Shellshock Security Scan and Remediation

Tuesday, September 30, 2014

If you've heard about Shellshock, you likely understand the significant vulnerabilities this bug exploits in Unix BASH shell, by allowing for arbitrary remote code execution and watering hole attacks, among other exposures. Some security experts claim it's potentially worse than Heartbleed, as it impacts vast amount of servers that process huge volumes of Internet traffic, including almost all CGI-based web servers. For example, by this past Friday afternoon (September 26, 2014), there had been over 17,000 attacks on more than 1,800 domains.

While reliable patches are still being developed, as the initial patch did not fully fix the problem, network and system administrators should scan their infrastructure for the existence of Shellshock, and perform remediation measures as soon as possible, which may include, preventing incoming traffic to servers impacted on the network.

Since this is a well-publicized issue, exploitation attempts of this vulnerability have been skyrocketing, making Shellshock security scans and remediation immediate priorities.

If you would like assistance with a Shellshock security scan, and/or Shellshock remediation services, particularly with your publicly exposed network segments, simply email us at to get started.

No comments:

Post a Comment