ShellShock / BashBug : Know About it and Be Safe !!

A new critical vulnerability affecting mainly Unix/Linux systems could allow an attacker to

gain control over a targeted computer if exploited, the “easily exploitable” vulnerability affects the GNU

Bourne Again Shell (Bash) a text based command line utility that exists in many versions of Linux and

Unix.

Systems Affected:

  • – Web servers
  • – Unix/Linux Servers and some network appliances
  • – ICS – Industrial Control Systems / Embedded devices
  • – Jail broken/rooted Mobile devices
  • – All systems that utilize GNU bash
  • – PCs

You can test for vulnerable systems by executing:

env testbug='() { :;} echo VULNERABLE’ bash -c “echo Hello from Q-CERT”

If you see “VULNERABLE Hello from Q-CERT”, then it is vulnerable. Alternatively, you can check online by

visiting: http://shellshock.brandonpotter.com/ or http://bashsmash.ccsir.org/

Recommendations:

  • 1. Identify and patch all Unix/Linux based vulnerable systems NOW
  • 2. Upgrading to a new version of bash OR Replace bash with an alternate shell such as zsh
  • 3. Ensure that the Web Application Firewall WAF, IDS/IPS, are up to date with the lates signatures… and are capable of     blocking the threat.
  • 4. Block all unnecessary inbound traffic and unused ports at the firewall
  • 5. Disable advanced functionalities such as CGI-bin if not needed
  • 6. Ensure logging is enabled and actively monitored.

Source : QCERT

Advertisements

5 million alleged Google account credentials leaked

Google account credentials leaked online 2

A database containing nearly million login and passwords for Google accounts has been leaked online on a Russian cyber security internet forum.

A database containing 5 million alleged Google login and password has been leaked online on a Russian cyber security internet forum. The news was spread by online media agencies, including RT.com.

In the cases reported by Russian Internet Giants Mail.ru and Yandex, according to the experts, the majority of the accounts leaked were obsolete or no more active. The company confirmed that their databases were not compromised and claimed that the leaked data was collected over the time through other kind of attacks, like phishing attacks or malware based attack, against the end-users. A similar defense was recently sustained by Apple in the case of the leak of celebrities’ naked photos online, also in that case the company revealed that its iCloud architecture was not compromised and that the users were victim of other form of direct attacks.

source:Pierluigi Paganini

Hackers defaced pakistan.gov.pk

 

pk

Hactivists have decided to play their role in on going political crisis, as a result the official portal of government of Pakistan (Pakistan.gov.pk) has been hacked and defaced by unknown hackers supporting protesters demanding resignation of prime minister Nawaz Shareef.

Hackers  left a deface page along with a message against the government and cracking jokes about government corruption. The PM’s message and profile picture was also change to a cartoon character Shrek.

The deface also shows funny image of Prime minister, his brother Shahbaz Shareef and ex-president Asif Ali Zardari.