The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a part of the Deparment of Homeland Security, has warned that the first sightings of exploits seeking to take advantage of well-publicised security flaws in OpenSSL have appeared in the wild.
OpenSSL is an open-source security tool widely used to encrypt passwords when people log-in to a system. A flaw in the implementation of OpenSSL could allow the private key used in a Secure Sockets Layer (SSL) communication to be exposed. An attacker could then decrypt and read any secure data passed on the network link.
Full Article
Heartbleed: First reports of exploits emerge, warns US government agency
+54
+54(Excerpt)
Fraud protection firm Easy Solutions reports that black hats are posting huge lists of 10,000+ domains that have been run through the automated web-based Heartbleed vulnerability checking tools. These lists reveal whether the websites are vulnerable or patched, as well as noting whether or not SSL is present.
A blog post by Easy Solutions featuring a partially redacted list of captured domains, sourced from automated scans run by hackers, can be found here. "These scans might lead to automated attacks that harvest login credentials en masse," warns Easy Solutions, which came across the lists during brand intelligence work for its financial services clients.
Full Article
Fraud protection firm Easy Solutions reports that black hats are posting huge lists of 10,000+ domains that have been run through the automated web-based Heartbleed vulnerability checking tools. These lists reveal whether the websites are vulnerable or patched, as well as noting whether or not SSL is present.
A blog post by Easy Solutions featuring a partially redacted list of captured domains, sourced from automated scans run by hackers, can be found here. "These scans might lead to automated attacks that harvest login credentials en masse," warns Easy Solutions, which came across the lists during brand intelligence work for its financial services clients.
Full Article
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.