On January 27, 2015, Qualys, Inc., the leading provider of cloud security and compliance solutions, announced that its security research team discovered a vulnerability in the Linux GNU C Library known as (glibc). This vulnerability, called "GHOST (CVE-2015-0235),” allows attackers to remotely take control of a system without having prior knowledge of system credentials. This [...]
On October 14, 2014, three Google researchers announced the details of a vulnerability in the design of SSL version 3 named the POODLE (Passing Oracle On Downgraded Legacy Encryption) vulnerability. This vulnerability affects all implementations of SSLv3.0 protocol, but does not affect the newer encryption mechanism known as TLS (Transport Security Layer). Under the right [...]
On September 24, 2014, the Shellshock bug was discovered, exposing vulnerabilities in Unix and Linux machines. The aftermath of the Shellshock bug has continued to stay in headlines as a wave of new vulnerabilities have emerged.Threatpost’s Michael Mimoso explains that Shellshock has been actively exploited: “Analysis into the vulnerability and Bash behavior once it was [...]
On September 24, 2014, Red Hat, Inc., the software company that provides a version of the Linux Operating System, indicated that its security team discovered a vulnerability in the command line interface functionality known as “Bash” (Bourne-Again Shell). This vulnerability, called “Shellshock,” is believed to pose a larger threat than the Heartbleed vulnerability that was [...]
