Several Yahoo servers exploited2014-10-07 10:00 by Daniela
Tags: Yahoo, security, hackers, Shellshock
Security researcher Future South Technologies claims that several Yahoo servers were hacked in the past two weeks, most likely using the Shellshock bug. The company found the problem while looking for servers around the net vulnerable to Shellshock. Soon after Yahoo was informed about the breach, it started its own investigation and, reportedly, no user data was stolen. The company also claims that the reason for the breach was not Shellshock.
"As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network," Elisa Shyu, a spokeswoman for Yahoo, said in an e-mail. "We isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data."
"After investigating the situation fully, it turns out that the servers were in fact not affected directly by Shellshock, but by a minor bug in a parsing script," the company added.
Shellshock or Bash bug, is a severe security hole that affects many operating systems including Linux, variations of Unix, and Apple's OSX. The vulnerability allows an attacker to execute code and the same commands as a legitimate user - without authentication. Therefore, the bug could be used to access sensitive information or gain control of the computer.
It is believed that Shellshock can potentially affect millions of vulnerable computers around the world. Several cybercrime groups are already using the bug to take over machines and organise them into a single network that can be used to send out spam or to carry out other attacks.
Read more -here-