Shellshock Makes Banks Easy Target For Fraud, US Regulators Say

Top financial regulators in the U.S. asked banks to update their software immediately to protect against the Shellshock bug, or else face untold losses due to cyber fraud. Shellshock is the most recent security hole found deeply embedded in the world’s computer systems, and experts say it could have a major impact on global cybersecurity.

Shellshock is found in a number of computer operating systems that use Bash, or the Bourne-again shell of Unix. The open-source software is the basis of innumerable computer software systems worldwide, giving it an enormous potential impact on the world’s computer systems.

"The pervasive use of Bash and the potential for this vulnerability to be automated presents a material risk," the Federal Financial Institutions Examinations Council said, according to a Reuters report Friday. The FFIEC operates between the Federal Reserve, the Federal Deposit Insurance Corporation, and a number of other U.S. financial agencies.

The group recommended that banks should quickly identify which of their systems use Bash, and patch them to protect against security threats. They should also look into third-party software to check for security holes.

A number of major tech companies have scrambled to protect against the Shellshock bug, including Apple Inc., Google Inc. and Amazon.com Inc. Apple said a fraction of its customers are at risk, said it was working on an update to protect against any malicious code execution. The Shellshock vulnerability is reportedly worse than the Heartbleed bug that affect two-thirds of websites earlier this year.