News Update Regarding New "Shell Shock Bug"
After publishing my post regarding the cyber threat “Shell Shock Bug” yesterday, I had many people reach out to me including my friend Amanda Pielstick. Amanda currently works for Tenable Network Security (Tenable) which provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Tenable’s family of products includes SecurityCenter Continuous View™ and Nessus®.
Throughout our conversation, my initial thoughts regarding Shell Shock were confirmed as Amanda stated that her company and personal activities had increased significantly that day due to the importance of providing a solution to their clients for this Shell Shock vulnerability. She was also able to provide plugins and solutions that her company had already developed within the last 24 hours that are available to her clients to combat the Shell Shock vulnerability.
Although Shell Shock originally drew comparisons to Heartbleed, we are now seeing that Shell Shock could be an even bigger threat. The Shell Shock vulnerability has the ability to allow hackers to in essence, take over a user’s computer or network. It has been stated that Heartbleed has affected an estimated 500,000 machines and I have read that Shell Shock could affect an estimated 100,000,000 machines. The aftermath of Shell Shock will not happen right away, but over an extended period of time. This vulnerability was found in the program called Bash, which has been around since 1987 and has been installed in more than 70% of all devices and machines (Source). This means that for the last twenty five years, this program has been used with this bug and until the correct plugins are installed on the affected machines, they are still at risk for attack from hackers. Fortunately, many companies are working overtime in order to provide many vulnerability plugins to their customers to correct this issue. Just one of the many companies already providing a solution, Amanda was able to direct me to the plugins that Tenable has already provided their client base along with a live discussion forum that walks you through installing these plugins, answering any questions you may have.
We will continue to update you with further details as this Shell Shock bug continues to unfold and urge you to consider what cyber security practices you have in place that would prevent you from any attacks that could take place in the future.
For more information, please contact me at: cmcintosh@clark-mortenson.com or call me at 877-352-2121.
To get in touch with Amanda at Tenable Network Security, please email her at apielstick@tenable.com or connect with her on LinkedIn.