'Heartbleed' computer bug threat spreads to firewalls and beyond - dofaq.com

Gloucester City Council fined £100000 over Heartbleed hack

IT PRO - 14 Jun 2017
The attack exploited the highly publicised 'Heartbleed' flaw, a vulnerability within the OpenSSL software library that allowed hackers to eavesdrop on web users, as well as steal usernames, passwords, documents, and in this case, emails. Despite the ...

Gloucester City Council Fined £100000 After Heartbleed Hack

ISBuzz News - 14 Jun 2017
It was reported today that The Information Commissioner's Office (ICO) has hit Gloucester City Council with a £100,000 fine after hackers took advantage of the Heartbleed flaw months after it had been patched. The full story can be found here. Paul ...

ICO fines Gloucester Council over Heartbleed failure

UKAuthority.com (press release) (blog) - 12 Jun 2017
The attack exploited the Heartbleed software flaw, which had previously been the subject of warnings from the ICO and the media. The council failed to repair the vulnerability in a timely manner, leaving personal information at risk and breaking data ...

Heartbleed Persists on 200000 Servers, Devices

Threatpost - 23 Jan 2017
Almost 200,000 servers and devices are still vulnerable to Heartbleed, the OpenSSL flaw patched nearly three years ago. The numbers come from search engine Shodan, which released data showing U.S. servers hosted on Amazon AWS are ...

Heartbleed vs. WannaCry: A tale of two cyber attacks

FederalNewsRadio.com - 22 May 2017
If there was ever a case to be made for why agencies and organizations invest in cybersecurity protections, look no further than the recent WannaCry ransomware attack. The federal government came away unscathed by the malware that hit more than 300 ...

That Heartbleed problem may be more pervasive than you think

Network World - 27 Jan 2017
That lingering Heartbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates. According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet ...

The Building Blocks Are Under Attack

Lifehacker Australia - 30 May 2017
In 2014 we saw the Heartbleed flaw exposed, with almost 20% of the systems connected to the Internet potentially affected. Heartbleed, or CVE-2014-0160 to use its proper name, was a flaw in the SSL libraries many of our networks depend on for security.

Heartbleed bug still affects thousands of sites

ZDNet - 25 Jan 2017
The bug, known as Heartbleed (but formally designated CVE-2014-0160), was found in an earlier version of OpenSSL, a common open-source cryptographic library. Researchers say the flaw could allow an attacker to reveal the contents of encrypted data ...

Survey: Software Supply Chain Full of Bugs

EnterpriseTech - 09 Jun 2017
The survey released Friday (June 9) by chip design specialist Synopsys Inc. (Nasdaq: SNPS) found that widely publicized vulnerabilities such as the Heartbleed bug persist in commonly used third-party software. The company said Heartbleed appeared in ...

Heartbleed Lingers: Nearly 180000 Servers Still Vulnerable

BankInfoSecurity.com (blog) - 30 Jan 2017
Heartbleed is the nickname for a vulnerability in OpenSSL, an open-source implementation of the SSL and TLS protocols that's used to secure data sent between clients and servers. The bug was jointly discovered by security firm Codenomicon and Google ...

Ticketbleed Vulnerability Affects F5 Devices

Hashed Out by The SSL Store™ (registration) (blog) - 16 Feb 2017
A new vulnerability is being compared to Heartbleed, the most infamous SSL/TLS vulnerability of all time. The Ticketbleed Vulnerability affects F5's TLS library. F5 is a major IT company that makes network devices such as load balancers. More than two ...

cURL security audit learns the lessons of Heartbleed

Naked Security - 25 Nov 2016
You may not have heard of cURL but you've probably made use of it. It's one of those pieces of software that does something everybody needs, that everybody uses but almost nobody pays any attention to. Its mission in life is simple: if something has an ...

Have software companies learned the lessons of Heartbleed?

ITProPortal - 31 Jan 2017
Everyone remembers when the Heartbleed vulnerability in the OpenSSL cryptographic library sent waves of panic ripping through the software industry and companies around the world. Software developers did not know enough about the open source ...

F5 patches Heartbleed-like 'Ticketbleed' bug

iT News - 10 Feb 2017
F5 Networks has issued a patch for several of its products to rectify a flaw that could be used to silently and remotely read data in memory on the equipment, similar to the Heartbleed vulnerability. The problem was found when Cloudflare cryptographer ...

What's New