Lessons learned developing Lynis, an open source security auditing tool
If you’ve been involved with information security for more than a decade, you’ve probably heard of Rootkit Hunter or rkhunter, a software whose primary goal is to …
How Shellshock can be exploited over DHCP
Attacks exploiting the Shellshock vulnerability (actually, vulnerabilities) are popping up daily, but while Shellshock attacks on web apps have been the most documented and …
Yahoo says its servers weren’t Shellshocked
After researcher Jonathan Hall’s claims that a group of hackers has been exploiting the Bash Shellshock vulnerability to compromise a number of servers belonging to …
Apple patches Shellshock bug in OS X
Apple has finally released a security update for OS X that will close up the critical remote code execution Shellshock bug found in the GNU Bash UNIX shell. The update …
Bash Shellshock bug: More attacks, more patches
As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it …
Bash “Shellshock” bug: Who needs to worry?
As expected, attackers have begun exploiting the GNU Bash “Shellshock” remote code execution bug (CVE-2014-6271) to compromise systems and infect them with …
Critical Bash bug opens Unix, Linux, OS X systems to attacks
The Bash “shellshock” flaw (CVE-2014-6271) was discovered last week by Unix/Linux specialist Stephane Chazelas, and its existence was made public on Wednesday. It …
Kali NetHunter turns Nexus devices into portable hacking tools
Offensive Security, the security training company behind Kali Linux, the popular Debian-based OS designed for digital forensics and penetration testing, and Kali community …
Linux systems infiltrated and controlled in a DDoS botnet
Akamai Technologies is alerting enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to …
Critical de-anonymization 0-days found in Tails
Tails, the security-focused Debian-based Linux distribution favoured by Edward Snowden, journalists and privacy-minded users around the world, sports a number of critical …
Mayhem malware ropes Linux, UNIX servers into botnets
A new malware that researchers have dubbed Mayhem is being used to target Linux and Unix web servers and has so far compromised over 1,400 Linux and FreeBSD servers around the …
Exploiting wildcards on Linux
DefenseCode released an advisory in which researcher Leon Juranic details security issues related to using wildcards in Unix commands. The topic has been talked about in the …