Shellshock demo set-up and POC

I’m not sure if everyone has been made aware of this, but a BASH vulnerability has been discovered… /sarcasm

OK, seriously, as everyone has heard by now, “Shellshock” is the new hot topic right now. Since I am one who learns by doing, I decided to give it a go, and see exactly how it works. My first instinct was to see how it works against the SSH protocol (CGI write up is coming soon). Now that I see what it actually is, I see that it would take an extraordinary set of circumstances for it to be a viable method of gaining entry (at least through SSH), but should those circumstances be present in your environment, it could be devastating (So make sure you patch everything up!).

Enumerator PIP install is live

Great news! After collaborating with felux(@sugarstackio) of http://sugarstack.io  in #overflowsec. Im excited that enumerator is now a pip install within python! Woohoo!

More information can be obtained at Enumerator PIP. Give it a once over, its an easy install now.

Thanks felux for all of the hard work, the project is coming along great. Look for more updates in the future.

Home Depot Data Breach

Details are still not clear, but at this point we do suspect there has been a large data breach at The Home Depot.  There is no reason to believe only some stores were effected, and chances are the breach is spread across the companies 2,000+ stores.

Banks are saying they have seen “suspicious” activity so far dating back to April of 2014.  If that is the case, we need to think of the impact this could have.  If you remember back, Target had only been breached for 2-3 weeks and leaked some 40 million credit and debt cards.

Shaws and Star Market Data Breach – What You Need To Know

So yes yet again we are faced with another data breach of a major chain of retail stores. This time it is Shaws and Star Market. These companies are owned by Albertsons.

At this point the details have not been released. It would appear that the Point of Sale (POS) system was probably targeted to steal the customer information.

So what did they get? Allegedly they have Names,Expiration Dates, Card Numbers, Pin Numbers (Unclear), and 3 digit security codes. Customers that shopped at Shaws and Star Markets between June 22 and July 17 should keep a close eye on their bank accounts and report any discrepancies to their financial institutions.

The opinions and thoughts on this blog are those of Overflow Security members, and do not reflect those of our members employers.