Regulators warn US banks to take action over Heartbleed exploit

US regulators have warned the nation's banks to undertake a complete overhaul of their security infrastructure to counteract the threat from the Heartbleed bug.

  3 Be the first to comment

Regulators warn US banks to take action over Heartbleed exploit

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Earlier this week, researchers discovered a flaw in OpenSSL, a piece of fundamental security software used by a broad range of companies and organisations across the globe. That flaw could allow an attacker to gain access to sensitive information stored in the memory of an affected system with just a basic network request.

In an alert sent to US banks late on Thursday, the Federal Financial Institutions Examination Council (FFIEC) said it expects financial institutions to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems "as soon as possible" to address the vulnerability.

Financial institutions should also consider replacing private keys and X.509 encryption certificates after applying the patch for each service that uses OpenSSL. Critically, the FFIEC suggests that banks should consider requiring customers and administrators to change passwords after applying the patch.

Banks relying upon third-party vendors are also advised to ensure those providers are aware of the vulnerability and are taking appropriate action.

Sponsored [New Report] Confirmation of Payee progress and APP fraud mitigation: Where are we now?

Related Company

Comments: (0)

[Report] The US Instant Payments Landscape: Navigating Growth and ChallengesFinextra Promoted[Report] The US Instant Payments Landscape: Navigating Growth and Challenges