Incident Response, TDR, Threat Management

OpenSSL website hacked and defaced

The website of the OpenSSL Project – a community effort to develop a robust and open source toolkit implementing Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and cryptography – was hacked and defaced on Sunday, according to a Monday post on the website.

The defacement read, “TurkGuvenligiTurkSec Was Here @turkguvenligi + we love openssl_”

An investigation revealed that the source repositories were not impacted and that no other alterations to the website were made aside from to the index.html page, according to the post.

The defacement was made possible due to an attack made “via hypervisor through the hosting provider and not via any vulnerability in the OS configuration,” according to the post, which adds that steps have been taken to prevent a similar attack from occurring again.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.