[fireeye] If an Android Has a Heart, Does It Bleed?

The OpenSSL Heartbleed vulnerability “allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read” [1]. Heartbleed surprised the public by allowing attackers to steal sensitive information from vulnerable websites by sending crafted SSL heartbeat messages. However, due to the fact that servers can send heartbeats to clients as well, malicious servers can, in turn, attack vulnerable clients and steal sensitive information. For the Android platform, we find that roughly 150M downloads of Android apps contain OpenSSL libraries vulnerable to Heartbleed.

[securityaffairs] Mandiant uncovered Heartbleed based attacks to Hijack VPN sessions

Security experts at Mandiant uncovered attackers exploiting the Heartbleed vulnerability to circumvent Multi-factor Authentication on VPNs.

[thehackernews] Several Tor Exit Nodes Vulnerable To Heartbleed Bug

Half of the Internet fall victim to the biggest threat, Heartbleed bug and even the most popular online anonymity network Tor is also not spared from this bug.

[net-security] Tor relays vulnerable to Heartbleed dropped from anonymity network

Thanks to the OpenSSL Heartbleed bug, the Tor anonymity network is set to temporarily lose around "12 per cent of the exit capacity and 12 per cent of the guard capacity.” 

[securityaffairs] How many mobile Users could be affected by Heartbleed flaw?

Heartbleed is the security flaw that is scaring IT industry, which is its impact on the mobile worlds? How many Smartphone Users could be affected?

[securityaffairs] BlackBerry and CISCO products are affected by Heartbleed vulnerability

CISCO and BlackBerry started to evaluate the impact of Heartbleed vulnerability on their products …unfortunately,the list of affected solutions is long.

[securityaffairs] Heartbleed flaw was already exploited for cyber attacks by NSA

The US National Security Agency knew for at least two years about the Heartbleed flaw, and exploited it for cyber attacks according Bloomberg.

[securityaffairs] Statistics on the impact of Heartbleed on Select Top Level Domains

The Heartbleed Bug is probably the most serious menace to the modern Internet, a serious flaw in the popular OpenSSL library that is having a great impact.

[infosecurity-magazine] HeartBleed 101

The major security flaw known as Heartbleed, which may affect nearly two-thirds of websites online, threatens to expose masses of usernames, passwords and other sensitive information worldwide. And, predict experts, the ramifications will be with us for years.

[net-security] Heartbleed bug: What regular users need to do

As the news of the existence of the Heartbleed bug in OpenSSL and the implications of its existence trickles down into mainstream media, users are trying to figure out what passwords to change and which software to update.