Cyber criminals have explored one more way to exploit Heartbleed OpenSSL bug against organisations to hijack multiple active web sessions conducted over a virtual private network connection. Mandiant investigated targeted attack against an unnamed organization and said the hackers have exploited the “” security vulnerability in OpenSSL running in the client’s SSL VPN concentrator to remotely access active sessions of an organization’s internal network. The vulnerability infected almost two-third of internet web servers, including popular websites, including the Canada Revenue Agency by exploiting the bug. Attack is not traceable, and the bug returns only 64KB of memory for each heartbeat request.
Source: https://thehackernews.com/2014/04/hacker-exploits-heartbleed-bug-to.html