Considered a bigger threat than Heartbleed, Shellshock is a bug to be concerned about. It hasn’t been in the consumer’s consciousness for very long, but Yahoo appears to be the first business to fall victim to it. Yahoo recently announced that three of its servers had been breached by hackers via Shellshock.
“A security flaw, called Shellshock, that could expose vulnerabilities in many web servers was identified on September 24. As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network,” said a spokesman for Yahoo. “We isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.”
Image Source: Flickr (Eirik Refsdal)
The attack was detected by security researcher Jonathan Hall who alerted Yahoo to the breach and reported his findings in a blog post on his website Future South.
This is the first known case of a company falling victim to the Shellshock bug since it was identified back in September. Tied to the Bash Unix shell, it is a flaw that can be used to override or bypass environment restrictions in order to execute shell commands. Discovery of the bug prompted Red Hat to issue a set of patches to try and combat it.