Third security vendor in F-Secure hit by hackers
Hackers using SQL injection and cross-site scripting have taken another scalp, after successfully breaking into Kaspersky and BitDefender websites.

F-Secure is the latest security company to have fallen victim to a SQL injection attack from hackers, after Kaspersky and BitDefender websites were successfully broken into.
Hackers, believed to be Romanian, posted on Hackersblog.org that it had successfully performed a SQL injection and a cross-site scripting (XSS) attack on F-Secure.com. Fortunately this time F-Secure didn't leak sensitive data just statistics regarding past virus activity.
F-Secure revealed on its blog that the hit occurred early Thursday morning. One of its malware statistics gathering servers had a page that failed to sanitise input, which made it vulnerable to attack. However, F-Secure used a defence-in-depth strategy so the attack was only "partially successful."
It said: "Although the attackers were able to read information from the database they couldn't write or manipulate it. They couldn't access any other data on the server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages.
"So while the attack is something we must learn from and points we need to improve, it's not the end of the world," the blog added.
The F-Secure website is the third website from a security vendor to be hit by the hackers in a week. The hack of the US Kaspersky website was much more serious because it led to sensitive data being accessed such as customers' personal details.
BitDefender's website in Portugal (owned by a partner) was also hacked. However, customer data wasn't taken in any of the cases, and seems to be simply a case of hackers trying to demonstrate website vulnerability, rather than to steal information.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly