Several Yahoo servers exploited

Security researcher Future South Technologies claims that several Yahoo servers were hacked in the past two weeks, most likely using the Shellshock bug. The company found the problem while looking for servers around the net vulnerable to Shellshock. Soon after Yahoo was informed about the breach, it started its own investigation and, reportedly, no user data was stolen. The company also claims that the reason for the breach was not Shellshock.

"As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network," Elisa Shyu, a spokeswoman for Yahoo, said in an e-mail. "We isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data."

"After investigating the situation fully, it turns out that the servers were in fact not affected directly by Shellshock, but by a minor bug in a parsing script," the company added.

Shellshock or Bash bug, is a severe security hole that affects many operating systems including Linux, variations of Unix, and Apple's OSX. The vulnerability allows an attacker to execute code and the same commands as a legitimate user - without authentication. Therefore, the bug could be used to access sensitive information or gain control of the computer.

It is believed that Shellshock can potentially affect millions of vulnerable computers around the world. Several cybercrime groups are already using the bug to take over machines and organise them into a single network that can be used to send out spam or to carry out other attacks.

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules