Information Security News mailing list archives
Heartbleed to blame for Community Health Systems breach
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 20 Aug 2014 11:51:14 +0000 (UTC)
http://www.csoonline.com/article/2466726/data-protection/heartbleed-to-blame-for-community-health-systems-breach.html By Steve Ragan CSO Aug 19, 2014According to a blog post from TrustedSec, an information security consultancy in Ohio, the breach at Community Health Systems (CHS) is the result of attackers targeting a flaw OpenSSL, CVE-2014-0160, better known as Heartbleed.
The incident marks the first case Heartbleed has been linked to an attack of this size and type.
On Monday, CHS disclosed a data breach in an 8-K filing with the U.S. Securities and Exchange Commission. The filing itself was brief, offering few details on the actual attack and its root cause.
The regulatory notice stated that CHS believes the network compromise itself happened in April and June of 2014. Once discovered, they hired Mandiant to perform an investigation, which speculated that the attacker was part of a group in China.
[...] -- Evident.io - Continuous Cloud Security for AWS. Identify and mitigate risks in 5 minutes or less. Sign up for a free trial @ https://evident.io/
Current thread:
- Heartbleed to blame for Community Health Systems breach InfoSec News (Aug 20)