On 7th April 2014 a critical vulnerability was found in OpenSSL and is affecting organizations and individuals worldwide.
The vulnerability named “Heartbleed” uses a TLS heartbeat read overrun which could be used to reveal chunks of sensitive data from system memory of any system worldwide running the affected versions of OpenSSL. This is amounts to about 2/3 of all servers worldwide.
What this means to your organization is that the security device used to provide network security is vulnerable. Although we have no evidence that there has been any security breach, we will take quick action to fix this serious issue.
Over the new few days, one of our staff will be in touch to schedule maintenance to the Sophos UTM device being used to secure the network of your organization and provide VPN access. The patch should take no longer than an hour and there will be minimal disruption.
The overview steps are:
- Apply the correct patch version for your UTM version.
- Regenerate Certificates
- Change your VPN passwords
- Do NOT restore old vulnerable UTM backups
- Update the SSL VPN software clients
Snaps from around the office