Yahoo CISO Alex Stamos refuted claims made by a Louisiana security company that a number of Yahoo servers had been breached by hackers using Bash Bug.Stamos said three Yahoo Sports API servers were infected with malware by hackers looking for webservers vulnerable to the Shellshock vulnerability, but the exploits were not related to Shellshock.
Jonathan Hall, President of the IT consulting firm, Future South Technologies and a security researcher, has affirmed that a group of Romanian hackers used the Shellshock vulnerability to compromise Yahoo servers, which was also confirmed by Yahoo!.Hall said that the cybercriminals used Google search engine to identify vulnerable servers and built a botnet by exploiting the Shellshock flaw.
These attackers had mutated their exploit, likely with the goal of bypassing IDS/IDP or WAF filters, Stamos wrote in a post. This mutation happened to exactly fit a command injection bug in a monitoring script our Sports team was using at that moment to parse and debug their web logs.No other Yahoo servers were compromised, and no user data was accessed, Stamos concluded.
Bash Bug is a remotely exploitable vulnerability that affects Linux and Unix command-line shell (GNU Bourne Again Shell abbreviated as Bash). Discovered by security researcher, Stephane Chazelas at Akamai, the flaw allows users to send commands on Unix and Linux systems by connecting over SSH or telnet. It can also act as CGI scripts parser on a web server.
As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network, we isolated a handful of our impacted servers and at this time we have no evidence of a compromise touser data. As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network, said a Yahoo! said Yahoo spokesperson Elisa Shyu.
The affected API servers are used to provide live game streaming data to our Sports front-end and do not store user data. At this time we have found no evidence that the attackers compromised any other machines or that any user data was affected. This flaw was specific to a small number of machines and has been fixed,yahoo said
Yahoo that got vulnerable to Heartbleed bug putting users at risk and now Bash Bug has made its way deep inside the Yahoo servers.This is funny has how a popular high profile company like yahoo is always vulnerable to these kind of bugs.