Security researchers were the first to respond during the Shellshock attacks of 2014. After news of the fatal flaw in the prevalent Bash (Bourne Again Shell)— found in most versions of the Unix and Linux operating systems as well as in Mac OSX —was released, researchers started looking into how it can be used against affected web…
Read MoreOur coverage on the Bash bug vulnerability (more popularly known as “Shellshock”) continues as we spot new developments on Shellshock-related threats and attacks. Here is a list of our stories related to this threat: Shellshock: A Technical Report – this technical brief describes the vulnerability in detail, as well as outlying which platforms are affected….
Read MoreWe have another update regarding Shellshock vulnerability. In a previous blog entry, we mentioned about a DDoS attack against institutions that depicted the gravity of the vulnerability’s real-world impact. Based on our analysis, the backdoor that was used in this DDoS attack is somewhat related to the previous Shellshock exploits we have seen. It appears that…
Read MoreIn the immediate aftermath of the Bash vulnerability known as Shellshock, we have already seen some attacks using it to deliver DDoS malware onto Linux systems. However, given the severity of this vulnerability, it is almost certain that we will see bigger, severer attacks. What are some of the scenarios we could potentially see? Servers Web servers are currently…
Read MoreJust several hours after the news on the bash vulnerability (covered under CVE-2014-7169) broke out, it was reportedly being exploited in the wild already. This vulnerability can allow execution of arbitrary code, thus compromising the security of systems. Some of the possible scenarios that attackers can do range from changing the contents of web server and…
Read More