Major Exploit Still Affecting Philadelphia Companies

Layer 8 Security has an on-going relationship with local and federal law enforcement that allows us to know in advance when certain threats will be prevalent.  We receive notices and bulletins from the FBI and other intelligence sources on a consistent basis. In some cases, dissemination is limited; however, in this case a wide dissemination is allowed. We are glad to send this alert to keep you and your company safe.

Recently, several Philadelphia businesses have fallen victim to the OpenSSL cybersecurity exploit known as Heartbleed, which created a news frenzy in 2014.  We’re extremely surprised that there are still companies that haven’t patched or updated their assets to defend themselves against this exploit.

According to our sources, there are nearly 200,000 servers and Internet-connected devices running out-dated OpenSSL software still vulnerable to Heartbleed.  The initial analysis of the Heartbleed vulnerability found over 600,000 devices which led to one of the largest media blitzes to fix a technology bug.  The bug can be exploited to reveal chuncks of memory to any client that connects to the server.

What this means for you:

While you likely have heard about Heartbleed years ago, the threat still exists.  A “bad guy” could use the Heartbleed exploit to remotely execute malicious code on your servers which results in a compromise of sensitive data.  Organizations need to verify that their assets (Cloud servers, data, backup systems, etc.) do not run a vulnerable version of OpenSSL, and if they do, patch them immediately.  Also, this should act as a good reminder to review policies and procedures on asset maintenance.

If you have questions regarding these alerts, please contact us at or 800.530.9121

©2020 PACT All Rights Reserved