New Vulnerability that Targets Linux Based OS and OpenSSL

 

A new vulnerability nicknamed “heartHeartbleed” targets OpenSSL by exploiting a vulnerability that can lead to data loss and exposure.  Attacks and proofs of concept are currently available in the Wild.

OpenSSL is used on about two-thirds of all web servers, but the issue has gone undetected for about two years. OpenSSL is used on servers and is built-in to a number of VPN Appliances. Therefore the fix must come to the hosting server.

According to experts, state-sponsored cyber espionage are running the scans and most likely running the attacks. There are a small number of state-sponsored actors involved.

According to Microsoft, “most” Microsoft Services, including Microsoft Account and Azure, were not affected by the OpenSSL vulnerability and of course the Windows implementation of SSL/TLS were not impacted.

OpenSSL patches are available for these Linux operating systems to include: CentOSDebianFedoraRed HatopenSUSE, and Ubuntu.

SUSE Linux Enterprise Server (SLES) is apparently not affected.

0

Leave a comment