According to the researchers at security firm Mandiant the attackers have developed a way to exploit heartbleed in an SSL VPN. The Heartbleed bug, as it’s now known, affects any sites and services running specific versions of OpenSSL. It is estimated that over 66% of the web uses OpenSSL, so a good portion of the web may be vulnerable. The latest heartbleed attack took place on April 08, 2014, following the disclosure of the OpenSSL vulnerability. An attacker exploited the weakness in a VPN appliance and hijacked multiple active user sessions. The attack involved sending repeated malformed heartbeat requests to the …continue reading
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post Mandiant Researchers: Heartbleed Attack Bypasses Multifactor Authentication, Hijacks VPN Sessions. appeared first on National Cyber Security.
View full post on National Cyber Security
