Archive for September, 2014

Rewterz Threat Advisory – ‘Shellshock’ Vulnerability in Bash

By now, you may have heard about CVE-2014-6271, also known as the “Shellshock”,  that may affect your organization. It’s rated the maximum CVSS score of 10 for impact and ease of exploitability. The affected software, Bash (the Bourne Again SHell), is present on most Linux, BSD, and Unix-like systems, including Mac OS X. New packages were released today, but further investigation made it clear that the patched version may still be exploitable, and at the very least can be crashed due to a null pointer exception. 

In an effort to keep our customers and the security community informed, we have released this threat advisory. We will continue to keep you informed as more information becomes available. In the meantime, we’ve included some information below.

How to protect?

The most straightforward answer is to deploy the patches that have been released as soon as possible. If you have systems that cannot be patched (for example systems that are End-of-Life), it’s critical that they are protected behind a firewall. A big one. And test whether that firewall is secure.

How can we help?

Rewterz’s Penetration Testing team can assist you with the detection and verification of these issues. We strongly recommend that you test your systems as soon as possible and deploy any necessary mitigations. If you would like some advice on how to handle this situation, our team can help.


Rewterz Releases August’s Threat Intelligence Report on Attacks Targeting Pakistan’s Cyber Space

Karachi, Pakistan – September 16, 2014 – Rewterz, a boutique information security company, today announced the release of the monthly Threat Intelligence Report. Compiled from an advanced intelligence gathering platform that Rewterz has developed to identify cyber attacks in Pakistan.  The report aims to provide the latest analysis of methods used by attackers to compromise data.

“Rewterz Threat Intelligence Platform is made up of numerous attack sensors collecting malicious events all over Pakistan, making it most comprehensive and advanced threat intelligence gathering network in the country.” said Faiz Ahmad Shuja, CEO, Rewterz. “To keep your information safe, you need the most advanced threat intelligence out there. Rewterz has mastered the art of threat intelligence, and are ready to help you fortify the defenses. Through this report, we aim to share and dissipate knowledge about sophisticated threats and advanced attacker practices in use on the Internet today.”

Based on the data collected by Rewterz in August 2014, some of the key findings include:

  • Most number of attacks targeting Pakistan were originated from United States (18%) and Israel (18%) followed by Hungary (14%) and China (12%).
  • Most number of attacks were destined towards port 445 – microsoft-ds (53%) followed by 1433 – ms-sql-s (43%).
  • Microsoft Windows NETAPI Stack Overflow Attack dominates with a total share of 62% of attacks targeting Windows based system in Pakistan’s cyber space.
  • Conficker remains the largest attacking malware targeting Microsoft Windows based computer systems in Pakistan with a total share of 80%.

To view a full copy of the August 2014 Rewterz Threat Intelligence report, please visit: Threat Intelligence Report

 

About Rewterz

Rewterz is a boutique Information Security company, committed to consistently providing world class professional security services. Our strategy revolves around the need to provide round-the-clock quality information security services and solutions to our customers. We maintain this standard through our highly skilled and professional team, and custom-designed, customer-centric services and products.

Rewterz fulfills the need to enhance an IT infrastructure security posture, improve operational efficiency and reduce the costs associated with implementing a comprehensive security strategy. Rewterz helps organizations minimize the potential occurrence and impact of security attack, and with the flexibility to accommodate a variety of security environments, ensures customers the freedom to select best-of-breed solutions.

 

Media Contact

info@rewterz.com
+92 (21) 3520 2996


Copyright © Rewterz. All rights reserved.