#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Bash vulnerability | Breaking Cybersecurity News | The Hacker News

Category — Bash vulnerability
BASHLITE Malware leverages ShellShock Bug to Hijack Devices Running BusyBox

BASHLITE Malware leverages ShellShock Bug to Hijack Devices Running BusyBox

Nov 17, 2014
Cyber criminals are using new malware variants by exploiting GNU Bash vulnerability referred to as ShellShock ( CVE-2014-6271 ) in order to infect embedded devices running BusyBox software, according to a researcher. A new variant of " Bashlite " malware targeting devices running BusyBox software was spotted by the researchers at Trend Micro shortly after the public disclosure of the ShellShock vulnerability. BusyBox provides set of command line utilities that are specifically designed to run in constrained embedded environments. At compile time, different capabilities can be left out, reducing the size of the binaries, and efforts are made to make them memory efficient. This makes the software an excellent candidate for use in consumer electronics devices, which seem to have been the items of interest in this case. The malware variant, detected as ELF_BASHLITE.A (ELF_FLOODER.W) , when executed on victim's machine, scans compromised networks for device
The Bash Vulnerability: How to Protect your Environment

The Bash Vulnerability: How to Protect your Environment

Oct 23, 2014
A recently discovered hole in the security of the Bourne-Again Shell (bash) has the majority of Unix/Linux (including OS X) admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts with environment variables ( this can include network equipment, industrial devices, etc .) Jaime Blasco , AlienVault Labs Director, gives a good explanation of the exploit in this blog post . And, the video below gives you a quick overview of how AlienVault Unified Security Management (USM)  can detect malicious traffic on your network trying to locate and exploit this vulnerability. Basically, this vulnerability allows an attacker to execute shell commands on a server due to an issue in how bash interprets environment variables (such as "cookie", "host", "referrer"). Exploiting this allows an attacker to run shell commands directly. Once they have access to run shell comm
The New Effective Way to Prevent Account Takeovers

The New Effective Way to Prevent Account Takeovers

Sep 04, 2024SaaS Security / Browser Security
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, " Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them " argues that the browser is the primary battleground where account takeover attacks unfold and, thus, where they should be neutralized. The report also provides effective guidance for mitigating the account takeover risk.  Below are some of the key points raised in the report: The Role of the Browser in Account Takeovers According to the report, the SaaS kill chain takes advantage of the fundamental components that are contained within the browser. For account takeover, these include: Executed Web Pages - Attackers can create phishing login pages or use MiTM over legitimate web pages to harve
Apple — Most Mac OS X Users Not Vulnerable to 'Shellshock' Bash Bug

Apple — Most Mac OS X Users Not Vulnerable to 'Shellshock' Bash Bug

Sep 27, 2014
On one hand where more than half of the Internet is considering the Bash vulnerability to be severe, Apple says the vast majority of Mac computer users are not at risk from the recently discovered vulnerability in the Bash command-line interpreter – aka the " Shellshock " bug that could allow hackers to take over an operating system completely. Apple has issued a public statement in response to this issue, assuring its OS X users that most of them are safe from any potential attacks through the ShellShock Vulnerability , which security experts have warned affect operating systems, including Mac's OS X. " The vast majority of OS X users are not at risk to recently reported bash vulnerabilities ," Apple said. " Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unl
cyber security

Infostealers: How Attackers Are Stealing Your Cookies and Bypassing MFA

websitePush SecuritySaaS Security / Offensive Security
Join our webinar for a live demo of infostealer tools, showcasing session cookie theft and session hijacking to compromise MFA-protected M365 accounts and downstream SaaS apps.
Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks

Sep 27, 2014
Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell ( Bash ), dubbed " Shellshock " which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well. BOTNET ATTACK IN THE WILD The bot was discovered by the security researcher with the Twitter handle @yinettesys , who reported it on Github and said it appeared to be remotely controlled by miscreants, which indicates that the vulnerability is already being used maliciously by the hackers. The vulnerability (CVE-2014-6271) , which came to light on Wednesday, affects versions 1.14 through 4.3 of GNU Bash and could become a dangerous threat to Linux/Unix and Apple users if the patches to BASH are not applied to the operating systems. However, the patches for the vulnerabil
Remotely Exploitable 'Bash Shell' Vulnerability Affects Linux, Unix and Apple Mac OS X

Remotely Exploitable 'Bash Shell' Vulnerability Affects Linux, Unix and Apple Mac OS X

Sep 25, 2014
A Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash , aka the GNU Bourne Again Shell , leaving countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals. Earlier today, Stephane Chazelas publicly disclosed the technical details of the remote code execution vulnerability in Bash which affects most of the Linux distributions and servers worldwide. REMOTELY EXPLOITABLE SHELLSHOCK The vulnerability (CVE-2014-6271) affects versions 1.14 through 4.3 of GNU Bash and being named as Bash Bug , and Shellshock by the Security researchers on the Internet discussions. According to the technical details, a hacker could exploit this bash bug to execute shell commands remotely on a target machine using specifically crafted variables. " In many common configurations, this vulnerability is exploitable over the network, " Stephane said. This 22-ye
Expert Insights
Cybersecurity Resources