The released script will take a given log directory, normally your website log directory, and search it for attempts to exploit the server using the recently released GNU Bourne Again Shell (bash) vulnerability also known as Shell Shock. Once it identifies these entries, it will output them into a separate Read more…
A few days ago I posted about a nasty vulnerability pertaining to GNU Bourne Again Shell, otherwise known as bash, The vulnerabilities still exist in unpatched systems and the scope of what could be affected is still expanding. The good news is a few vendors have provided updates clarifying that Read more…
UPDATED: 09/26/2014 – 01:14 EST – Added vulnerability validation code This exploit may have bigger holes than even the Bat Cave. CVE-2014-6271 (Credit to Stephane Chazelas for discovery) was publicly announced yesterday, September, 24th and some articles are already calling this bug a larger security hole than the recent Heartbleed SSL Read more…
This is sadly not the first time this library has caused significant grief for WordPress CMS sites. The last was back in the fall of 2011 and this latest 0-day is much the same, allowing server based, file level access across sites; possibly even servers depending on configuration. The specific Read more…
The short version is that if you get a phone call from an unknown number that rings once and hangs up, do not call it back. Several news outlets have reported on this over the past couple of days and I thought I would do the same since I've actually Read more…