F-Secure latest security vendor hacked

F-Secure confirmed the breach of a low-level database server containing virus statistical information.

The website of security vendor F-Secure Corp. is the latest victim in a series of SQL injection attacks targeting security firms.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

A Romanian hacker has detailed the latest SQL injection attack in a posting on the hackersblog.org forum. The anonymous hacker said he viewed some statistics regarding past virus activity after exploiting coding errors on the Helsinki, Finland-based antivirus vendor's website. The hacker said the website was vulnerable to both SQL injection and cross-site scripting attacks.

The hacker posted screenshots of the SQL Server information and database table names.

David Frazer, director of technology services for F-Secure's North American division confirmed the breach late Wednesday. Frazer said the database server breached was considered extremely low level and contained virus statistical information. Members of the F-Secure IT team have pulled the server down to investigate, he said.

"It was not even part of our critical infrastructure, nonetheless we're considerably embarrassed," he said. "As a security company it's still something that we should make sure is patched and up to date."

Frazer said the IT team is fairly certain that no other systems had been breached.

Kaspersky website hacked:
Kaspersky website hacked, customer activation codes exposed:Customer email addresses and up to 25,000 activation codes were exposed on a server for 10 days, the antivirus vendor said.

It is the second time in recent days that an antivirus vendor was the target of an attack. A Romanian hacker detailed a similar successful SQL injection attack against a Kaspersky Lab support website on Saturday, exposing a server containing thousands of customer email addresses and up to 25,000 activation codes.

The attack took place Feb. 7, but the information was exposed 10 days prior to the attack. The Russian-based antivirus company responded by hiring high-profile database security expert David Litchfield to conduct an independent audit of its systems.

The hacker also claimed to have exploited a vulnerability in a partner website associated with BitDefender.


Editor's Note: Story updated with F-Secure comments

Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close