Malware June 29, 2021 A Fly on ShellBot’s Wall: The Risk of Publicly Available Cryptocurrency Miners 8 min read - IBM Security X-Force researchers studied the botnet activity of a malware variant that is used by cyber crime groups to illegally mine cryptocurrency. Examining two ShellBot botnets that appeared in attacks honeypots caught, the X-Force team was able to infect…
Software Vulnerabilities August 6, 2020 Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away 5 min read - Shellshock is a bug in the Bash command-line interface shell that has existed for 30 years and was discovered as a significant threat in 2014. Today, Shellshock still remains a threat to enterprise. The threat is certainly less risky…
Threat Intelligence April 4, 2018 2018 IBM X-Force Report: Shellshock Fades, Gozi Rises and Insider Threats Soar 2 min read - The latest IBM X-Force report highlighted threats stemming from misconfigured cloud servers and inadvertent insider negligence and examined malware trends from 2017 that could continue into 2018.
Software Vulnerabilities March 6, 2017 Cheap Shock: Why Shellshock Is Still a Thing 2 min read - Although security researchers discovered Shellshock more than two years ago, it remains popular among fraudsters with basic skill sets and light wallets.
Retail December 22, 2016 Attackers Targeting Retail Are Shopping for Low-Hanging Fruit 2 min read - A recent IBM study revealed that many high-profile attacks against retail companies originate from vulnerabilities classified as low-hanging fruit.
Threat Intelligence October 21, 2016 Researchers Detect Second Wave of Shellshock Attacks Since Two-Year Anniversary 2 min read - Researchers detected an increase in Shellshock attacks — the second wave of activity since the malware celebrated its two-year anniversary in September.
Software Vulnerabilities September 27, 2016 Shellshock Anniversary: Major Security Flaw Still Going Strong 5 min read - As if to celebrate its two-year anniversary, Shellshock, one of the most infamous bugs of 2014, ramped up its activity in September.
Software Vulnerabilities July 14, 2016 Command Injection: A Deadly Needle in the Haystack 2 min read - Command injection attacks may not get a lot of hype, but they can be seriously damaging to an enterprise that isn't careful about its security.
Application Security May 26, 2016 Inside the Mind of a Hacker: Attacking the Shell 4 min read - To better prevent command injection attacks, developers need to learn how to think like a hacker and identify weak points in software.
Banking & Finance February 10, 2016 The New Bank Heist: The Financial Industry’s Top Threats 3 min read - The financial industry is plagued by a few main types of malware and cybercrime attacks, including Shellshock and denial-of-service attacks.