- Jan 8, 2011
- 22,361
Attackers were able to breach a walled-off virtual private network by exploiting the Heartbleed vulnerability, security company Mandiant said on Friday.
The breach is one of the earliest instances of attackers using Heartbleed to bypass multifactor authentication and break through a VPN, said Mandiant Technical Director Christopher Glyer. It's not clear from the report if data was stolen from the affected organization.
The Heartbleed vulnerability was accidentally introduced several years ago to OpenSSL, the encryption platform used by more than two-thirds of the Internet, but it wasn't discovered till the beginning of this past April. Since then, Internet firms large and small have been scrambling to patch their OpenSSL implementations.
The breach is one of the earliest instances of attackers using Heartbleed to bypass multifactor authentication and break through a VPN, said Mandiant Technical Director Christopher Glyer. It's not clear from the report if data was stolen from the affected organization.
The Heartbleed vulnerability was accidentally introduced several years ago to OpenSSL, the encryption platform used by more than two-thirds of the Internet, but it wasn't discovered till the beginning of this past April. Since then, Internet firms large and small have been scrambling to patch their OpenSSL implementations.
Read more:
http://www.cnet.com/uk/news/heartbleed-attack-used-to-skip-past-multifactor-authentication/
http://www.tomsguide.com/us/heartbleed-exploit-vpn,news-18661.html
https://www.mandiant.com/blog/attac...y-circumvent-multifactor-authentication-vpns/
Heartbleed ITW
http://blog.sucuri.net/2014/04/heartbleed-in-the-wild.html