Shellshock, the vulnerability in the Bourne Again Shell, also known as Bash, is now being actively exploited in network-attached storage or NAS devices, according to a new report from FireEye.
Bash is widely deployed on Linux operating systems, which are found in a wide variety of embedded devices, including NAS appliances. Currently, FireEye is only aware of attacks targeting the products of a single NAS vendor, QNAP, which has already issued a patch. The attacks monitored by FireEye were against universities and research institutes in Korea, Japan and the United States.
Microsoft has introduced pre-release builds of Windows 10 ahead of the operating system’s expected 2015 launch to members of what the company calls the Windows Insider community.
These “insiders,” which includes software developers, technical analysts, corporate IT staff and other likely early adopters of the operating system, can now download Windows 10 Technical Preview, and the Enterprise edition. As with most pre-release software, those who choose to adopt the software early should be prepared for bugs.
ARM is flexing its software muscles with a new platform and operating system for the Internet of things. The company is leveraging the work it has done over the past several years with the mbed hardware and software ecosystem to create the ARM mbed IoT Device Platform, which includes a free operating system for devices powered by systems-on-a-chip.
This platform is based on the vendor’s Cortex-M design and the mbed Device Server to help connect the devices and send the data they generate to the cloud for analysis
U.S. law enforcement officials have caught four hackers that were accused of infiltrating the networks of Microsoft; video game makers Epic Games, Valve and Zombie Studios, and even the U.S. Army, according to the U.S. Department of Justice.
The 18-count indictment charged the hackers with stealing more than $100 million in intellectual property. An FBI-led investigation showed that the hackers employed methods such as SQL injection and the use of stolen usernames and passwords of company employees and their software development partners to gain access to victims’ computers.