'Heartbleed' computer bug threat spreads to firewalls and beyond - dofaq.com

Haste, Waste and Choice

Lawfare (blog) - 07 Jan 2018
Four years ago, there was the Heartbleed problem, a common-mode failure among products that were compliant with a particular networking standard—products that were inherently vulnerable to attack by way of their compliance itself. Early in the ...

The major Spectre and Meltdown flaws could linger for decades

Wired.co.uk - 04 Jan 2018
Advertisement. Both Spectre and Meltdown have the ability to be one of the biggest tech security vulnerabilities discovered. Easily ranking alongside Heartbleed, Krack and Shellshock. Here's what we know so far. What on Earth's happened? Two security ...

Son of Heartbleed poses a major new threat to the internet

TechRadar - 20 Sep 2017
OptionsBleed is different in that it's a bug in the Apache Web Server (as opposed to OpenSSL) leveraged by making HTTP OPTIONS requests (hence the name) in order to potentially cause data leakage as Heartbleed did. The problem was first uncovered by ...

A Manhattan Project for Cyber Security

Bryen's Blog (blog) - 09 Jan 2018
A number of vital software modules in commercial operating systems are produced by “volunteers” under a community-sourcing system that is already known to be responsible for the infamous Heartbleed bug. Community sourcing is international in scope ...

Heartbleed vs. WannaCry: A tale of two cyber attacks

FederalNewsRadio.com - 22 May 2017
If there was ever a case to be made for why agencies and organizations invest in cybersecurity protections, look no further than the recent WannaCry ransomware attack. The federal government came away unscathed by the malware that hit more than 300 ...

Three Years after Heartbleed, How Vulnerable Are You?

Dark Reading - 02 Mar 2017
requires a current listing of dependencies or bill of materials (BOM). Although most companies believe that such a list is being managed, the vast majority of software companies would be hard pressed to produce a list like that, even post-Heartbleed ...

That Heartbleed problem may be more pervasive than you think

Network World - 27 Jan 2017
That lingering Heartbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates. According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet ...

Heartbleed Persists on 200000 Servers, Devices

Threatpost - 23 Jan 2017
Almost 200,000 servers and devices are still vulnerable to Heartbleed, the OpenSSL flaw patched nearly three years ago. The numbers come from search engine Shodan, which released data showing U.S. servers hosted on Amazon AWS are disproportionately ...

Gloucester City Council fined £100000 over Heartbleed hack

IT PRO - 14 Jun 2017
Gloucester City Council has been hit with a £100,000 fine after a hacker downloaded 30,000 emails containing employees' personal information. In July 2014, a hacker "took advantage of a weakness in the council's website" to gain direct access to the ...

Heartbleed bug still affects thousands of sites

ZDNet - 25 Jan 2017
Close to 200,000 websites and servers remain vulnerable to a nasty bug found in a widely-used encryption library, almost three years after the bug was first discovered. At the time of the Shodan Report's release this week, a total of 199,594 servers ...

Ticketbleed Vulnerability Affects F5 Devices

Hashed Out by The SSL Store™ (blog) - 16 Feb 2017
A new vulnerability is being compared to Heartbleed, the most infamous SSL/TLS vulnerability of all time. The Ticketbleed Vulnerability affects F5's TLS library. F5 is a major IT company that makes network devices such as load balancers. More than two ...

Heartbleed Lingers: Nearly 180000 Servers Still Vulnerable

BankInfoSecurity.com (blog) - 30 Jan 2017
Heartbleed is the nickname for a vulnerability in OpenSSL, an open-source implementation of the SSL and TLS protocols that's used to secure data sent between clients and servers. The bug was jointly discovered by security firm Codenomicon and Google ...

Heartbleed bug: What you need to know (FAQ)

CNET (blog) - 15 Apr 2014
The Heartbleed bug, a newly discovered security vulnerability that puts users' passwords at many popular Web sites at risk, has upended the Web since it was disclosed earlier this week. It's an extremely serious issue, and as such, there's a lot of ...

​What is Heartbleed, anyway?

Engadget - 12 Apr 2014
If you're an IT professional, gadget blogger or token geek in your circle of friends, chances are, you've been hounded relentlessly over the past couple of days about "this Heartbleed thing." "Do I need to update my antivirus?" "Can I login to my bank ...

What's New