#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

OpenSSL Heartbleed | Breaking Cybersecurity News | The Hacker News

Category — OpenSSL Heartbleed
Over 199,500 Websites Are Still Vulnerable to Heartbleed OpenSSL Bug

Over 199,500 Websites Are Still Vulnerable to Heartbleed OpenSSL Bug

Jan 23, 2017
It's more than two and half years since the discovery of the critical OpenSSL Heartbleed vulnerability , but the flaw is still alive as it appears that many organizations did not remediate properly to the serious security glitch. It was one of the biggest flaws in the Internet's history that affected the core security of as many as two-thirds of the world's servers i.e. half a million servers at the time of its discovery in April 2014. However, the critical bug still affects more than 199,500 systems even after 2 years and 9 months have already passed, according to a new report published today on Shodan, a search engine that scans for vulnerable devices. Over 199,500 Systems Still Vulnerable to Heartbleed Heartbleed (CVE-2014-0160) was a serious bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allowed attackers to read portions of the affected server's memory, potentially revealing users data that the server isn't intended to re
OpenSSL to Patch High Severity Vulnerability this Week

OpenSSL to Patch High Severity Vulnerability this Week

Mar 18, 2015
The OpenSSL Foundation is set to release a handful of patches for undisclosed security vulnerabilities in its widely used open source software later this week, including one that has been rated " high " severity. In a mailing list note published last night, Matt Caswell of the OpenSSL Project Team announced that OpenSSL versions 1.0.2a , 1.0.1m , 1.0.0r , and 0.9.8zf will be released Thursday. " These releases will be made available on 19th March ," Caswell wrote. " They will fix a number of security defects. The highest severity defect fixed by these releases is classified as "high" severity. " OpenSSL is an open-source implementation of the SSL and TLS protocols. It's a technology that's widely used by almost every websites to encrypt web sessions, even the Apache web server that powers almost half of the websites over the Internet utilizes OpenSSL. Further details on the mystery security vulnerabilities ( CVE-2015-02
cyber security

Online Master's in Applied Intelligence

websiteGeorgetown UniversityCyber Security
More than 90% of respondents expressed concern over their team and tooling's ability to detect identity-based attacks. Learn about critical gaps in security programs and what environments pose the most risk to security teams. Download the Report.
Beware Of Fake 'HeartBleed Bug Remover Tool', Hijacks System with Malware

Beware Of Fake 'HeartBleed Bug Remover Tool', Hijacks System with Malware

May 28, 2014
I am considering that you all must have read my last article on OpenSSL Heartbleed , a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server's memory, potentially revealing users data, that the server did not intend to reveal. The Heartbleed vulnerability made headlines around the world and my last article explains everything about probably the biggest Internet vulnerability in recent history, but still some readers are not aware of its nature, otherwise they would not have been a victim of the spam campaigns. Spammers are very smart on gaining from every opportunity they get, so this time they are taking advantage of the infamous Heartbleed bug and frighten the users into installing Anti-Heartbleed Software onto their systems, which is obviously a malware. The researchers at Symantec have unearthed a spam campaign targeting people by sending spam emails that warns them their
cyber security

Permiso Security's 2024 State of Identity Security Report

websitePermisoThreat Detection / Identity Security
More than 90% of respondents expressed concern over their team and tooling's ability to detect identity-based attacks. Learn about critical gaps in security programs and what environments pose the most risk to security teams. Download the Report.
Expert Insights / Articles Videos
Cybersecurity Resources