Incident Response, TDR, Vulnerability Management

Another vendor threat

A fourth security vendor website has been found to be insecure. In a post on, a Romanian hacker, whose alias is "Unu," describes an insecure parameter in the Symantec Document Download Center that is vulnerable to SQL injection. The flaw supposedly exists on an SSL login page and permits access to company databases. According to the hacker, Symantec has been contacted but has not yet responded. The same hacker claimed to gain access to Kaspersky, F-Secure and BitDefender websites. — CAM

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.