacks devised by the experts that show GhostTouch attack to answer the phone call and connect the malicious Bluetooth. Redmi 8, and an iPhone SE (2020). Pierluigi Paganini.

Paper 363

Paper Libraries Passwords Authentication 363

Security Affairs

AUGUST 17, 2021

Most of the devices using the platform are video surveillance products such as IP cameras and baby monitors, an attacker could exploit this flaw to eavesdrop audio and video data. and above, please enable AuthKey and DTLS; If using ThroughTek SDK the older versions prior to v3.1.10, please upgrade library to v3.3.1.0

IoT 311

IoT Cloud Libraries Access 311

Security Affairs

APRIL 3, 2021

The popular video game publisher Activision is warning gamers that threat actors are actively disguising a remote-access trojan (RAT) in Duty Cheat cheat tool. On March 1st, the threat actor published a YouTube video advertising the COD Warzone 2020 as an “undetected” cheat and providing detailed instructions on how to use it.

Libraries 266

Libraries Access Security IT 266

Security Affairs

JANUARY 22, 2021

Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that could have allowed an attacker to take over victims’ devices. Realmode Labs reported the flaws to Amazon on October 17 and the company released security updates to address them on December 10, 2020. Pierluigi Paganini.

Authentication 361

Authentication Libraries Phishing Security 361

Security Affairs

JANUARY 27, 2021

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The National Police of Ukraine published a video showing a house search performed by its agents that seized computers, hard drives, and large amounts of money along with gold bars. Pierluigi Paganini. Pierluigi Paganini.

Libraries 338

Libraries Passwords Ransomware IT 338

Security Affairs

SEPTEMBER 12, 2018

Security experts from Trend Micro have spotted a new strain of ransomware involved in attacks in July and August, the malicious code was posing as the Locky ransomware. exe will drop malware components — several C++ and Python libraries and the Python 2.7 When successfully run, the Facture_23100.31.07.2018.exe Pierluigi Paganini.

Ransomware 276

Ransomware Libraries Encryption Archiving 276

Security Affairs

MARCH 18, 2020

The popular online guitar tutoring website TrueFire has suffered a ‘ Magecart ‘ style security breach that might have exposed customers’ personal information and payment card data. TrueFire has over 1 million users, its customer could pay to receive guitar tutorial from a library of over 900 courses and 40,000 video lessons.

Data breaches 312

Data breaches Access Libraries Passwords 312

Security Affairs

JUNE 7, 2019

Once discovered the flaw, the company decided to exploit it to protect the funds, anticipating the hackers and moving them to a secure location. “Today, Komodo were made aware of an issue with one of the libraries used by the Agama wallet, potentially putting some user funds at risk.” security team. . security team.

IT 243

IT Libraries Risk Security 243

The Last Watchdog

JULY 13, 2023

Pittsburgh, PA – July 13, 2023 – Security Journey, a best-in-class application security education company, has today announced an acceleration of its secure coding training platform enhancements. undergraduate computer science programs mandate courses in application security.

Security 189

Security Education Communications Libraries 189

Security Affairs

MARCH 15, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving 275

Archiving Libraries File names Security 275

Security Affairs

OCTOBER 5, 2022

The channel has more than 180,000 subscribers and according to Kaspersky the video with the malicious link had more than 64,000 views at the time of the discovery. The video was posted on January 2022, and according to Kaspersky’s telemetry, the first victims were compromised in March 2022. Pierluigi Paganini.

Libraries 251

Libraries Personal data Passwords Cloud 251

Security Affairs

JANUARY 12, 2024

“As a result, like with many supply chain libraries, the impact of this vulnerability could be severe if leveraged by threat actors.” reads the report published by SonicWall.

Honeypots 360

Honeypots Authentication Libraries Passwords 360

Security Affairs

FEBRUARY 14, 2022

“All uploaded content on video at the request of VOYO is available to users, but unfortunately we will not be able to broadcast live broadcasts and sports matches and upload new and missed content to the video library until further notice.” ” states the company. We can confirm that the National Cyber ??Security

Ransomware 246

Ransomware Libraries Security IT 246

Security Affairs

MARCH 7, 2019

UPnP-enabled devices running outdated software are exposed to a wide range of attacks exploiting known flaws in UPnP libraries. In early 2013, researchers at Rapid7 published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” that evaluated the global exposure of UPnP-enabled network devices.

Libraries 268

Libraries Communications Data collection Security 268

KnowBe4

JULY 19, 2023

KnowBe4 offers the world’s largest library of always-fresh security awareness and compliance training content that includes assessments, interactive training modules, videos, games, posters and newsletters via the KnowBe4 ModStore.

Libraries 98

Libraries Security awareness Compliance Security 98

Security Affairs

JUNE 3, 2019

The security researchers Yuval Avrahami discovered some vulnerabilities in the rkt containter that could be exploited by an attacker to compromise the underlying host when a user executes the ‘ rkt enter’ command into an attacker-controlled pod. rkt is designed to be secure, composable , and standards-based.

Access 244

Access Libraries Security Cybersecurity 244