Bash Vulnerability CVE-2014-6271 – Worm-able and Possibly Worse Than Heartbleed

Post Updated 9/30/2014

Several months ago, the Internet was put to a halt when the Heartbleed vulnerability was disclosed. Webservers, devices, and essentially anything running SSL were affected; as a result, attackers were able to collect passwords, free of charge.

With Heartbleed, the exploit made a splash and many attackers started to use the vulnerability. One of the more high-profile attacks of Heartbleed was the CHS attack, where the attackers siphoned 4.5 million patient records by attacking a Juniper device, then hopping onto their VPN.

So how can something be bigger than Heartbleed? I’m glad you asked.

‘Shellshock’ Bash Bug Impacts Basically Everything, Exploits Appear In Wild

Posted On September 25, 2014 By Cofense In Cofense News /

darkreading_logo PhishMe Senior Researcher Ronnie Tokazowski discusses the recent Bashbug vulnerability in this Dark Reading article.

Researchers analyze phishing campaign spreading ‘vawtrak’ malware

Posted On September 11, 2014 By Cofense In Cofense News /

sc_logo SC magazine discusses recent research from PhishMe that examined phishing emails with malicious PDF attachments.

PDF Exploits: A Deep Dive

Posted On September 8, 2014 By Cofense In Internet Security Awareness, Threat Intelligence /

On Friday, several of our users received phishing emails that contained PDF attachments, and reported these emails through Reporter. The PDF attachment is a slight deviation from the typical zip-with-exe or zip-with-scr; however, it’s still delivering malware to the user.

Phishing continues to be effective, McAfee Labs report shows

Posted On September 8, 2014 By Cofense In Cofense News /

sc_logo In response to a recent report from McAfee labs, PhishMe’s Rohyt Belani discussed how the report’s findings show the importance of encouraging user reporting as a defense against phishing.

5 tips for security behavior management programs

Posted On September 4, 2014 By Cofense In Cofense News /

PhishMe’s Scott Greaux provides advice for organizations looking to establish a security behavior management programs.

Detection

Response

Integrations

Managed Services

Managed Service Providers