Via American Banker: “The Federal Financial Institutions Examination Council said Thursday that it expects “financial institutions to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems as soon as possible to address the vulnerability.” OpenSSL is open-source software that lets web sites encrypt communications with visitors. A vulnerability has been found in OpenSSL that could allow an attacker to decrypt, spoof or perform attacks on network communications that would otherwise be protected by encryption. The bug, nicknamed Heartbleed, has been around since 2012 and was announced by researchers on Monday. It has opened up a window to let attackers steal information such as user names and passwords and the private keys sites use to encrypt and decrypt sensitive data.”