Announcement on New Linux ShellShock Vulnerability

Dear value customers,

We were aware of a global BASH vulnerability(known as ShellShock) that affects Linux operating systems in last Friday (2014.09.26). This vulnerability was claimed to enable remote attacker to execute arbitrary code and hence affects performance of the server.

We would like to let you know we taking this issue seriously by taking several actions to enchance and make sure logi-Cloud platform is secured.

Upgrading Servers Patches:

Our servers which using Linux OS in logi-Cloud have been applied of specific security patches to prevent this potential risk immediately. This security upgrade has covered all the applicable application / MAH software in logi-Cloud, and have NO any impact to software or data. Customers are able to access logi-Cloud and the modules as usual.

Log Checks:

We also examined our logs and alerts for signals of attack attempts, and we have not found any attempts. We will keep review our logs and alerts, if we found any suspicous we will block the possible attempts.

Penetration Tests:

We Immediately performed a security penetration test to determine if logi-Cloud were exploitable via this Bash vulnerability. So far, they have not found that the Bash vulnerability is exploitable.

Further Actions:

We will keep monitor vendor security lists and threat feeds for updates and quickly install any new vendor-recommended security patches. There is a risk that this vulnerability could spawn additional attack vectors so it is vital that we stay vigilant.

We will update on this issue as if necessary.

Should you have any inquiries, please feel free to contact us.

#shellshock #logicloud