Another week… another security risk. It seems security risks and companies that get hacked are about as common dirt these days. This week is no different. You may have seen the news already about very serious vulnerability known as “shell shock.” The affected software, Bash (the Bourne Again SHell), is present on most Linux and Unix-like systems, and including some Mac OS operating systems. The risk appears to be most viable on Internet-facing devices that rely on the Bash environment, such as web and mail servers, but could affect many other devices running those operating systems such as storage devices, public wireless hotspots, and other systems on the network. Additionally there is a risk for any DHCP clients that might connect to an at-risk DHCP server, which means you should be careful when connecting an Apple device to a public hotspot. The DHCP server if infected could issue commands that could put client computers at risk. Indicating that exploit could affect routers or even cell phone towers.
Patches have been made available via the official vendor of the Bash application; however, it merits noting that there are currently reports that the available patches do not fully resolve the issue. Yesterday, JMARK’s own network was under attack, but our skilled network admins diminished that threat without any loss of service.
JMARK is monitoring this situation for further developments and risks and will notify clients if the risk continues to increase.
At this time, JMARK recommends that:
- Systems are updated to the latest application versions as they become available
- Host activity is monitored for anomalies
- Updated signatures from IDS/IPS vendors are obtained to protect against known attacks
- Contact us if you feel you might be experiencing issues related to this threat.
We are committed to notifying you and protecting you of any new security threats that may impact your organization. For more information and updates on the Bash Bug, visit https://www.pcicomplianceguide.org/shell-shock-bash-bug-what-we-know/.