Newsroom
FFIEC urges CUs, banks to address 'Heartbleed' issue
April 11, 2014 – The Federal Financial Institutions Examination Council released an alert Thursday urging credit unions and banks to take steps now to mitigate the "Heartbleed" issue, which the regulators termed a "material security vulnerability" affecting Web servers using OpenSSL.
OpenSSL is an open-source implementation of the secure sockets layer (SSL) and transport layer security (TLS) protocols commonly used to protect data in transit. The "Heartbleed" vulnerability, reported by researchers April 7, means an attacker could access a server's private cryptographic keys, "compromising the security of the server and its users," the FFIEC wrote. This flaw in OpenSSL versions 1.0.1 through 1.0.1f. has existed since Dec. 31, 2011, the alert says.
The alert adds, "An attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network communications that would otherwise be protected by encryption."
The notice urges regulated institutions to:
- ensure third-party vendors using OpenSSL on their systems are aware of the vulnerability and take appropriate mitigation steps;
- monitor the status of their vendors' efforts;
- identify and upgrade vulnerable internal systems and services; and
- follow appropriate patch management practices and test to ensure a secure configuration.
The alert also suggests replacing private keys and X.509 encryption certificates after applying patches and says financial institutions should assume current encryption keys for vulnerable servers are no longer viable. Institutions should "strongly consider" having users and administrators "change passwords after applying the OpenSSL patch," the alert says.
Share This
Related Resources
Add to Calendar 2024-05-02 14:00:00 2024-05-02 14:00:00 Mastering Resilience in Incident Response Plans About the Webinar An Incident Response (IR) plan is crucial for guiding credit unions through major incidents efficiently and effectively. However, many IR plans lack resilience, making them less adaptable to the evolving threat landscape. Join us for our webinar Mastering Resilience in Incident Response Plans where DefenseStorm cyber experts Elizabeth Houser and James Bruhl will delve into the importance of resiliency within cybersecurity IR plans. Don’t miss out on the opportunity to learn how to: Ensure IR plan accessibility so that all team members with assigned roles are prepared for effective incident response. Conduct efficient and regular reviews to ensure roles and responsibilities are current, tools are relevant, and compliance requirements are met. Implement and utilize tabletops to regularly test the effectiveness of your IR plan. Enhance preparedness, efficiency, and confidence among responders. View On-Demand Web NAFCU digital@nafcu.org America/New_York public
Mastering Resilience in Incident Response Plans
preferred partner
DefenseStorm
Webinar
Add to Calendar 2024-04-30 14:00:00 2024-04-30 14:00:00 State of Consumer Credit: How Behaviors have Shifted and Trends in US Bankcard Benchmarks About the Webinar In an era marked by volatility and evolving credit trends such as historic inflation and the rise of BNPL, credit unions must adapt to mitigate risks effectively. Join the experts at FICO in exploring how to leverage FICO Scores to enhance competitiveness while maintaining stability and compliance. Key Takeaways: Learn about the latest in consumer credit behaviors and score distributions since the pandemic Take a closer look at major US bankcard trends in comparison to the credit union industry, such as average card spend, balance, missed payments and more. View On-Demand Web NAFCU digital@nafcu.org America/New_York public
State of Consumer Credit: How Behaviors have Shifted and Trends in US Bankcard Benchmarks
preferred partner
FICO
Webinar
Add to Calendar 2024-04-25 14:00:00 2024-04-25 14:00:00 Unifying Two Different Executive Benefits Programs About the Webinar In part one we discussed how to retain key positions during a time of transition. In part two, we will look at how to combine executive benefits programs from two different organizations into a single high-performing program. Evaluating each program includes many different facets, from strategy and expense to performance and servicing. This session will provide important considerations, whether or not you have pending M&A activity. Key Takeaways: Is the plan design both retentive and efficient? Is the benefit expense properly mitigated? Does the legal agreement reflect the board’s intent? View On-Demand Web NAFCU digital@nafcu.org America/New_York public
Unifying Two Different Executive Benefits Programs
preferred partner
Gallagher
Webinar
Add to Calendar 2024-04-25 14:00:00 2024-04-25 14:00:00 ChatGPT: What AI can do for you! ChatGPT has been created with one main objective – to predict the next word in a sentence, based on what's typically happened in the gigabytes of text data that it's been trained on. Did you ever hear of the saying, “People fear the unknown?” Artificial intelligence scares people, but it is the future, and you need to understand the tools and resources it offers. It’s also about saving time, that’s what technology and in this case, artificial intelligence can do for you. If you want to save time and have a better quality of life, this training is for you. Once you give ChatGPT a question or prompt, it passes through the AI model and the chatbot produces a response based on the information you've given and how that fits into its vast amount of training data. It's during this training that ChatGPT has learned what word, or sequence of words, typically follows the last one in a given context. During this webinar, ChatGPT: What AI can do for you, you’ll discover the background, purpose, usability, and the pros and cons. Don't miss this opportunity! Key Takeaways Learn the background of AI Understand the purpose of AI Identify the pros and cons Register Now $295 Members | $395 Nonmembers(Additional $50 for USB)One registration gives your entire team access to the live webinar and on-demand recording until April 25, 2025Go to the Online Training Center to access the webinar after purchase » Who Should Attend NCRMs Risk titles Education Credits NCRMs will recieve 1.0 CEUs for participating in this webinar Web NAFCU digital@nafcu.org America/New_York public
ChatGPT: What AI can do for you!
Credits: NCRM
Webinar
Get daily updates.
Subscribe to NAFCU today.