shellshock

There are various ways to assess the threat landscape, but it’s what companies think of it that is most important. We decided to pick the top 10 events of 2014 by a single criterion: the popularity of the corresponding stories. And here is what we came up with.

We collected the 10 best tweets related to an IT security event in 2014.

Shellshock bug proved to be “wormable”, and is exploiting the vulnerable network attached devices (by QNAP at least), scanning for more potential victims. While it is not exactly a Christmas

Today’s information technologies are a rather mishmashed system comprised of top-notch innovations interspersed with legacy technologies, some of which have been in use for decades and rarely changed. This “coexistence” of new and old led to the discovery of dramatic bugs that had stayed below the radar for years.

Today’s software packages have become so huge and complex that stacks of patches issued one after the other are increasingly common. This has consequences for system administrators.

Vulnerabilities vary. Some are considered critical, some – less problematic; their severity is determined by a few well-known factors such as ease of exploitability and popularity of software. But, no matter their differences they all require serious attention at a constant level, so that when the next Shellshock-like incident occurs, it won’t take cybersecurity world by surprise.

The recent developments with “big bugs” such as Heartbleed and Shellshock created a global security strain, with many questions emerging. Both bugs were open-source software-related, but indirectly they would constitute a threat to Windows-based infrastructure. In this post we review a few scenarios of an attack on mostly Windows-based network with Linux servers at certain points.

2014 is making its way into Cybersecurity history books with two global-scale software bugs discovered over 6 months. They are obviously not the last ones, and it is actually a good thing.

September’s security news was dominated by three stories: the Home Depot data breach, the Apple celebrity nude photo leak scandal and the Shellshock vulnerability in Bash.

It’s been a day since the BashBug aka Shellshock bug was disclosed. What real damage has been inflicted and who is most in danger?