The Hacker News: Cyber criminals have explored one more way to exploit Heartbleed OpenSSL bug against organisations to hijack multiple active web sessions conducted over a virtual private network connection.
The consulting and incident response Mandiant investigated targeted attack against an unnamed organization and said the hackers have exploited the “Heartbleed” security vulnerability in OpenSSL running in the client’s SSL VPN concentrator to remotely access active sessions of an organization’s internal network.