Banks told to patch systems due to Heartbleed threat
OpenSSL vulnerability provides loophole into otherwise encrypted areas
- |
- Written by John Ginovsky
In response to the discovery of a crucial digital vulnerability called “Heartbleed,” the Federal Financial Institutions Examination Council members expect financial institutions to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems as soon as possible to address the vulnerability.
Financial institutions should consider replacing private keys and X.509 encryption certificates after applying the patch for each service that uses OpenSSL and consider requiring users and administrators to change passwords after applying the patch. Financial institutions relying upon third-party service providers should ensure those providers are aware of the vulnerability and are taking appropriate mitigation action.
OpenSSL is a cryptographic software library used to authenticate services and encrypt sensitive information. A significant vulnerability has been found in OpenSSL that could allow an attacker to decrypt, spoof, or perform attacks on network communications that would otherwise be protected by encryption.
In an additional alert, FFIEC says attackers could potentially impersonate bank services or users, steal login credentials, access sensitive email, or gain access to internal networks. Potential attacks are made feasible by the public availability of exploitation tools.
Tagged under Risk Management, Online, Cyberfraud/ID Theft, Feature,
Related items
- Global Financial Inclusion Levels Rise For The Second Year Running but US drops out of Top 5
- UK Mandates Banks to Reimburse Bank Transfer Fraud Victims
- Americans Choose Sacrifices Over Financing to Afford Holiday Shopping
- JPMorgan Chase Launches Hiring Initiative to Bolster Financial Inclusion
- Michigan State University Federal Credit Union Enhances Financial Services