Special Notice Statement

NOTICE OF “Shellshock/Bash Bug” and Tiny Bank

UNIX operating systems across the country have experienced attacks attributed to the Shellshock or Bash Bug vulnerability. Shellshock allows an attacker to execute arbitrary commands on a target system by injecting information in requests to pass to Bash. This allows attackers to manipulate the application and to execute any command they choose—effectively giving them control over the system.

Another potential malware/computer Trojan has been named “Tiny Banker”. Users’ computers become infected with Tiny Banker by visiting a compromised website, and the malware is downloaded onto users’ computers. When a user attempts to access their financial institution online after being infected with Tiny Banker, a form appears asking for credentials, including credit card, PIN and other personal information. The form looks like it is from the user’s institution; however, it is actually part of the Trojan and is not associated with the banking website. The collected information is then sent to a person with malicious intent.

The Cleveland State Bank has a security program designed to patch, scan and quickly resolve any vulnerabilities mentioned. We will continue to monitor the situation and keep you informed as more information is known. Protecting your personal information is our utmost priority. However, you can help keep your information safe by doing the following:
-Protect your computer with security software
-Keep your computer current with the latest patches and updates
-Make sure your computer is configured securely
-Choose strong passwords, keep them safe, and periodically change them
-Shield your personal information
-Review bank and credit card statements regularly and report any unauthorized transactions Immediately.