IT Security Risks
IT Security Risks
Shellshock bash Code Injection Vulnerability, what do you need to do? what is the Risk?
Report from SAMS ISC
Bash Code Injection (Shellshock) Vulnerability (CVE 2014-6271)
Cento OS Bash vulnerability that had been announced in 2014/09/24 How to FIX
How to fix bash code injection flaw on CentOS/RedHat 6x Server
HackerKast Shellshock- September 25, 2014 – WhiteHat Security
SAP GUI Insecure Library Loading Vulnerability
Software: SAP GUI 6.x – 7.x
Critical Level: High
Impact: Possible system access
Solution: Apply the vendor patch
According to various reports, in the past few days a large number of websites created using WordPress have been hacked. . Unconfirmed reports by WPSecurityLock suggest that other PHP-based management systems, such as the Zen Cart eCommerce solution, have also been targeted.
The hacked web pages appear to have been infected with scripts, which not only install malware on users’ systems, but also prevent browsers like Firefox and Google Chrome, which use Google’s Safe Browsing API, from issuing an alert when users try to access the page. When Google’s search bot encounters such a specially crafted page, the page responds by simply returning harmless code. This camouflage strategy takes advantage of the browser switch normally used by developers to return browser specific code to suit functional variations in different browser, such as Internet Explorer and Firefox.
Experts are currently still puzzled over which hole was actually exploited for the large-scale attack. The only thing that seems certain at this point is that the problem didn’t originate in WordPress, because if this was the case considerably more pages would have been infected. It is still unknown which version of wordpress are been attacked.
US-CERT has issued a vulnerability note about a zero-day flaw in the Safari web browser that could be exploited to crash the browser or allow arbitrary code execution.