Heartbleed strikes again… according to respected security consulting firm Mandiant, one of its corporate customers’ SSL VPN appliances was compromised by attackers using the Heartbleed vulnerability. The attackers were able to hijack logged in sessions and thus access the organization’s network. The key to detecting hijacked sessions is to look for log entries which show sessions switching between two different IP addresses at short intervals. Mandiant isn’t telling which vendor’s SSL VPN is vulnerable, but Cisco, Juniper, and the open source OpenVPN project have all issued security advisories related to Heartbleed. Infosec people should be checking for new VPN vendor patches and scanning logs for telltale IP address changes.
RSS - Posts