But this time was different: the bug exists on firmware that has to be replaced, not updated, and was used to break into a virtual private network (VPN), bypassing the networks multifactor authentication entirely. An unspecified attacker exploited the bug on an unnamed companys VPN concentrator, an appliance that provides secure remote connectivity to a private network such as one a company might use in its office. Washington D.C.-based security company Mandiant discovered the attack, which began on Apr. 8, just a day after the Heartbleed bug became public knowledge.
Comments are closed.
