The Shellshock vulnerability, also known as the Bash bug, is a newly discovered security flaw that poses an immediate threat to over half a billion servers and devices worldwide. Bash, found in most versions of the Unix and Linux operating systems as well as in Mac OSX, could allow a hacker to remotely execute commands without authentication, thus enabling an attacker to take over an operating system, access confidential data, or set the stage for future attacks. Read our full coverage.
The map at right shows command & control servers and their IP addresses, with lines to victims. Criminals use C&C servers to manage victims they’ve compromised—a typical botnet scenario.
Get an in-depth analysis of the attack scenarios of the menacing Bash bug and specific recommendations on thwarting the threat.
Trend Micro has discovered a new Shellshock attack targeting SMTP servers in Taiwan, Germany, the United States, Canada and other countries. If the exploit successfully executes on your server, an IRC bot will download, execute, and then delete itself—and thus escape detection.
TrendLabs' blog post explains:
Get a streamlined overview of Shellshock and its repercussions to security. The following resources give you everything you need to know about the threat at a glance.
Patches for the Shellshock vulnerability are out and deployments are underway, but the bad guys aren't standing still: Attacks have started and are increasing in number. Join our discussion to hear the latest updates, determine your risks, and learn what to expect with future attacks. View the webinar now.
In this webinar, JD Sherry, Trend Micro VP of Technology & Solutions, and Steve Neville, Trend Micro Director of Cloud & Data Center address the security implications of the Shellshock vulnerability to affected systems. View the webinar now.
Learn about web application vulnerabilities like Shellshock and the steps you can take to prevent data breaches. Download the whitepaper now.
With the discovery of the Shellshock vulnerability come several risks that users, both in the enterprise and consumer spaces, need to be aware of. We break down Shellshock—what it is, what is involved, and how to defend against it—into a series of digestible blogs.
The US National Vulnerability Database rated the threat 10/10 in severity. How can the biggest exploit since Heartbleed reach your computer? And how can you shield yourself from it? Learn what our experts suggest.
Learn about the bug, its impact, and what you can do to protect yourself in this video.