Representatives from the Chinese side say they think it likely that Chinese President Xi Jinping will attend the G-20 meeting later this month. But in order to reach a trade...China Economyread more
Software engineers straight out of college often make six-figure salaries, not counting equity compensation.Technologyread more
Wall Street, though, is clamoring for a rate cut, with an 85% chance of a move in July and a 61% probability of three reductions by year's end.The Fedread more
The flattening of the yield curve is exuding a bad omen for the stock market if history is any guide.Marketsread more
Hong Kong Chief Executive Carrie Lam announced at a press conference on Saturday that a contentious bill to allow extraditions to mainland China has been put on hold.China Politicsread more
Using MIT's living wage calculator, CNBC Make It mapped out the minimum amount a single parent must earn to meet their basic needs without relying on outside help in every...Earnread more
Stratolaunch, the world's largest airplane, which flew once, is up for sale, sources familiar told CNBC.Investing in Spaceread more
Transparency is key… or is it? With the first-ever non-transparent, actively managed exchange-traded fund receiving approval from the SEC, "ETF Edge" goes straight to the...ETF Edgeread more
Mired in a crisis over its best-selling 737 Max plane, Boeing could hand the spotlight over to its rival Airbus at the Paris Air Show.Airlinesread more
A new update to the Apple Watch called watchOS 6 will notify you if the environment you're in is too loud and could damage your hearing.Technologyread more
Hackers have successful exploited a major security flaw known as the Shellshock bug which has allowed them to hijack an internet server, cyber experts told CNBC.
The Shellshock bug creates a vulnerability in Bash – a software that controls the command prompt on many computers running the Unix operating system – which includes Linux operating systems, Apple OS X and some internet-connected devices such as home routers.
The command prompt is integral to the running of these devices and is behind simple tasks such as opening up an application.
It comes as experts warn that Shellshock has the potential to be more dangerous than the Heartbleed bug discovered in April. Heartbleed was found in OpenSSL software—an encryption service used by around two-thirds of websites to protect information sent to and from web pages – and enabled people to steal an individual's online credentials
Kaspersky Lab researcher Stefan Ortloff told CNBC the security company had identified "malicious attacks" by hackers who had exploited the Shellshock vulnerability to take over a web server. They then used this web server - which is used to host websites - to hijack another one.
Ortloff said this meant the hackers did not leave a trace: "They always use another hacked server to stay anonymous".
The Shellshock bug meant that hackers have the potential to take down more websites through denial-of-service attacks, or target unsuspecting users with malicious viruses, he warned. Kaspersky Lab declined to disclose the servers affected due to client confidentiality.
'Tip of the iceberg'
Other cybersecurity firms have also reported related attacks. London-based Digital Shadows, which tracks cyber-attacks in real time, told CNBC it had noted that the Bash vulnerability was being exploited.
"Many researchers have confirmed that it should be theoretically possible to create a worm that jumps from device to device. The evidence shows this is being exploited already and in an automated way," Digital Shadows CEO, Alistair Paterson, said by email.
Downloading updates – or "patches" - is the way to protect against malicious attacks. Only a handful of developers have released Shellshock-related patches to date, and experts warned that many internet-facing devices might not have regular updates, causing vulnerability to further attacks.
"We have only seen the tip of the iceberg so far," Kasper Lindegaard, head of vulnerability intelligence specialist Secunia, said by email, adding that only the most obvious attack methods had been used so far.
- By CNBC's Arjun Kharpal