Tag

How To

Browsing

Uber had AWS credentials exposed on GitHub. As thousands of other companies do. It has been known for a while that nuggets such as private keys and credentials can be found with the GitHub search functionality or with Google dorks so looking for sensitive information in GitHub repositories is not new. So how can you protect your company’s assets? Check your repositories now There is a great tool that you should use to check for…

Is GHOST dangerous? Yes, it is. GHOST is a high severity vulnerability (CVE-2015–0235) that allows attackers to implement remote code execution (RCE) attack taking complete control of the victim system. It exploits a buffer overflow bug in glibc’s GetHOST functions (hence the name). Fortunately, Linux vendors already have necessary updates available as Qualys company was in touch with them before disclosing vulnerability. How to check if my systems is vulnerable? Linux systems that use versions…

We’ve got a lot of questions about how to protect your server against the shellshock bash vulnerability. Here are the answers. Very Important! Information about a critical vulnerability called Shellshock (or Bash Bug), which allows unauthorised code execution on remote systems, has been disclosed. Your servers and routers could possible be vulnerable. Currently, we are observing distributed scans of various subnets of the internet in search of vulnerable servers and theirs further infection with server…

Well, you probably aware of now-famous bash bug. Damage from it spreads and we have only bad news for you: There is still no working patch. The hotfix for CVE-2014–6271 was immediately bypassed and vulnerability is valid again. It seams the only way to “repair” Bash now is to manually disable import() function in source codes. Even after a valid patch finally appears we’ll be in touch with ShellShock for a long time. Routers, web…