Aug 11, 2024Ravie LakshmananSupply Chain / Software Security Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets. "The legitimate Solana Python API project is known as 'solana-py' on GitHub, but simply … [Read more...] about Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys
Library
Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
Mar 30, 2024NewsroomLinux / Supply Chain Attack Red Hat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of … [Read more...] about Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
Mar 03, 2023Ravie LakshmananEnterprise Security / IoT A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is … [Read more...] about New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 … [Read more...] about 22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
High-Severity RCE Vulnerability Reported in Popular Fastjson Library
Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called "AutoType." It was patched by the project … [Read more...] about High-Severity RCE Vulnerability Reported in Popular Fastjson Library
Ripple20: 19 vulnerabilities in the TCP/IP library
Experts at Israeli company JSOF have discovered 19 zero-day vulnerabilities, some critical, affecting hundreds of millions of Internet of Things (IoT) devices. The worst part is that some devices will never receive updates. All of the vulnerabilities were found in the TCP/IP library of Treck Inc., which the company has been developing for more than two decades. The set of … [Read more...] about Ripple20: 19 vulnerabilities in the TCP/IP library
Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Updated on April 14. Microsoft has issued a warning about two new vulnerabilities in the Adobe Type Manager Library. Moreover, according to their information, some attackers are already exploiting them in targeted attacks. On April 14, Microsoft released security updates that address these vulnerabilities. What is Adobe Type Manager Library and how is it vulnerable There were … [Read more...] about Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Save Over 75% on SitePoint Premium Tech E-Learning Library
Upskill to Your Dream Job with 5,350+ Cutting-Edge Videos & eBooks on Coding, UX Design & More … [Read more...] about Save Over 75% on SitePoint Premium Tech E-Learning Library