![]() ![]() In 2014, security researchers discovered a flaw within the OpenSSL software library, which could be exploited by threat actors in order to track the activity of targets online, as well as serruptiously steal data entered on web pages. But platform engineering teams should keep investing in better auditing of their environments and their dependencies for the next threat, which is always just around the corner.” What was the Heartbleed vulnerability? This knowledge will allow cybersecurity and operations teams to dismiss large sections of their infrastructure, and hopefully make the impact of this vulnerability smaller than initially expected. “We also now know that OpenSSL versions prior to 3.0 are not impacted, and a lot of operating systems use OpenSSL 1.1, so these environments won’t be impacted. ![]() ![]() The attack vector has become a lot larger, and rather than just having to examine their VMs, organisations need to start preparing to patch all their container images in response to this announcement. “Heartbleed had a significant impact on all operations teams worldwide, and since then IT infrastructure has become ten times more complicated. “The announcement of the new OpenSSL critical vulnerability immediately brought back not-so-fond memories of Heartbleed or - more recently - the Log4J vulnerability,” said Mattias Gees, container product lead at Venafi. It is also likely to add to growing fear of using open source solutions amongst companies, especially in the wake of the damaging Log4Shell vulnerability. How uncertainty and disruption is forcing financial services to innovate ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |