Tag Archive for: library

New zero-day exploit for Log4j Java library is an enterprise nightmare

/in


New zero-day exploit for Log4j Java library is an enterprise nightmare

Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to ongoing remote code execution attacks.

Log4j is developed by the Apache Foundation and is widely used by both enterprise apps and cloud services.

Thus, while home users might have moved away from Java (although popular games like Minecraft still use it), anything from enterprise software to web apps and products from Apple, Amazon, Cloudflare, Twitter, and Steam is likely vulnerable to RCE exploits targeting this vulnerability.

Ongoing scans, exploitation of vulnerable systems

The bug, now tracked as CVE-2021-44228 and dubbed Log4Shell or LogJam, is an unauthenticated RCE vulnerability allowing complete system takeover on systems with Log4j 2.0-beta9 up to 2.14.1.

It was reported by Alibaba Cloud’s security team to Apache on November 24. They also revealed that CVE-2021-44228 impacts default configurations of multiple Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and others.

After the first proof-of-concept exploit was published on GitHub yesterday, threat actors began scanning the Internet [12] for systems vulnerable to this remotely exploitable security flaw that doesn’t require authentication.

Additionally, CERT NZ (New Zealand’s national Computer Emergency Response Team) has issued a security advisory warning of active exploitation in the wild (also confirmed by Coalition Director Of Engineering – Security Tiago Henriques and security expert Kevin Beaumont).

Nextron Systems’ Head of Research Florian Roth has shared a set of YARA rules for detecting CVE-2021-44228 exploitation attempts.

Patch and mitigation available

Apache has released Log4j 2.15.0 to address the maximum severity CVE-2021-44228…

Source…

Ionia Public Schools introduces Words on Wheels Mobile Library

/in


IONIA — What started out as a dream for Ionia Public Schools educators became a reality Thursday with the arrival of the Words on Wheels Mobile Library.  

IPS introduced its  mobile library during the First Thursday on the Bricks July 1 in downtown Ionia. 

The Ionia Area Chamber of Commerce, Ionia Downtown Development Authority and community members were present for the ribbon-cutting ceremony to officially open the mobile library. 

Ionia Public Schools introduced its Words on Wheels Mobile Library during the First Thursday on the Bricks July 1 in downtown Ionia.

The blue bus will travel to different locations in the Ionia area providing free books and activities to the community three days per week. It will be at the following locations: 

Monday: 

  • 9:15-10:30 a.m. — Trailhead Park 
  • 10:45-11:45 a.m. — Jefferson Elementary School 
  • Noon to 1 p.m. — K-2 Summer School – Ionia High School 
  • 1:30-2:45 p.m. — Hale Park 

Thursday:

  • 9:15-10:30 a.m. — 3-5 Summer School – Iona High School 
  • 10:45 a.m. to Noon — Twin Rivers Elementary School 
  • 12:20-1:20 p.m. — Downtown Lyons Library 
  • 1:45-2:45 p.m. — Harper Park 

Friday: 

  • 9:15-10:30 a.m. — Boyce Elementary School Nature Trail 
  • 10:45-11:45 a.m. — Robinson Park 
  • Noon-1 p.m. — Perry Park 
  • 1:30-2:45 p.m. — Fun Forest 

“We hope everybody comes out from babies to adults,” said Christina Frost, a fifth-grade teacher at Rather Elementary School. “We really have enjoyed meeting everybody. All of our books are brand new. You never know what you’re going to find.” 

Christina Frost, fifth grade teacher at Rather Elementary School in Ionia, speaks during the grand opening of the Ionia Public Schools Words on Wheels Mobile Library during the First Thursday on the Bricks July 1 in downtown Ionia.

Jennifer Burns, IPS associate superintendent of Instructional Services, secured the bus and drew up the plan for the mobile library. 

Extra Elementary and Secondary School Emergency Relief Fund dollars from the Coronavirus Aid, Relief and Economic Security Act was used, Frost said. 

“This was a dream of several of ours for many years,” Frost said. 

There will be various activities for the community to participate in, Frost said. IPS is giving away book bucks when people visit the bus and they can be collected and later distributed for prizes. 

Ionia Public Schools introduced its Words on Wheels Mobile Library during the First Thursday on the Bricks July 1 in downtown Ionia.

The COVID-19 pandemic has put kids back about six months in reading, Frost said, adding access to books just wasn’t there. 

“I think it’s just what we need,” Frost said. 

IPS officials worked with Matt Painter,…

Source…

Many Android apps still use a vulnerable Google Play Core library version

/in


Google has always advertised Google Play Store not only as the Android app store but also as a trustworthy and secure source of apps. That security, however, is only as strong as Google Play services itself and when the code behind that becomes open to security exploits, the house can easily come crumbling down. Unfortunately, while Google has already plugged up a recent security hole in its Google Play Core Library, app developers aren’t doing their part and putting their own apps and their users at risk.

The Google Play Core Library, as the name implies, is one of the most basic and most fundamental components of Google’s mobile services that Android apps can use to make developers’ and users’ lives easier. It provides functionalities like downloading additional languages, assets, or features without having to update the app itself from Google Play Store. Pretty much all Android apps in the Play Store make use of these functions, making the Core Library a critical part of any Android app.

Unfortunately, a severe flaw in the Core Library took advantage of that functionality in order to make the library actually execute malicious code. Check Point Research goes into detail about how the exploit works and it is a pretty frightening vulnerability if left unaddressed. Fortunately, Google already patched the Play Core Library last April before the vulnerability was publicly disclosed in August.

Rather than end on that good note, however, the security researchers warn that app developers still haven’t updated to this most recent version of the Google Play Core Library. Unlike server-side fixes where Google does all the work on its end, this kind of fix has to be applied by app developers on their own by updating their apps to use the fixed version of the library. By its last count, they estimate 13% of apps on the Google Play Store haven’t yet.

This basically means that these apps and users are still vulnerable to this security flaw that is now known by security experts and hackers alike. While a few have responded to Check Point’s report and…

Source…

Woburn Public Library events, Dec. 2-8

/in


Stock photo.

Registration is required for library events unless otherwise specified. To sign up, visit https://woburnpubliclibrary.org. The library is open 9 a.m.-9 p.m. Monday-Thursday and 9 a.m.-5:30 p.m. Friday-Saturday. The library is closed for cleaning 1-2 p.m. Mondays, Wednesdays, Fridays and Saturdays, and 4:30-5:30 p.m. Tuesdays and Thursdays.

The robots are here

Want to play with a robot? Come play with one of the library’s new Sphero balls. Drive it, program it, turn it into a disco ball, smash it into a wall — it’s designed to do what you want it to do. An easy beginner entry into the world of robotics, the library’s robotic Sphero balls offer an experiential learning opportunity.

Get your music on

Want to learn to rock those first three guitar chords? Or the harmonica solo from that Dylan song? Or the ukelele from “Over the Rainbow” for your friend’s wedding next year? Take advantage of the library’s free music lessons available through a partnership with ArtistWorks — from piano to French horn to hip hop scratch, with lessons taught by Grammy Award-winning professionals.

Adult events

Story Time for Parents: What is Dialogic Reading: 7-8 p.m. Dec. 8. Learn about Dialogic Reading — what it is, how it supports your child’s language development, increases vocabulary, engagement with books and other pre-literacy skills. Jodi will demonstrate how to incorporate dialogic reading and create a more engaging and interactive reading experience. Limit 20 families.

Source…