But this time was different: the bug exists on firmware that has to be replaced, not updated, and was used to break into a virtual private network (VPN), bypassing the network's multifactor authentication entirely. An unspecified attacker exploited the bug on an unnamed company's VPN concentrator, an appliance that provides secure remote connectivity to a private network such as one a company might use in its office. Washington D.C.-based security company Mandiant discovered the attack, which began on Apr. 8, just a day after the Heartbleed bug became public knowledge.
via Tech News Headlines - Yahoo News http://ift.tt/1eUxP06
Brak komentarzy:
Prześlij komentarz