[CERT-daily] Tageszusammenfassung - 15.09.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-09-2017 18:00 − Freitag 15-09-2017 18:00
Handler:     Olaf Schwarz
Co-Handler:  Stephan Richter

=====================
=        News       =
=====================

∗∗∗ Ten Malicious Libraries Found on PyPI - Python Package Index ∗∗∗
---------------------------------------------
The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python programming language. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/


∗∗∗ Equifax Confirms March Struts Vulnerability Behind Breach ∗∗∗
---------------------------------------------
Equifax divulged on Wednesday that the culprit behind this summers breach of 143 million Americans was an Apache Struts vulnerability, CVE-2017-5638, patched back in March.
---------------------------------------------
http://threatpost.com/equifax-confirms-march-struts-vulnerability-behind-breach/127975/


∗∗∗ VMware Patches Bug That Allows Guest to Execute Code on Host ∗∗∗
---------------------------------------------
Users who run four different types of VMware products, ESXi, vCenter Server, Fusion and Workstation, are being encouraged to update to address a series of vulnerabilities, one critical.
---------------------------------------------
http://threatpost.com/vmware-patches-bug-that-allows-guest-to-execute-code-on-host/127990/


∗∗∗ Yet Another Android Malware Infects Over 4.2 Million Google Play Store Users ∗∗∗
---------------------------------------------
Even after so many efforts by Google, malicious apps somehow managed to fool its Play Stores anti-malware protections and infect people with malicious software. The same happened once again when at least 50 apps managed to make its way onto Google Play Store and were successfully downloaded as many as 4.2 million times—one of the biggest malware outbreaks. Security firm Check Point on
---------------------------------------------
https://thehackernews.com/2017/09/play-store-malware.html


∗∗∗ Google veröffentlicht API zum Malware-Schutz für Android ∗∗∗
---------------------------------------------
Mit der SafetyNet Verify Apps API können Apps überprüfen, ob Android-Endgeräte Google Play Protect verwenden. Auch der Zugriff auf die Scan-Funktion ist über die Schnittstelle möglich.
---------------------------------------------
https://heise.de/-3832697


∗∗∗ Bashware: Windows 10 über Linux-Komponente angreifbar ∗∗∗
---------------------------------------------
Die Sicherheitsfirma Checkpoint hat eine Möglichkeit gefunden, wie man Windows-10-Rechner über die optionalen Linux-Komponenten des Betriebssystems angreifen kann. Allerdings übertreiben die Forscher den Ernst der Lage gehörig.
---------------------------------------------
https://heise.de/-3833695


∗∗∗ Malvertising-Kampagne setzt auf Krypto-Mining in fremden Browsern ∗∗∗
---------------------------------------------
Fremde CPU-Leistung mittels Malware zum Mining von Bitcoins und Co. zu missbrauchen, ist eine altbewährte Strategie. Eine aktuelle Malvertising-Kampagne im osteuropäischen Raum verlegt das Mining per JavaScript direkt in den Webbrowser.
---------------------------------------------
https://heise.de/-3833536



=====================
=    Advisories     =
=====================

∗∗∗ LOYTEC LVIS-3ME ∗∗∗
---------------------------------------------
This advisory contains mitigation details for relative path traversal, insufficient entropy, cross-site scripting and insufficiently protected credentials vulnerabilities within LOYTECs LVIS-3ME HMI touch panel.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01


∗∗∗ VMSA-2017-0015 ∗∗∗
---------------------------------------------
VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0015.html


∗∗∗ USN-3417-1: Libgcrypt vulnerability ∗∗∗
---------------------------------------------
Ubuntu Security Notice USN-3417-1 14th September, 2017 libgcrypt20 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Libgcrypt could be made to expose sensitive information. Software description libgcrypt20 - LGPL Crypto library  Details Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover Curve25519 private keys.
---------------------------------------------
http://www.ubuntu.com/usn/usn-3417-1/


∗∗∗ IBM Security Bulletin: IBM Spectrum Scale Object Protocols functionality is affected by a security vulnerability in Python (CVE-2017-2592) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010471


∗∗∗ IBM Security Bulletin: Open Source Apache PDFBox Vulnerabilities in IBM Content Classification ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg21991021

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily