Researchers have observed sophisticated hacking groups conducting automated scans of the Internet in search of Web servers running a widely used Web encryption program known as OpenSSL that makes them vulnerable to the theft of data, including passwords, confidential communications and credit card numbers. OpenSSL is used on about two-thirds of all Web servers, but the issue has gone undetected for about two years. Kurt Baumgartner, a researcher with security software maker Kaspersky Lab, said his firm uncovered evidence on Monday that a few hacking groups believed to be involved in state-sponsored cyber espionage were running such scans shortly after news of the bug first surfaced the same day. By Tuesday, Kaspersky had identified such scans coming from "tens" of actors, and the number increased on Wednesday after security software company Rapid7 released a free tool for conducting such scans.
Read More…
Leave a Reply
You must be logged in to post a comment.