1. /
  2. Security Response/
  3. Symantec ThreatCon

ThreatCon

The ThreatCon is currently at Level 2: Elevated.

On September 24th, 2014 details of a remotely exploitable vulnerability in Bash were made public. Bash is the shell, or command language interpreter that ships with various distributions of Linux and Unix operating systems. A remote attacker could exploit vulnerable systems by executing arbitrary code via a crafted environment. For users of Linux or Unix distributions, it is advised to install applicable vendor patches as soon as possible.

Debian - https://www.debian.org/security/2014/dsa-3032

Ubuntu - http://www.ubuntu.com/usn/usn-2362-1/

Red Hat - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271

CentOS - http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html

Novell/SUSE - http://support.novell.com/security/cve/CVE-2014-6271.html

Further information:


http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability

http://seclists.org/oss-sec/2014/q3/649

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Symantec ThreatCon Rating

The Symantec ThreatCon rating is a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System.
ThreatCon Level 2
Medium : Increased alertness
This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate, security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. Changes to the security infrastructure are not required.

View ThreatCon Definitions

Symantec DeepSight Threat Management System

Symantec DeepSight Threat Management System tracks security events on a global basis, providing early warning of active attacks. With personalized notification triggers and expert analysis, the system enables enterprises to prioritize IT resources in order to better protect critical information assets against a potential attack. To track security threats, it continuously correlates IDS and firewall attack data from the security systems of over 20,000 partners in over 180 countries, plus virus statistics from the Symantec Digital Immune System and many other human intelligence resources. Experts at Symantec analyze the information to identify active attacks and deliver advanced warning with actionable analyses and countermeasures.
STAR Antimalware Protection Technologies