The Shellshock vulnerability, also known as the Bash bug, is a newly discovered security flaw that poses an immediate threat to over half a billion servers and devices worldwide. Bash, found in most versions of the Unix and Linux operating systems as well as in Mac OSX, could allow a hacker to remotely execute commands without authentication, thus enabling an attacker to take over an operating system, access confidential data, or set the stage for future attacks. Read our full coverage.
The map at right shows command & control servers and their IP addresses, with lines to victims. Criminals use C&C servers to manage victims they’ve compromised—a typical botnet scenario.
Get an in-depth analysis of the attack scenarios of the menacing Bash bug and specific recommendations on thwarting the threat.
The Shellshock vulnerability (also known as Bash Bug) will have a
widespread impact for any organization or user that has Bash enabled
on a server, desktop, or device. This includes over 500 million web
servers on the Internet today. Shellshock (CVE-2014-6271 and
CVE-2014-7169) is found in Bash, the dominant shell for Unix and Linux
(default), and can also be found in Mac OS X, some Windows server
deployments, and even Android. It enables remote code injection of
arbitrary commands without authentication, which can then allow
malicious code execution that could be used to take over an operating
system, access confidential data, or set the stage for future attacks.
In this webinar, JD Sherry, Trend Micro VP of Technology &
Solutions, and Steve Neville, Trend Micro Director of Cloud & Data
Center will be talking about the security implications of the
Shellshock vulnerability to affected systems.
Register for the webinar
With the discovery of the Shellshock vulnerability comes several risks that users, both in the enterprise and consumer spaces, need to be aware of. We break down Shellshock—what it is, what is involved, and how to defend against it—into a series of digestible blogs.
Get a streamlined overview of Shellshock and its repercussions to security. The following resources give you everything you need to know about the threat in a glance.
The US National Vulnerability Database rated the threat 10/10 in severity. How can the biggest exploit since Heartbleed reach your computer? And how can you shield yourself from it? Learn what our experts suggest.
Learn about the bug, it's impact, and what you can do to protect yourself in this video.