Apple has released OS X bash Update 1.0 to address vulnerabilities found in the Bourne-again Shell (bash) which could allow a remote attacker to execute arbitrary shell commands.
In late September, advertisements appearing on a host of popular news and entertainment sites began serving up malicious code, infecting some visitors' computers with a backdoor program designed to gather information on their systems and install additional malicious code.
The attack affected visitors to The Jerusalem Post, The Times of Israel, The Hindustan Times, Internet music service Last.fm, and India-focused movie portal Bollywood Hungama, among other popular sites. At the center of the malware campaign: the compromise of San Francisco-based Internet advertising network Zedo, an advertising provider for the sites, whose network was then used to distribute malicious ads.
For ten days, the company investigated multiple malware reports, retracing the attacker's digital footsteps to identify the malicious files and shut the backdoor to its systems.
Over the past few days, Apple, Red Hat, and others have pushed out patches to vulnerabilities in the GNU Bourne Again Shell (bash). The vulnerabilities previously allowed attackers to execute commands remotely on systems that use the command parser under some conditions—including Web servers that use certain configurations of Apache. However, some of the patches made changes that broke from the functionality of the GNU bash code, so now debate continues about how to “un-fork” the patches and better secure bash.
At the same time, the urgency of applying those patches has mounted as more attacks that exploit the weaknesses in bash’s security (dubbed “Shellshock”) have appeared. In addition to the threat first spotted the day after the vulnerability was made public, a number of new attacks have emerged. While some appear to simply be vulnerability scans, there are also new exploit attempts that carry malware or attempt to give the attacker direct remote control of the targeted system.
On Monday, the SANS Technology Institute’s Internet Storm Center (ISC) elevated its INFOcon threat level—a measure of the danger level of current Internet “worms” and other threats based on Internet traffic—to Yellow. This level indicates an attack that poses a minor threat to the Internet’s infrastructure as a whole with potential significant impact on some systems. Johannes Ullrich, Dean of Research at SANS, noted that six exploits based on Shellshock have been recorded by the ISC’s servers and “honeypot” systems. (A honeypot is a virtual or physical computer system set up to entice attackers and record their actions.)
As the largest dedicated security vendor, McAfee’s goal is to help customers and consumers feel secure in the digital world. It’s certainly not simple, and it’s challenging to keep up with the bad guys. One way to do that is to match our adversaries’ aggressive drive to innovate with our own deeper commitment to collaborate with other members of the security industry.
It’s with that in mind that McAfee has joined Fortinet, Palo Alto Networks, and Symantec as cofounders of the Cyber Threat Alliance. The purpose of the alliance is to drive more effective industry-level collaboration on the analysis and eradication of cybersecurity threats, and to deliver stronger protection to individuals and organizations across all industries.
Security vendors already share threat feeds of various kinds. In fact, McAfee currently has more than 50 partners in our security research ecosystem, through which we exchange threat data or consume threat feeds. What’s different about this agreement is that Cyber Threat Alliance members will share fresher, more complete, and more actionable threat data on the complex and subtle aspects of modern threats:
- Zero-day vulnerabilities
- Botnet control server information
- Mobile malware samples
- Indicators of compromise (IoCs) related to targeted attacks
The alliance establishes a simple model through which member organizations can securely and expeditiously share threat data. This data will help members—and their customers—by bringing greater visibility into threats and techniques that they might otherwise lack.
How will this information sharing benefit McAfee customers? Customers will have access to an even broader and fresher collection of threat intelligence to improve protection. By incorporating new threat knowledge into their McAfee security infrastructure, customers will be able to protect their assets sooner and more comprehensively, despite the increasing complexity of threats.
As soon as the sharing mechanisms are in place—we expect them before the end of the year—the shared data will become part of McAfee’s back-end databases and processes that McAfee Global Threat Intelligence (GTI) uses to enhance protection. It will then be visible to all of McAfee’s network and endpoint security products through their integration with McAfee GTI.
We need to understand and be poised to react to the latest complex and multidimensional attacks of today and tomorrow. This alliance provides a critical framework for educating each other on the infrastructure and evolving tactics behind these attacks.
The post McAfee Founds Cyber Threat Alliance With Industry Partners appeared first on McAfee.