Get a closer look at Heartbleed—from the latest attack activity to mitigation strategies – using 2014 mid-year data and ongoing research. IBM, August 2014.
“Welcome to the latest quarterly report from the IBM® X-Force® research and development team. In this report, we’ll look at how the Heartbleed vulnerability—CVE-2014-0160, disclosed in April 2014—impacted organizations around the world. We’ll focus on how attackers continue to take advantage of this pervasive vulnerability, review potential mitigation strategies and assess how the disclosure compares to the rest of our data from the first half of 2014. So far, the disclosure of the Heartbleed vulnerability in the OpenSSL library has been the biggest event to hit the security industry in 2014. The bug permitted unauthenticated acccess from servers and clients alike. While the initial impact of Heartbleed is waning, a second wave of new vulnerabilities found within open-source and reusable software merits further discussion.
Servers worldwide continue to be affected by this serious vulnerability, so we wanted to investigate what has happened since the Heartbleed disclosure took so many organizations by surprise. Not only did the flaw focus the attention of researchers looking for new areas of vulnerabilities within open-source and reusable code, it also gave attackers another great opportunity to use one-day attack methods. With the help of IBM Managed Security Services (MSS), we’ll first look at how organizations dealt with the immediate aftermath of the Heartbleed announcement, while also adopting practical, large-scale mitigation strategies for ongoing protection. Then, from an attack perspective, our X-Force researchers will explain what the attackers might have been looking for and attempting to achieve with this type of vulnerability.”
Sorry, comments are closed for this post.