More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library
While Microsoft patched the issues in June, support for SketchUp appears to remain disabled in Microsoft 365.
Library security covers flaws in shared code components, dependency risks, and patching practices that can expose applications and their users.
Search across headline titles and summaries.
Background for this topic.
A library is a packaged collection of reusable code that an application incorporates rather than implementing itself. Libraries may be maintained internally, obtained from public repositories, or included indirectly through other dependencies. Their security properties therefore become part of the application’s attack surface, often without developers reviewing every function.
Security concerns include vulnerabilities in library code, unsafe defaults, malicious or tampered packages, and abandoned versions that no longer receive fixes. A vulnerable dependency may be exploitable only under specific conditions, so risk assessment should consider the affected code path and exposure rather than version numbers alone. Useful controls include pinning and reviewing dependency versions, verifying package provenance and integrity, tracking direct and transitive dependencies in an inventory such as an SBOM, scanning for known vulnerabilities, and testing updates before deployment. When a flaw is disclosed, maintainers need a process to identify affected applications, apply a compatible update or mitigation, and remove unsupported libraries.
While Microsoft patched the issues in June, support for SketchUp appears to remain disabled in Microsoft 365.
The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. [...]
Institution has contacted National Cyber Security Centre for support
The British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28. [...]
Internet, phone lines, websites, and more went down on Saturday morning The British Library has confirmed to The Register that a "cyber incident" is the cause of a "major" multi-day IT outage.…
The Toronto Public Library (TPL) is warning that many of its online services are offline after suffering a cyberattack over the weekend, on Saturday, October 28. [...]