Third security vendor in F-Secure hit by hackers
Hackers using SQL injection and cross-site scripting have taken another scalp, after successfully breaking into Kaspersky and BitDefender websites.
F-Secure is the latest security company to have fallen victim to a SQL injection attack from hackers, after Kaspersky and BitDefender websites were successfully broken into.
Hackers, believed to be Romanian, posted on Hackersblog.org that it had successfully performed a SQL injection and a cross-site scripting (XSS) attack on F-Secure.com. Fortunately this time F-Secure didn't leak sensitive data just statistics regarding past virus activity.
F-Secure revealed on its blog that the hit occurred early Thursday morning. One of its malware statistics gathering servers had a page that failed to sanitise input, which made it vulnerable to attack. However, F-Secure used a defence-in-depth strategy so the attack was only "partially successful."
It said: "Although the attackers were able to read information from the database they couldn't write or manipulate it. They couldn't access any other data on the server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages.
"So while the attack is something we must learn from and points we need to improve, it's not the end of the world," the blog added.
The F-Secure website is the third website from a security vendor to be hit by the hackers in a week. The hack of the US Kaspersky website was much more serious because it led to sensitive data being accessed such as customers' personal details.
BitDefender's website in Portugal (owned by a partner) was also hacked. However, customer data wasn't taken in any of the cases, and seems to be simply a case of hackers trying to demonstrate website vulnerability, rather than to steal information.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
What is data democratization and how will embracing it benefit your business?
Prepare for the future now. Achieve greater, secure productivity, using AI with the latest Dell PCs powered by Intel® Core™ Ultra and Copilot
Data center water consumption is skyrocketing, but Microsoft thinks it has a solution – the company's new closed-loop cooling system consumes zero water and could save millions of liters per year