Cyber Threat Smackdown

World-renowned Identity Theft expert John Sileo returns to the UMass campus on October 22nd with NEW MATERIAL to discuss cyber threats to home and work devices.

Topics include mobile security, phishing, social engineering, intellectual property, and more. Registration is required ‘ visit
Learn how to fight back and defend yourself against these common threats!

If you are unable to attend this event in person, we will be streaming live at

TA14-268A: GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271,CVE-2014-7169)

The US-CERT has issued Shellshock as a critical vulnerability affecting Linux/UNIX operating systems and Apple’s MAC OS X. According to the US-CERT, if exploited, this vulnerability gives attackers the ability to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.

Please read the attached link from the National Cyber Awareness System. Note this vulnerability is getting significant traction in the cyber security circles. Our Intrusion Prevention System (TippingPoint) filters have been updated as of 6:00a this morning, and we’ve been seeing increased activity throughout this morning.

Patches have been released to fix this vulnerability by major Linux vendors for affected versions. Solutions for CVE-2014-6271 do not completely resolve the vulnerability. It is advised to install existing patches and pay attention for updated patches to address CVE-2014-7169.

As of this morning, Apple has not commented on this vulnerability. Although individual workstations are not the primary target, we will keep an eye on this thread as more information becomes available. Please forward to staff who may have responsibility managing Linux-based systems.