By Jim Finkle
BOSTON (Reuters) – The U.S. Government warned on Friday that hackers are attempting to exploit the ‘Heartbleed’ bug in targeted attacks by scanning networks to see if they are vulnerable.
It asked organizations to report any Heartbleed-related attacks to the Department of Homeland Security, on a website that it uses to advise critical infrastructure operators about emerging cyber threats.
Larry Zelvin, a Department of Homeland Security official who runs an agency center that monitors and responds to emerging cyber threats, said separately in a blog post early Friday that DHS was working with federal, state and local governments to uncover and mitigate any potential threats.
“While there have not been any reported attacks or malicious incidents involving this particular vulnerability at this time, it is still possible that malicious actors in cyberspace could exploit unpatched systems,” said Zelvin, director of the National Cybersecurity and Communications Integration Center.
The widespread bug surfaced late on Monday, when it was disclosed that a pernicious flaw in a widely used Web encryption program known as OpenSSL opened hundreds of thousands of websites to data theft.
Now, technology companies are rushing to identify pieces of vulnerable OpenSSL code elsewhere, including email servers, ordinary PCs, phones and even security products.
Companies including Cisco Systems Inc and Intel Corp have rushed to push out updates to protect against the threat, warning customers they may be at risk.
(This story corrects spelling of name of DHS official Larry Zelvin in paragraphs 3 and 4)
(Reporting by Jim Finkle; Editing by Richard Valdmanis and Bernadette Baum)