'Heartbleed' computer bug threat spreads to firewalls and beyond - dofaq.com

Staying Secure with Open Source

Lexology (registration) - 04 Aug 2017
As the Heartbleed bug of 2014 should have shown us, this does not really happen in practice. Heartbleed is widely considered to be one of the biggest failures to date. Heartbleed effected an application called OpenSSL, which was used to encrypt the ...

Heartbleed Persists on 200000 Servers, Devices

Threatpost - 23 Jan 2017
Almost 200,000 servers and devices are still vulnerable to Heartbleed, the OpenSSL flaw patched nearly three years ago. The numbers come from search engine Shodan, which released data showing U.S. servers hosted on Amazon AWS are ...

That Heartbleed problem may be more pervasive than you think

Network World - 27 Jan 2017
That lingering Heartbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates. According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet ...

Heartbleed vs. WannaCry: A tale of two cyber attacks

FederalNewsRadio.com - 22 May 2017
The reason can be traced, in large part, back to 2014. When the Heartbleed bug, a vulnerability in the OpenSSL cryptographic software library, hit the internet, the Homeland Security Department had to scramble to make sure agencies fixed the code.

ICO Fines Gloucester Council £100K After Heartbleed Snafu

Infosecurity Magazine - 13 Jun 2017
Data protection watchdog the Information Commissioner's Office (ICO) has fined Gloucester City Council a whopping £100,000 after it failed to protect against the Heartbleed bug, resulting in the theft of sensitive info on council employees. A cyber ...

Heartbleed bug still affects thousands of sites

ZDNet - 25 Jan 2017
The bug, known as Heartbleed (but formally designated CVE-2014-0160), was found in an earlier version of OpenSSL, a common open-source cryptographic library. Researchers say the flaw could allow an attacker to reveal the contents of encrypted data ...

Gloucester City Council fined £100000 over Heartbleed hack

IT PRO - 14 Jun 2017
The attack exploited the highly publicised 'Heartbleed' flaw, a vulnerability within the OpenSSL software library that allowed hackers to eavesdrop on web users, as well as steal usernames, passwords, documents, and in this case, emails. Despite the ...

A brief history of cyber risk: From data breaches to ransomware

Real Business - 27 Jul 2017
Our history is filled with cyber risk incidents, stretching back to the HMRC CD-ROM debacle, through to software vulnerabilities like Heartbleed and WannaCry. If anything, it highlights the need for companies to take serious steps to mitigate the ...

Ticketbleed Vulnerability Affects F5 Devices

Hashed Out by The SSL Store™ (registration) (blog) - 16 Feb 2017
A new vulnerability is being compared to Heartbleed, the most infamous SSL/TLS vulnerability of all time. The Ticketbleed Vulnerability affects F5's TLS library. F5 is a major IT company that makes network devices such as load balancers. More than two ...

Heartbleed Lingers: Nearly 180000 Servers Still Vulnerable

BankInfoSecurity.com (blog) - 30 Jan 2017
Heartbleed is the nickname for a vulnerability in OpenSSL, an open-source implementation of the SSL and TLS protocols that's used to secure data sent between clients and servers. The bug was jointly discovered by security firm Codenomicon and Google ...

Heartbleed bug: What you need to know (FAQ)

CNET (blog) - 02 May 2016
The Heartbleed bug, a newly discovered security vulnerability that puts users' passwords at many popular Web sites at risk, has upended the Web since it was disclosed earlier this week. It's an extremely serious issue, and as such, there's a lot of ...

Council fined £100000 for not preventing Heartbleed cyberattack

Sky News - 12 Jun 2017
These email messages contained financial and sensitive information about council staff, according to the Information Commissioner's Office (ICO). The ICO, the UK's data regulator, said the hacker exploited the Heartbleed security bug - which had been ...

cURL security audit learns the lessons of Heartbleed

Naked Security - 25 Nov 2016
You may not have heard of cURL but you've probably made use of it. It's one of those pieces of software that does something everybody needs, that everybody uses but almost nobody pays any attention to. Its mission in life is simple: if something has an ...

A Field Guide to Open Source Software Licensing

Enterprise License Optimization Blog (blog) - 01 Aug 2017
For enterprises that are developing applications for internal use, OSS represents a potential security risk-- there are software vulnerabilities in many OSS components. Well known OSS exploits include Heartbleed, Ghost and Shellshock. How many of those ...

Have software companies learned the lessons of Heartbleed?

ITProPortal - 31 Jan 2017
Everyone remembers when the Heartbleed vulnerability in the OpenSSL cryptographic library sent waves of panic ripping through the software industry and companies around the world. Software developers did not know enough about the open source ...

F5 patches Heartbleed-like 'Ticketbleed' bug

iT News - 10 Feb 2017
F5 Networks has issued a patch for several of its products to rectify a flaw that could be used to silently and remotely read data in memory on the equipment, similar to the Heartbleed vulnerability. The problem was found when Cloudflare cryptographer ...

Heartbleed Highlights a Contradiction in the Web

New York Times - 19 Apr 2014
SAN FRANCISCO — The Heartbleed bug that made news last week drew attention to one of the least understood elements of the Internet: Much of the invisible backbone of websites from Google to Amazon to the Federal Bureau of Investigation was built by ...

What's New