By Jeff Goldman | Posted August 25, 2014
Recent research by Venafi found that 97 percent of Global 2000 organizations' public servers remain vulnerable to Heartbleed.
http://www.esecurityplanet.com/imagesvr_ce/6325/ones-and-zeros-feature-250x165.jpgTrustedSec researchers report that the recent breach at Community Health Systems (CHS), which affected approximately 4.5 people who had been referred to or received services from CHS-affiliated physicians, was enabled by the Heartbleed OpenSSL bug.
The researchers say the attack vector was confirmed by a "trusted and anonymous source" involved in the investigation of the breach. "Attackers were able to glean user credentials from memory on a CHS Juniper device via the Heartbleed vulnerability (which was vulnerable at the time) and use them to login via a VPN," TrustedSec explained in a blog post.
The time between the release of an exploit and the issuing of a patch, the researchers noted, is the most critical period for any organization. "What we can learn here is that when something as large as HeartBleed occurs (rare) that we need to focus on addressing the security concerns immediately and without delay," they wrote. "Fixing it as soon as possible or having compensating controls in place days before could have saved this entire breach from occurring in the first place."
eSecurityPlanet/ full article here/ http://www.esecurityplanet.com/network-security/community-health-systems-breach-linked-to-heartbleed-bug.html
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.