23 June 2017
download the report now

Regulators warn US banks to take action over Heartbleed exploit

11 April 2014  |  4843 views  |  0 Copenhagen spire

US regulators have warned the nation's banks to undertake a complete overhaul of their security infrastructure to counteract the threat from the Heartbleed bug.

Earlier this week, researchers discovered a flaw in OpenSSL, a piece of fundamental security software used by a broad range of companies and organisations across the globe. That flaw could allow an attacker to gain access to sensitive information stored in the memory of an affected system with just a basic network request.

In an alert sent to US banks late on Thursday, the Federal Financial Institutions Examination Council (FFIEC) said it expects financial institutions to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems "as soon as possible" to address the vulnerability.

Financial institutions should also consider replacing private keys and X.509 encryption certificates after applying the patch for each service that uses OpenSSL. Critically, the FFIEC suggests that banks should consider requiring customers and administrators to change passwords after applying the patch.

Banks relying upon third-party vendors are also advised to ensure those providers are aware of the vulnerability and are taking appropriate action.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Banks losing millions to new wave of ATM hacks - FFIEC

Banks losing millions to new wave of ATM hacks - FFIEC

03 April 2014  |  9622 views  |  4 comments | 8 tweets | 16 linkedin
Discontinuation of support for Microsoft XP poses operational risks to banks - FFIEC

Discontinuation of support for Microsoft XP poses operational risks to banks - FFIEC

09 October 2013  |  10795 views  |  0 comments | 8 tweets | 8 linkedin
Security vendors to cash in on FFIEC e-banking authentication guidance

Security vendors to cash in on FFIEC e-banking authentication guidance

16 December 2011  |  7128 views  |  0 comments
FFIEC issues new security guidance to US banks

FFIEC issues new security guidance to US banks

29 June 2011  |  10219 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit wavestone-advisors.co.ukvisit www.www.fisglobal.comvisit www.finastra.com

Top topics

Most viewed Most shared
Santander's Openbank relaunched as 100% digital bankSantander's Openbank relaunched as 100% di...
15908 views comments | 48 tweets | 61 linkedin
Worldpay pilots app-only mPOS for small retailersWorldpay pilots app-only mPOS for small re...
8431 views comments | 17 tweets | 26 linkedin
Live: EBAday 2017, day twoLive: EBAday 2017, day two
8055 views comments | 4 tweets | 5 linkedin
UK banks will need to change one million sort codes under ring-fencing rulesUK banks will need to change one million s...
7429 views comments | 8 tweets | 25 linkedin
Live: EBAday 2017, day oneLive: EBAday 2017, day one
7419 views comments | 3 tweets | 4 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job