Researcher claims Yahoo! servers have been compromised using Shellshock


1000px-Yahoo!_logo.svg

Early reports are indicating that at least two Yahoo! web servers have been hacked through use of the critical Shellshock Bash Bug.

Yahoo! has yet to release an official statement on the matter, however an analysis of the issue has been published by independent security researcher Jonathan Hall. According to Hall, Romanian hackers have used Shellshock to compromise the Yahoo! web servers and explore the company’s network. Hall writes that the attackers appear to be working towards accessing the Yahoo! Games servers, access which could potentially allow them to serve malware to millions of users. In addition to Yahoo!, the researcher also states that the hackers have compromised WinZip.com and Lycos.

As an immediate precaution, Emsisoft recommends that all Yahoo! users change their password as soon as Yahoo! confirms that the breach has been closed – that is, of course, if Hall’s findings are indeed true.

For more information, see the researcher’s statement and technical analysis.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a nice (malware-free) day!

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next