A serious vulnerability to the OpenSSL project, named ‘Heartbleed’, was disclosed a couple of days ago. This vulnerability allows anyone on the internet to read information protected by vulnerable versions of OpenSSL, as the research team who discovered the vulnerability explain.
This bug affects a whole range of internet services such as email, instant messaging, virtual network connections and the web.
We immediately began updating all of our systems to the patched version of OpenSSL. This included vCluster which was never running a vulnerable version in production, but was updated to the patched version anyway. We will continue to monitor the situation and look at educating our intrusion detection systems to pick up activity patterns relating to this vulnerability.