Looking across the threat landscape at cyber-criminals’ go-to attack vectors, we see SQL injection high on the list. But there’s another injection method that also poses a serious threat: command injection.
In late September 2014, a more than 20-year-old vulnerability in the GNU Bash shell, which was widely used on Linux, Solaris and OS X systems, sparked the mobilization of attacks known as Shellshock. This first vulnerability quickly gave way to the disclosure of several additional vulnerabilities affecting the UNIX shell.
Leave a reply
