what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Saturday, November 22, 2014

NEW WAVE OF ATTACKS, (this post is dedicated to Sys Admins)

I work a lot with huge Banks, several Government agencies, Parastatals, Huge PR firms that are always targets, by Major Blackhat organizations. Mark my words, i have seen all kinds of attacks, and dirt these hackers leave behind.



Since shellshock vulnerability went public i have seen some major bash attacks out of nowhere with hackers launching serious operations in major infrastructures across the globe. Chinese bot herders are also soooo busy getting ELF Binaries on servers especially the ones with Cpanels (commonly used by all Webmasters in Nairobi) due to CGIs that the webmasters left hanging behind. Funny thing is that Sys Admins don't listen, now a lot of them have learned these lessons the hard way.

Now apart from the Chinese Bot herders, Hacktivists and Organized Criminals, there is a wave of operatives literally targeting infrastructure that might have Sensitive Codes, Sensitive Documents, Website Backups + Their Web Databases, Email Addresses and then uploading to compromised servers or even 0wn3d CNCs and after using Shellshock vulnerabilities (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187)

The way these attacks are running, it seems like some spy organizations, well funded, well organized, has a lot of time in their hands are ready to collect intelligence from unsuspecting infrastructures.

Its real important that Admins get to patch up their machines, in time. Such a huge flaw that affects every application that executes bash from Postfix to Apache to Nginx is Critical and can cause huge Business Impact.

No comments: