The federal banking agencies, through the FFIEC, announced on April 10 that they expect banks to incorporate patches on information systems and services, applications and appliances using the OpenSSL cryptographic software library, and to upgrade systems as soon as possible to address the OpenSSL vulnerability commonly referred to as the Heartbleed Bug.

     Nutter Notes: The Heartbleed Bug could allow an attacker using the Internet to read the memory of systems protected by the vulnerable versions of the OpenSSL software. Attackers could potentially impersonate bank customers, steal bank employee login credentials, access sensitive e-mail or gain access to internal networks.