Scroll Top

New Vulnerability that Targets Linux Based OS and OpenSSL

 

A new vulnerability nicknamed “heartHeartbleed” targets OpenSSL by exploiting a vulnerability that can lead to data loss and exposure.  Attacks and proofs of concept are currently available in the Wild.

OpenSSL is used on about two-thirds of all web servers, but the issue has gone undetected for about two years. OpenSSL is used on servers and is built-in to a number of VPN Appliances. Therefore the fix must come to the hosting server.

According to experts, state-sponsored cyber espionage are running the scans and most likely running the attacks. There are a small number of state-sponsored actors involved.

According to Microsoft, “most” Microsoft Services, including Microsoft Account and Azure, were not affected by the OpenSSL vulnerability and of course the Windows implementation of SSL/TLS were not impacted.

OpenSSL patches are available for these Linux operating systems to include: CentOSDebianFedoraRed HatopenSUSE, and Ubuntu.

SUSE Linux Enterprise Server (SLES) is apparently not affected.

0
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.