Patches and mitigations have been applied where applicable. Thales Cloud Protection and Licensing (CPL) security teams have completed a full inventory of our portfolio of data protection, access management and software monetization products and services. Our engineering teams are working to identify any usage of the OpenSSL v3.0.x library in our products and services, and are prepared to take the necessary steps to analyze, mitigate, and remediate any issues for our customers. Thales CPL is aware of pending November 1st disclosure of a critical vulnerability in the OpenSSL v.3.0.x library. – 16:30 UTC - OpenSSL critical patch to be released on 0 Please check back here for updates to this status. We have not yet identified any CPL products or services which are impacted and our investigations are continuing. The OpenSSL advisory on Novemdowngraded the severity of the vulnerability from Critical to High and provided important details related to the flaw. We have not received any direct ransom notification, however we are taking this allegation seriously.ĬVE-2022-3602/CVE-2022-3706 OpenSSL Update: – 19:00 UTC Thales CPL will continue to support CERT in their investigations, and post any relevant information for customers of our products to this page as additional details are made available.
A dedicated team of security experts from Thales CERT are currently investigating the situation as security of our data remains a key priority.Īs of today, Thales has not identified any trace of impact on - nor intrusion into - its information systems.
We are aware of an allegation of a Lockbit 3.0 attack targeting data potentially pertaining to the Thales Group. Lockbit 3.0 claims Update: 02 November 2022 – 18:00 UTC
0 kommentar(er)
