US regulators have urged the country’s banks to act to protect themselves from the newly discovered "Heartbleed" bug.

The Federal Financial Institutions Examination Council (FFIEC) told banks that it expected them to apply patches and update security as soon as possible.

It said: "The vulnerability could allow an attacker to potentially access a server’s private cryptographic keys compromising the security of the server and its users.

"An attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network communications that would otherwise be protected by encryption."

The Heartbleed bug, uncovered by researchers for Finnish security firm Codenomicon, is a flaw in OpenSSL, a commonly used piece of code that is estimated to be used in around two thirds of websites across the globe.

Since the bug was revealed, tech giants, retailers and banks have scrambled to close the gaps in their security and to warn users.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Advice to consumers has been conflicted, with some websites, such as Tumblr urging users to change their passwords.

Some other sites have told users to hold off until the bug is dealt with, lest fraudsters gain access to their new passwords while sites are still vulnerable.

The FFIEC added: "Attackers could potentially impersonate bank services or users, steal login credentials, access sensitive email, or gain access to internal networks.

"Potential attacks are made feasible by the public availability of exploitation tools."

 

Related articles:

Heartbleed bug causes havoc online as retailers and banks affected

Dutch banks warn customers to stop using Windows XP due to fraud risk

Nearly twenty-fold increase in mobile banking Trojans – Kaspersky Labs