12 February 2016

Regulators warn US banks to take action over Heartbleed exploit

11 April 2014  |  4456 views  |  0 Copenhagen spire

US regulators have warned the nation's banks to undertake a complete overhaul of their security infrastructure to counteract the threat from the Heartbleed bug.

Earlier this week, researchers discovered a flaw in OpenSSL, a piece of fundamental security software used by a broad range of companies and organisations across the globe. That flaw could allow an attacker to gain access to sensitive information stored in the memory of an affected system with just a basic network request.

In an alert sent to US banks late on Thursday, the Federal Financial Institutions Examination Council (FFIEC) said it expects financial institutions to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems "as soon as possible" to address the vulnerability.

Financial institutions should also consider replacing private keys and X.509 encryption certificates after applying the patch for each service that uses OpenSSL. Critically, the FFIEC suggests that banks should consider requiring customers and administrators to change passwords after applying the patch.

Banks relying upon third-party vendors are also advised to ensure those providers are aware of the vulnerability and are taking appropriate action.

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

03 April, 2014
09 October, 2013
16 December, 2011
29 June, 2011
Your browser is unable to support Flash files.

Top topics

Most viewed Most shared
UK sets out open banking API frameworkUK sets out open banking API framework
15265 views comments | 100 tweets | 89 linkedin
Deutsche Bank calls for co-operation with fintech firms on B2B servicesDeutsche Bank calls for co-operation with...
8301 views comments | 28 tweets | 30 linkedin
How to accelerate your fintech startupHow to accelerate your fintech startup
7942 views comments | 34 tweets | 9 linkedin
Is Paym a failure?Is Paym a failure?
6730 views 16 comments | 23 tweets | 16 linkedin
Visa issues API to offer consumer control over card transactionsVisa issues API to offer consumer control...
6180 views comments | 17 tweets | 28 linkedin

Featured job

Find your next job