Shellshock Intensive Care – Part 2 (Clients)

Update: Apple have now released patches for Bash on the following versions of OS X: Lion v10.7.5, Lion Server v10.7.5, Mountain Lion v10.8.5 and Mavericks v10.9.5. These patches are understood to address vulnerabilities CVE-2014-6271 and CVE-2014-7169, but not CVE-2014-7186 and CVE-2014-7187. These patches are not … Continue reading

Posted in Uncategorized | Comments Off on Shellshock Intensive Care – Part 2 (Clients)

Shellshock Intensive Care – Part I (Servers)

Update: For Oxford University IT Staff, a briefing has been organised for Tuesday at 12.45pm 30/9/2014, book your place here. As the sun has risen on another day of broken bash, we’ve decided to put together a couple of blog … Continue reading

Posted in Uncategorized | Comments Off on Shellshock Intensive Care – Part I (Servers)

Bash ‘Shellshock’ Bug – Now You Can Panic

UPDATE: The initial round of patches to fix CVE-2014-6271 have proven ineffective at fully resolving the issue; a new CVE code has been issued, “CVE-2014-7169“, use this to track news and updates regarding this bug and patch status. Remember Heartbleed? Get ready to … Continue reading

Posted in Apple, Current Threats, General Security, Web Security | Comments Off on Bash ‘Shellshock’ Bug – Now You Can Panic

Google Hacking – Making Use of the All Seeing Eye

You don’t need me to tell you, that the Google search engine is a vast and powerful tool. Or that, Tor aside, it pretty much holds the whole of the Internet in the palm of its hand. What you may not … Continue reading

Posted in General Security | 1 Comment

5 Million Google Accounts Leaked

Details are emerging of a very recent large-scale leak of Google’s account database, centring around their flagship email service Gmail. Google’s official word on the subject can be read here. The credentials were posted to a Russian BitCoin mining forum earlier … Continue reading

Posted in Current Threats, General Security, Google | Comments Off on 5 Million Google Accounts Leaked

Kyle and Stan Malicious Advertising Network

OxCERT have been made aware of malicious adverts, placed on legitimate websites, which redirect to a network of sites that download malware. The malware served is bundled with legitimate applications, it varies based on the user agent and is known to … Continue reading

Posted in Current Threats | Comments Off on Kyle and Stan Malicious Advertising Network

Scam Calls Claiming to be from IT Services

OxCERT have been made aware of scammers, calling from international numbers, claiming to be from “IT Services at 146 Banbury Road”. These calls seem to be in a similar vein to the “Microsoft” scam calls described here: http://www.actionfraud.police.uk/microsoft-reveals-extent-of-phone-scam-june11 Please note, the IT … Continue reading

Posted in Current Threats | Comments Off on Scam Calls Claiming to be from IT Services