OpenSSL "Heartbleed" Vulnerability Alert
Community First Bank's sites www.community1st.com or our online banking systems were not vulnerable to the OpenSSL "Heartbleed" bug.
OpenSSL is a popular open-source code library for implementing encryption in websites, e-mail servers, and applications and is used in common network services such as web servers, email servers, virtual private networks (VPN), instant messaging, and other applications. Financial institutions may use OpenSSL to cryptographically authenticate their servers to customers, and to protect passwords and other sensitive data from eavesdropping. On April 7, 2014, security researchers reported the existence of a coding error in OpenSSL versions 1.0.1 through 1.0.1f.
The vulnerability, nicknamed “Heartbleed,” has existed since December 31, 2011.
The vulnerability could allow an attacker to potentially access a server’s private cryptographic keys compromising the security of the server and its users. An attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network communications that would otherwise be protected by encryption. Attackers could potentially impersonate bank services or users, steal login credentials, access sensitive email, or gain access to internal networks. Potential attacks are made feasible by the public availability of exploitation tools.
Credit Report Pop-Up Ad Scam
Pop-Up Message Was Not Sent from Community First Bank We were recently made aware of a scam involving a pop-up marketing ad that targets customers when logging in to a financial institutions’ online banking system. This fraudulent “adware” attack uses the customer’s Internet browser history to launch the pop-up message, and makes it appear to have come from the bank or other financial institution.
If you should encounter this pop-up ad, please do not click on any associated links, nor provide any financial or other sensitive information online. The pop-up ad did not come from Community First Bank, and we will never ask you to provide such information through an email or pop-up message.
This adware attack is not related to Community First Bank, and has no impact on the continued safety and security of the Bank’s website or Online Banking.
To help protect yourself from this type of adware attack, you may want to run anti-malware/anti-virus tools on your computer. If you did encounter this ad and either clicked on the link and/or supplied any information, please call us at 509-783-0955 for assistance.