US regulators have urged the country’s banks to act to protect themselves from the newly discovered "Heartbleed" bug.
The Federal Financial Institutions Examination Council (FFIEC) told banks that it expected them to apply patches and update security as soon as possible.
It said: "The vulnerability could allow an attacker to potentially access a server’s private cryptographic keys compromising the security of the server and its users.
"An attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network communications that would otherwise be protected by encryption."
The Heartbleed bug, uncovered by researchers for Finnish security firm Codenomicon, is a flaw in OpenSSL, a commonly used piece of code that is estimated to be used in around two thirds of websites across the globe.
Since the bug was revealed, tech giants, retailers and banks have scrambled to close the gaps in their security and to warn users.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataAdvice to consumers has been conflicted, with some websites, such as Tumblr urging users to change their passwords.
Some other sites have told users to hold off until the bug is dealt with, lest fraudsters gain access to their new passwords while sites are still vulnerable.
The FFIEC added: "Attackers could potentially impersonate bank services or users, steal login credentials, access sensitive email, or gain access to internal networks.
"Potential attacks are made feasible by the public availability of exploitation tools."
Related articles:
Heartbleed bug causes havoc online as retailers and banks affected
Dutch banks warn customers to stop using Windows XP due to fraud risk
Nearly twenty-fold increase in mobile banking Trojans – Kaspersky Labs