Here at UpGuard, we take security seriously. As you may have already heard, the OpenSSL Project yesterday disclosed a serious vulnerability, nicknamed Heartbleed (CVE-2014-0160).
This vulnerability affected both UpGuard.com and UpGuard private instances.
We have multiple levels of proactive security controls in place and have not detected any suspicious activity. However, action was required and we have taken the following measures to mitigate any risk:
We have ensured that no UpGuard instances are running the vulnerable version of OpenSSL
We removed Amazon ELBs from our infrastructure until Amazon confirmed that they were no longer vulnerable
We reissued certificates for UpGuard.com and all private instances
We have detected that the above changes have resulted in a handful of agent-connected nodes losing connectivity to the UpGuard site. We will be in contact with those affected to assist.
As always, if you have any questions or concerns please let us know.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.