Incident Response, TDR, Vulnerability Management

Another vendor threat

Chuck MillerFebruary 19, 2009

A fourth security vendor website has been found to be insecure. In a post on hackersblog.org, a Romanian hacker, whose alias is "Unu," describes an insecure parameter in the Symantec Document Download Center that is vulnerable to SQL injection. The flaw supposedly exists on an SSL login page and permits access to company databases. According to the hacker, Symantec has been contacted but has not yet responded. The same hacker claimed to gain access to Kaspersky, F-Secure and BitDefender websites. — CAM

Chuck Miller

Related

(Credit: Robert – stock.adobe.com)

Change Healthcare breach data may be in hands of new ransomware group

Laura FrenchApril 8, 2024

RansomHub has threatened to sell 4TB of Change Healthcare data if it is not paid in 12 days.

Ransomware payments breached $1 billion in 2023, a first

Laura FrenchFebruary 8, 2024

The MOVEit hack and growth of RaaS helped drive record-breaking ransomware revenue, analysts say.

Cyberattacks on Clorox, Johnson Controls cost companies $76M combined

Steve ZurierFebruary 5, 2024

It's unclear if new SEC reporting rules played a role in the disclosures, but security pros say the new year is a period of openness.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news