The problem of critical infrastructure security has become a key issue in the last few years, as high-profile attacks such as Stuxnet and others have grabbed headlines and alerted politicians and others to the weaknesses facing these vital systems.
Details of a targeted attack have emerged where hackers are using the Heartbleed OpenSSL vulnerability to hijack active VPN sessions to remotely access an enterprise.
The arts and crafts retail chain Michaels confirmed yesterday that most of its U.S. stores were breached for eight months and that the payment card information of nearly 3 million of its customers may have been compromised.
A number of ICS products from Siemens and Innominate are vulnerable to the OpenSSL heartbleed flaw, some of which do not have updates available yet. The list of products affected by the heartbleed vulnerability continues to grow by the day, with OpenVPN being one of the latest. A researcher on Friday said that he was[...]
Swedish VPN providers Mullvad report that private keys moving through OpenVPN installations are not immune to Heartbleed OpenSSL exploits.