September 29th 2014
What's the issue?
You may have heard about a new security vulnerability called Shellshock. The security hole is severe enough that under certain conditions hackers can take remote control of devices running Linux, such as the routers you have in your office or home. A security update has now been released, but there are so many affected devices worldwide it is believed that it will take years before they are all patched. However, not all devices are susceptible to attack as a number of conditions need to be met in order for hackers to exploit the vulnerability.
Is my NPC system affected?(for NPC DataGuard and DataGuard Pro clients)
NPC systems and devices running Microsoft Windows are not affected by Shellshock. As always, we will continue to monitor the situation for you and proactively protect the data on your NPC computer.
In terms of your non-NPC devices, this may be a good time to run an audit of your home and office technology. For each device you own, check the manufacturer's website for their position and instructions on the Shellshock issue.
One of the most common Linux-based devices is the ubiquitous router. Virtually every business and household has one that runs on Linux, and is therefore could be susceptible to Shellshock. If your router is supplied by an ISP they will likely patch your device for you, but you should confirm this with your ISP.
Both businesses and households should have an inventory of all devices, and the expertise to know whether they are vulnerable or have been patched. If you would like some assistance with this process, please let us know.
Also, be aware of phishing scams, because cybercriminals will almost certainly use the Shellshock issue to trick users into installing their malware via bogus emails claiming to be a Shellshock fix or patch.
Where can I learn more?
We are keeping a close eye on the story and will update our security alerts with any important developments.