On September 26, 2014, the Federal Financial Institutions Examination Counsel (FFIEC) warned financial institutions to quickly address a “Shellshock” vulnerability that  affects a common software tool that is found in many operating systems. The software tool is known as “Bash or Bourne-again Shell” and is found on most UNIX, Linux and Mac OS X operating systems and may also be installed on Windows servers. The “Shellshock” vulnerability could allow an attacker to take over a targeted system and execute malware that would present a material risk to the bank’s system.

For a copy of the FFIEC alert, see here. The FFIEC has also recently launched a webpage on cybersecurity that is a repository for current and future FFIEC-related materials on cybersecurity.