Scroll Top

New Vulnerability that Targets Linux Based OS and OpenSSL

New Vulnerability that Targets Linux Based OS and OpenSSL
0
By Jeffrey Jones Hacking Attacks it security audit News & Announcements Penetration Testing in MA April 10, 2014

 

A new vulnerability nicknamed “heartHeartbleed” targets OpenSSL by exploiting a vulnerability that can lead to data loss and exposure.  Attacks and proofs of concept are currently available in the Wild.

OpenSSL is used on about two-thirds of all web servers, but the issue has gone undetected for about two years. OpenSSL is used on servers and is built-in to a number of VPN Appliances. Therefore the fix must come to the hosting server.

According to experts, state-sponsored cyber espionage are running the scans and most likely running the attacks. There are a small number of state-sponsored actors involved.

According to Microsoft, “most” Microsoft Services, including Microsoft Account and Azure, were not affected by the OpenSSL vulnerability and of course the Windows implementation of SSL/TLS were not impacted.

OpenSSL patches are available for these Linux operating systems to include: CentOSDebianFedoraRed HatopenSUSE, and Ubuntu.

SUSE Linux Enterprise Server (SLES) is apparently not affected.

0
Jeffrey Jones / About Author
More posts by Jeffrey Jones
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required