Scam of the day – October 9, 2014 – Latest security updates and patches for the Bash virus

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates include important updates for the Bash virus and updates to Google and Google Chrome.  The Bash virus involved not just computer software, but router software and included in today’s updates are security patches for routers.

TIPS

Here are the links to the latest security updates as issued by the Department of Homeland Security:https://www.us-cert.gov/ncas/current-activity/2014/10/07/Google-Releases-Security-Updates-Chrome-and-Chrome-OS   and

https://www.us-cert.gov/ncas/current-activity/2014/10/07/Oracle-Patches-Bash-Vulnerabilities and

https://www.us-cert.gov/ncas/current-activity/2014/10/08/Cisco-Releases-Security-Advisory-ASA

Scam of the day – October 2, 2014 – Important update on Bash bug

On September 27th I warned you about the revelation that there was a bug called Shellshock in the Bash command-line interpreter on many operating systems including Linux, Unix and Apple’s OSX that had just been discovered after more than twenty years.  This bug is simple to exploit and tremendously dangerous since when exploited by hackers, permits the hacker to take over the computers using the infected operating systems.   The Federal Financial Institution Examinations Council (FFIEC) has warned the banking industry that it should take immediate steps to protect itself from this major threat.  Hackers have been busy trying to take advantage of this security flaw by attacking servers using affected operating systems while security experts have been equally as busy trying to create new patches.   A series of security patches have been released just in the last couple of days. It is also important to know that, as individual computer users, your firewall should protect you unless a hacker tricks you through phishing into clicking on a link and download malware to exploit the flaw.

TIPS

For all of us, this is a reminder to never click on a link in an email, text message or social media posting unless you are absolutely sure that it is legitimate.  Too often, what appear to be legitimate communications with emails are phishing scams with malware attached.

Here are links provided by the Department of Homeland Security which in turn have links to the latest security patches issued by Apple and others to deal with this problem.

https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

https://www.us-cert.gov/ncas/current-activity/2014/09/30/Apple-Releases-OS-X-bash-Update-10

Scam of the day – September 27, 2014 – “Shellshock” software bug threatens the Internet

In somewhat of a repeat of the story of the “Heartbleed” bug where a vulnerability that had existed for two years before researchers discovered it and patched it, a new online security problem has just been discovered.  It is a bug that is called Shellshock that affects software called Bash which is an acronym for Bourne-Again Shell which is part of the operating systems of millions of computers and other devices now part of what we call the Internet of Things, such as refrigerators or even your car.  While the Heartbleed bug was bad enough in that it jeopardized your passwords and credit cards, Shellshock has the potential to be much worse in that a hacker could actually use it to take over millions of computers, home security systems, routers, Macintosh computers and smartphones using the Android operating system, such as the Samsung Galaxy and other devices that use the affected operating systems.  To make things worse, while Heartbleed went undiscovered for two years, the Shellshock flaw went undetected for twenty years.

When the flaw was discovered by researcher Stephane Chazelas, security experts immediately went to work to remedy the problem and although it is not completely fixed, the Department of Homeland Security issued an alert earlier this week with links to the security patches that have now been developed.  This threat is a very serious one.  The Department of Homeland Security has ranked the problem as a 10, which is its most serious classification for a security vulnerability.  Complicating it further, the Department of Homeland Security ranks the complexity of the bug as a 1, which means even unsophisticated hackers can easily exploit this problem.

TIPS

This is a problem that I will be monitoring a great deal and you should check with Scamicide on a daily basis to get the latest information you need to safely use all of your Internet connected devices.  For now, I urge you to check out the Department of Homeland Security’s latest alert with links to the now available security patches.  If any of your devices use the Linux/UNIX operating system or the Apple Mac OS X, you should be particularly vigilant in making sure your devices are secure.  Here is a link to the Department of Homeland Security’s latest alert: https://www.us-cert.gov/ncas/alerts/TA14-268A