Final Update: I thought I would post one more update to this, as of the middle of April 2015 an analysis of the same malware indicated almost all AV instances picking it up and identifying it as a Cryptowall variant. In addition, it should be noted that after I contact Read more…
A while ago I had put together a quick script to check files in a web directory for possible web shells. I was in a training class and looking for my information on this last week and it seems I've lost it. As such, it's time to put it up again Read more…
The released script will take a given log directory, normally your website log directory, and search it for attempts to exploit the server using the recently released GNU Bourne Again Shell (bash) vulnerability also known as Shell Shock. Once it identifies these entries, it will output them into a separate Read more…
A few days ago I posted about a nasty vulnerability pertaining to GNU Bourne Again Shell, otherwise known as bash, The vulnerabilities still exist in unpatched systems and the scope of what could be affected is still expanding. The good news is a few vendors have provided updates clarifying that Read more…
UPDATED: 09/26/2014 – 01:14 EST – Added vulnerability validation code This exploit may have bigger holes than even the Bat Cave. CVE-2014-6271 (Credit to Stephane Chazelas for discovery) was publicly announced yesterday, September, 24th and some articles are already calling this bug a larger security hole than the recent Heartbleed SSL Read more…
This is sadly not the first time this library has caused significant grief for WordPress CMS sites. The last was back in the fall of 2011 and this latest 0-day is much the same, allowing server based, file level access across sites; possibly even servers depending on configuration. The specific Read more…