HTTP/2 200 cache-control: max-age=900, public content-language: en content-type: text/html; charset=UTF-8 etag: W/"1563375821" expires: Sun, 19 Nov 1978 05:00:00 GMT last-modified: Wed, 17 Jul 2019 15:03:41 GMT link: ; rel="canonical" link: ; rel="shortlink" link: ; rel="revision" server: nginx x-content-type-options: nosniff x-drupal-cache: HIT x-drupal-dynamic-cache: HIT x-frame-options: SAMEORIGIN x-generator: Drupal 8 (https://www.drupal.org) x-pantheon-styx-hostname: styx-fe2-a-d758d5d9b-m9nkz x-styx-req-id: 313fcced-bbd3-43b9-b2eb-c21736c8585b x-ua-compatible: IE=edge via: 1.1 varnish accept-ranges: bytes date: Wed, 17 Jul 2019 17:25:03 GMT via: 1.1 varnish age: 546 x-served-by: cache-mdw17377-MDW, cache-yul8927-YUL x-cache: HIT, HIT x-cache-hits: 1, 1 x-timer: S1563384303.184820,VS0,VE1 vary: Accept-Encoding, Cookie, Cookie, Cookie content-length: 52266 Malicious Python Libraries Discovered on PyPI, Offensive Security Launches the Kali NetHunter App Store, IBM Livestreaming a Panel with Original Apollo 11 Technicians Today, Azul Systems Announces OpenJSSE and Krita 4.2.3 Released | Linux Journal Skip to main content [1]
Synaptic Web News
Malicious Python Libraries Discovered on PyPI, Offensive Security Launches the Kali NetHunter App Store, IBM Livestreaming a Panel with Original Apollo 11 Technicians Today, Azul Systems Announces OpenJSSE and Krita 4.2.3 Released
- Written by: J D
- Category: News
- Hits: 354
News briefs for July 17, 2019.
Malicious Python libraries have been found on the official Python Package Index (PyPI), which contain a hidden backdoor that would activate when installed on Linux systems. According to ZDNet[2], the three packages are named libpeshnx, libpesh and libari, and they "were authored by the same user (named ruri12) and had been available for download from PyPI for almost 20 months, since November 2017, before the packages were discovered earlier this month by security researchers from ReversingLabs. The PyPI team removed the packages on July 9, the same day ReversingLabs notified the PyPI repo maintainers about their findings." In addition, "None of the three packages ever listed a description, so it's impossible to tell what was their purpose. However, PyPI stats showed that the packages were being regularly downloaded, with tens of monthly installations for