Heartbleed Update

Updated on July 26, 2016 by Alan Sharp-Paul

Here at UpGuard, we take security seriously. As you may have already heard, the OpenSSL Project yesterday disclosed a serious vulnerability, nicknamed Heartbleed (CVE-2014-0160).

This vulnerability affected both UpGuard.com and UpGuard private instances.

We have multiple levels of proactive security controls in place and have not detected any suspicious activity. However, action was required and we have taken the following measures to mitigate any risk:

  1. We have ensured that no UpGuard instances are running the vulnerable version of OpenSSL
  2. We removed Amazon ELBs from our infrastructure until Amazon confirmed that they were no longer vulnerable
  3. We reissued certificates for UpGuard.com and all private instances

We have detected that the above changes have resulted in a handful of agent-connected nodes losing connectivity to the UpGuard site. We will be in contact with those affected to assist.

As always, if you have any questions or concerns please let us know.

Rock on,

The UpGuard Team