|21 Apr 2014||#1|
| || |
Heartbleed Attack Targeted Enterprise VPN
Now there's live proof the Heartbleed bug can be exploited, not just to steal private SSL keys stored on a server, but also to retrieve VPN session tokens.
Researchers at Mandiant -- now part of threat intelligence firm FireEye -- on Friday revealed that they spotted a successful VPN-targeting attack that began April 8. That was just one day after OpenSSL issued a public security advisory about a "TLS heartbeat read overrun" in its open-source SSL and TLS implementation.
The flaw, later dubbed "Heartbleed," was quickly tapped by a VPN-targeting attacker. "The attacker repeatedly sent malformed heartbeat requests to the HTTPS Web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," said Mandiant technical director Christopher Glyer and senior consultant Chris DiGiamo in a blog post. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated."
The researchers declined to name the organization that was targeted, but said the attacker's aims didn't appear to be academic. "Once connected to the VPN, the attacker attempted to move laterally and escalate his/her privileges within the victim organization," they said.
|My System Specs|
|Similar help and support threads for2: Heartbleed Attack Targeted Enterprise VPN|
|A close look at a targeted attack delivery||Security News|
|DDoS Attack, Changed IPs Still Under Attack||System Security|
|New, unusual targeted attack against MS Office in the wild||Microsoft Office|
|Hotmail Targeted by Zero-Day Attack||Security News|
|Super Talent’s RAIDDrive SSDs Targeted for Enterprise S||Hardware & Devices|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 11:04 PM.