Section of Kaspersky website compromised

In an ironic twist, a section of Moscow-based security vendor Kaspersky's new U.S. support site was compromised by someone using an SQL injection attack. What that means is a malicious SQL-based script was successfully inserted into the commands being fed into the database.

According to Roel Schouwenberg, a senior antivirus researcher for Kaspersky, the portion of the site that was breached has been developed by a third party. He said, "Obviously we are not happy about that and are in the process of making the review process stricter than it currently is."

No sensitive data or customer information were compromised this time round, though Schouwenberg did admit that a more sophisticated attacker could have potentially accessed some 2,500 email addresses of customers as well as about 25,000 product activation codes.

Interestingly, it was a Kaspersky employee in Romania who alerted workers in the U.S. after spotting a report of the breach on a Romanian Hackers Blog. To their credit, the company removed the affected section of the site, replacing it with an older--and presumably secure--version.

For more on this story:
- check out this article from CNET News

Related Articles:
Web security news from FierceCIO