Libraries and Video - Information Management Today

A flaw in libcue library impacts GNOME Linux systems

Security Affairs

OCTOBER 10, 2023

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts.

Libraries

Libraries Security IT Access

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Security Affairs

APRIL 2, 2019

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library.

Libraries

Libraries Phishing Security IT

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

.” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. million print materials, 13 million videos, 1.2

Archiving

Archiving Data breaches Passwords File names

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Popular open-source PJSIP library is affected by critical flaws

Security Affairs

MARCH 2, 2022

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library. on February 24, 2022.

Libraries

Libraries Communications Security IT

3CX voice and video conferencing software victim of a supply chain attack

Security Affairs

MARCH 30, 2023

Popular voice and video conferencing software 3CX was the victim of a supply chain attack, SentinelOne researchers reported. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. ” explained 3CX’s CEO Nick Galea.

File names

File names Manufacturing Libraries Cybersecurity

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Security Affairs

SEPTEMBER 3, 2024

These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. ” Cisco Talos identified vulnerabilities in Microsoft macOS applications that could let attackers send emails, record audio, take pictures, or record videos without user knowledge. ” continues the report.

Libraries

Libraries Risk Access Security

Microsoft March 2022 Patch Tuesday updates fix 89 vulnerabilities

Security Affairs

MARCH 8, 2022

Below is the complete list of vulnerabilities addressed by Microsoft: Tag CVE ID CVE Title Severity.NET and Visual Studio CVE-2022-24512.NET NET and Visual Studio Remote Code Execution Vulnerability Important.NET and Visual Studio CVE-2022-24464.NET

Libraries

Libraries IoT Security Cloud

Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2

Security Affairs

NOVEMBER 17, 2020

The analysis of a shellcode requires know-how of which system library and functions will be invoked to help its execution, and depends on the operating system it can be a wide variation of commands from direct calls to an OS functions calls to the hash of the API of certain OS libraries. Video: [link] 2. Slide: [link] 3.

Libraries

Libraries IT Security Information Security

0patch releases free unofficial patches for Windows 0days exploited in the wild

Security Affairs

MARCH 27, 2020

A few days ago, Microsoft warned of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. The vulnerabilities affects the way Windows Adobe Type Manager Library handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.

Libraries

Libraries Risk Security IT

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e. images, audio, and videos).

Libraries

Libraries Paper Security Cybersecurity

Telegram flaw could have allowed access to users secret chats

Security Affairs

FEBRUARY 16, 2021

Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users’ secret messages, photos, and videos to remote attackers. The experts discovered that sending a sticker to a Telegram user could have exposed his secret chats, photos, and videos to remote attackers. ” continues the report.

Access

Access Libraries Encryption Security

Samsung fixes a zero-click issue affecting its phones

Security Affairs

MAY 7, 2020

. “A possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution. The vulnerability resides in the Skia Android graphics library and affects the way Android OS running on Samsung devices handles the custom Qmage image format (.qmg). system libraries.” or libhwui.so

IT

IT Libraries Security Access

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server

Security Affairs

JULY 31, 2020

IndieFlix is a US-based entertainment company offering a subscription-based online video streaming service that mainly specializes in independent titles, including feature films, shorts, and documentaries. Original post at: [link]. The data bucket discovered by CyberNews contains over 90,000 files related to the IndieFlix streaming service.

Access

Access Authentication Marketing Security

Experts warn of critical Zero-Day in Apache OfBiz

Security Affairs

DECEMBER 28, 2023

. “As a result, like with many supply chain libraries, the impact of this vulnerability could be severe if leveraged by threat actors.” ” reads the report published by SonicWall.

Authentication

Authentication Libraries Passwords Information Security

Expert disclosed a new passcode bypass to access photos and contacts on a locked iPhone

Security Affairs

OCTOBER 16, 2018

Keep swiping to the top left corner until VoiceOver tells you that you can select the Photo Library (“Fototeca” in Rodriguez’ video). Tap to select Photo Library. After selecting the Photo Library, iOS will take you back to the message screen, but you’ll see a blank space where the keyboard should be.

Access

Access Libraries Security IT

Microsoft September 2020 Patch Tuesday addresses 129 flaws

Security Affairs

SEPTEMBER 8, 2020

.” CVE-2020-1129 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability , which can be exploited to perform code execution if an affected system views a specially crafted image. Since this vulnerability resides in the codecs library, multiple applications could be affected.

Libraries

Libraries Security Information Security IT

Critical bug in WINRAR affects all versions released in the last 19 years

Security Affairs

FEBRUARY 21, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL The flaw resides in the way an old third-party library, called UNACEV2.DLL, dll library in 2005.

Libraries

Libraries Archiving Security IT

MPlayer and VLC media player affected by critical flaw CVE-2018-4013

Security Affairs

OCTOBER 22, 2018

Lilith Wyatt, a security researcher at Cisco Talos, has discovered a critical remote code execution vulnerability ( CVE-2018-4013 ) in the LIVE555 media streaming library that is used by popular media players, including VLC and MPlayer. LIVE555 Streaming Media is a set of open-source C++ libraries maintained by Live Networks Inc.

Libraries

Libraries Security IT

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Security Affairs

JANUARY 12, 2024

“As a result, like with many supply chain libraries, the impact of this vulnerability could be severe if leveraged by threat actors.” reads the report published by SonicWall.

Honeypots

Honeypots Authentication Libraries Passwords

Free Download Manager backdoored to serve Linux malware for more than 3 years

Security Affairs

SEPTEMBER 14, 2023

The executable is a backdoor that accesses the Linux API and invokes syscalls using the statically linked dietlibc library. “While checking videos on Free Download Manager that are hosted on YouTube, we identified several tutorials demonstrating how to install this software on Linux machines.” ” continues the report.

Cloud

Cloud Libraries Passwords IT

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

The removed apps are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search. “Users may get introduced to these apps through the top free apps lists on the Microsoft Store or through keyword search.

Mining

Mining Libraries Analytics Security

Microsoft February 2022 Patch Tuesday security updates fix a zero-day

Security Affairs

FEBRUARY 9, 2022

It is interesting to note that this month, Microsoft did not address critical vulnerabilities. 50 vulnerabilities are rated Important and one is rated Moderate in severity. Tag CVE ID CVE Title Severity Azure Data Explorer CVE-2022-23256 Azure Data Explorer Spoofing Vulnerability Important Kestrel Web Server CVE-2022-21986.NET

Security

Security Libraries Access IT

[INFOGRAPHIC] KnowBe4’s Content Library by the Numbers

KnowBe4

JULY 19, 2023

KnowBe4 offers the world’s largest library of always-fresh security awareness and compliance training content that includes assessments, interactive training modules, videos, games, posters and newsletters via the KnowBe4 ModStore.

Libraries

Libraries Security awareness Compliance Security

Cisco addresses three high-severity issues in Webex, IP Cameras and ISE

Security Affairs

OCTOBER 9, 2020

Cisco fixed three high-severity flaws in Webex video conferencing system, Video Surveillance 8000 Series IP Cameras and Identity Services Engine. The most severe of these vulnerabilities is a Remote Code Execution and Denial of Service issue in Cisco’s Video Surveillance 8000 Series IP Cameras. received a CVSS score of 8.8

Authentication

Authentication Libraries Access Security

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

Security Affairs

OCTOBER 5, 2022

The channel has more than 180,000 subscribers and according to Kaspersky the video with the malicious link had more than 64,000 views at the time of the discovery. The video was posted on January 2022, and according to Kaspersky’s telemetry, the first victims were compromised in March 2022.

Libraries

Libraries Personal data Passwords Cloud

Activision warns of Call of Duty Cheat tool used to deliver RAT

Security Affairs

APRIL 3, 2021

The popular video game publisher Activision is warning gamers that threat actors are actively disguising a remote-access trojan (RAT) in Duty Cheat cheat tool. On March 1st, the threat actor published a YouTube video advertising the COD Warzone 2020 as an “undetected” cheat and providing detailed instructions on how to use it.

Libraries

Libraries Access Security IT

Kalay cloud platform flaw exposes millions of IoT devices to hack

Security Affairs

AUGUST 17, 2021

Most of the devices using the platform are video surveillance products such as IP cameras and baby monitors, an attacker could exploit this flaw to eavesdrop audio and video data. and above, please enable AuthKey and DTLS; If using ThroughTek SDK the older versions prior to v3.1.10, please upgrade library to v3.3.1.0

IoT

IoT Cloud Libraries Access

New PyLocky Ransomware stands out for anti-machine learning capability

Security Affairs

SEPTEMBER 12, 2018

exe will drop malware components — several C++ and Python libraries and the Python 2.7 Core dynamic-link library (DLL) — along with the main ransomware executable (lockyfud.exe, which was created via PyInstaller ) in C:Users{user}AppDataLocalTempis-{random}.tmp.” When successfully run, the Facture_23100.31.07.2018.exe

Ransomware

Ransomware Libraries Encryption Archiving

Recently fixed WinRAR bug actively exploited in the wild

Security Affairs

MARCH 15, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving

Archiving Libraries File names Security

Thousands of applications affected by a zero-day issue in jQuery File Upload plugin

Security Affairs

OCTOBER 20, 2018

The jQuery File Upload is a jQuery widget “with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video.”. There are a few Youtube videos demonstrating the attack for similar software packages.” wrote the expert. . ” concludes the expert.

File names

File names Libraries Security Access

Unpatched Python Library Affects More Than 300,000 Open Source Projects

eSecurity Planet

SEPTEMBER 22, 2022

Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. Researchers made a video where they gain administrative privileges with the flaw by abusing Spyder IDE, a free and popular open-source environment made in Python.

Libraries

Libraries Archiving Risk Security

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Security Affairs

MARCH 7, 2019

UPnP-enabled devices running outdated software are exposed to a wide range of attacks exploiting known flaws in UPnP libraries. Most of the devices discovered by the expert still use old versions of UPnP libraries that are affected by years old flaws. CVE-2013-0229 , a vulnerability found MiniUPnPd before 1.4,

Libraries

Libraries Communications Data collection Security

Alleged ransomware attack disrupted operations at Slovenia’s Pop TV station

Security Affairs

FEBRUARY 14, 2022

“All uploaded content on video at the request of VOYO is available to users, but unfortunately we will not be able to broadcast live broadcasts and sports matches and upload new and missed content to the video library until further notice.” ” states the company.

Ransomware

Ransomware Libraries Security IT

Cryptocurrency startup Komodo hacks itself to protect its users’ funds from hackers

Security Affairs

JUNE 7, 2019

“Today, Komodo were made aware of an issue with one of the libraries used by the Agama wallet, potentially putting some user funds at risk.” JavaScript library. Once discovered the flaw, the company decided to exploit it to protect the funds, anticipating the hackers and moving them to a secure location. security team.

IT

IT Libraries Risk Security

GhostTouch: how to remotely control touchscreens with EMI

Security Affairs

MAY 27, 2022

Below are a couple of video PoCs of attacks devised by the experts that show GhostTouch attack to answer the phone call and connect the malicious Bluetooth. “In places like a cafe, library, meeting room, or conference lobbies, people might place their smartphone face-down on the table2. Redmi 8, and an iPhone SE (2020).

Paper

Paper Libraries Passwords Authentication

KindleDrip exploit – Hacking a Kindle device with a simple email

Security Affairs

JANUARY 22, 2021

” Once the e-book is sent to a target device, the attacker could have exploited a buffer overflow flaw in the JPEG XR image format library as well as a privilege escalation issue in the “stackdumpd” root process to inject arbitrary commands and run the code as root.

Authentication

Authentication Libraries Phishing Security

TrueFire Guitar tutoring website was hacked, financial data might have been exposed

Security Affairs

MARCH 18, 2020

TrueFire has over 1 million users, its customer could pay to receive guitar tutorial from a library of over 900 courses and 40,000 video lessons. The news of the incident was reported by several websites and forums, such as Guitar.com and Jazzguitar. be , which are regularly visited by guitarists.

Data breaches

Data breaches Access Libraries Passwords

Partnership to Campaign: Green Libraries is growing

CILIP

NOVEMBER 29, 2023

Partnership to Campaign: Green Libraries is growing Global leaders, thinkers, and activists from industry and politics will gather this weekend in Dubai for the first day of COP28 to rethink, reboot, and refocus the climate agenda. The Green Libraries partnership gathered unprecedented momentum during its first year.

Libraries

Libraries Security IT

GoFetch side-channel attack against Apple systems allows secret keys extraction

Security Affairs

MARCH 25, 2024

Developers of cryptographic libraries can either set the DOIT bit and DIT bit bits, which disable the DMP on some CPUs.” ” The experts published a paper that includes details about their study, they also published a video PoC for the attack. ” said the researchers.

Libraries

Libraries Paper Access Security

How Card Skimming Disproportionally Affects Those Most In Need

Krebs on Security

OCTOBER 18, 2022

The Massachusetts SNAP benefits card looks more like a library card than a payment card. Left) A video still showing a couple purchasing almost $1,200 in baby formula using SNAP benefits. Right) A video still of a woman leaving from the CVS in Seat Pleasant. Image: The Baltimore Banner.

Retail

Retail Libraries IT Risk

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

“The miner in resource is the primary miner used, but it also determines if the targeted system has a video card. . “Simultaneous with its attacks, BlackSquid also downloads and executes two XMRig cryptocurrency-mining components.! continues the analysis.

Mining

Mining File names Libraries IT

Approaching AI at the National Library of Scotland

CILIP

AUGUST 6, 2024

Approaching AI at the National Library of Scotland Image of the National Library of Scotland by Magnus Hagdorn, from Flickr Robert Cawston, Director of Digital and Service Transformation, introduces a new AI Statement for the National Library of Scotland.

Libraries

Libraries Artificial Intelligence Metadata Data collection

Preserving Our Libraries’ Digital Collections is Simple, Powerful, and Affordable

Preservica

MARCH 18, 2022

Academic libraries are in the midst of rapid, widespread changes as it shifts into the digital age. Our libraries have been a steady flame for patrons to depend on, not just throughout the pandemic, but throughout history. See how Preservica customers are creating engaging internal and public access.

Libraries

Libraries Digital preservation Archiving e-Discovery

IcedID malware campaign targets Zoom users

Security Affairs

JANUARY 7, 2023

Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware.

Phishing

Phishing Libraries Cybersecurity IT

A flaw in libcue library impacts GNOME Linux systems

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Webinars

Trending Sources

Internet Archive data breach impacted 31M users

Webinars

Popular open-source PJSIP library is affected by critical flaws

3CX voice and video conferencing software victim of a supply chain attack

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Microsoft March 2022 Patch Tuesday updates fix 89 vulnerabilities

Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2

0patch releases free unofficial patches for Windows 0days exploited in the wild

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Telegram flaw could have allowed access to users secret chats

Samsung fixes a zero-click issue affecting its phones

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server

Experts warn of critical Zero-Day in Apache OfBiz

Expert disclosed a new passcode bypass to access photos and contacts on a locked iPhone

Microsoft September 2020 Patch Tuesday addresses 129 flaws

Critical bug in WINRAR affects all versions released in the last 19 years

MPlayer and VLC media player affected by critical flaw CVE-2018-4013

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Free Download Manager backdoored to serve Linux malware for more than 3 years

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Microsoft February 2022 Patch Tuesday security updates fix a zero-day

[INFOGRAPHIC] KnowBe4’s Content Library by the Numbers

Cisco addresses three high-severity issues in Webex, IP Cameras and ISE

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

Activision warns of Call of Duty Cheat tool used to deliver RAT

Kalay cloud platform flaw exposes millions of IoT devices to hack

New PyLocky Ransomware stands out for anti-machine learning capability

Recently fixed WinRAR bug actively exploited in the wild

Thousands of applications affected by a zero-day issue in jQuery File Upload plugin

Unpatched Python Library Affects More Than 300,000 Open Source Projects

Too much UPnP-enabled connected devices still vulnerable to cyber attacks

Alleged ransomware attack disrupted operations at Slovenia’s Pop TV station

Cryptocurrency startup Komodo hacks itself to protect its users’ funds from hackers

GhostTouch: how to remotely control touchscreens with EMI

KindleDrip exploit – Hacking a Kindle device with a simple email

TrueFire Guitar tutoring website was hacked, financial data might have been exposed

Partnership to Campaign: Green Libraries is growing

GoFetch side-channel attack against Apple systems allows secret keys extraction

How Card Skimming Disproportionally Affects Those Most In Need

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Approaching AI at the National Library of Scotland

Preserving Our Libraries’ Digital Collections is Simple, Powerful, and Affordable

IcedID malware campaign targets Zoom users

Stay Connected