Entries with tag computer vulnerabilities.

Bash Vulnerability Affects Millions of Users

A software vulnerability found in Bash could potentially affect as many as 500 million computers according to security researchers. The software component is found in many Linux systems and the Apple Mac OS X operating system. The Shellshock bug can be used to remotely take control of almost any system using Bash, also known as the Bourne-Again Shell. The command prompt is found on Unix computers as well as those operating systems based on Unix, including web servers using Apache. Researchers say this bug is more serious than Heartbleed. Some security firms say they have seen it being used to infect servers with malware and in other cyberattacks. “It’s super simple and every version of Bash is vulnerable,” Josh Bressers, manager of Red Hat product security, told Kaspersky Labs’ ThreatPost. “It’s extremely serious, but you need very specific conditions in place where a remote user would be able to set that environment variable. Thankfully, it’s not common.”  The US Computer Emergency Readiness Team (US-CERT) issued a warning about Shellshock, asking users to immediately update their operating system. (BBC)(The Associated Press)(Reuters)(ThreatPost)

Canadian Man First Arrested for Using Heartbleed Exploit

A Canadian man arrested 15 April 2014 is the first person known to have been arrested for using Heartbleed – a vulnerability in Open SSL encryption – in a data breach. Stephen Arthuro Solis-Reyes, 19, of London, Ontario, is being charged with one count of Unauthorized Use of a Computer and one count of Mischief in Relation to Data after he allegedly stole 900 social insurance numbers and other data from the Canada Revenue Agency, according to the Royal Canadian Mounted Police. Computer equipment in the suspect’s home was seized. No other information was released. Those affected by the theft will be contacted by registered mail, according to the agency, which will also offer free credit protection services and additional security on their accounts. Solis-Reyes, a computer science student attending Western University, is scheduled to appear in an Ottawa court 17 July 2014. (Reuters)(The Associated Press)(PC Mag)

Showing 2 results.