The Russian-based security firm Kaspersky has fallen victim to the cyber criminals it tries to protect users against, according to reports.
The company, known for its anti-virus software, has supposedly been compromised by hackers who have directed users trying to download Kaspersky's software to malicious sites. Once they have reached the destination they are then encouraged to download fake anti-virus software, which could compromise their data security.
Users of the software have complained to the company over three separate forums but, despite a user thought to be a Kaspersky employee claiming the issue was fixed, the company denied on the forums there had been any problem to begin with.
Writing about the incident on his blog, Rik Ferguson, senior security advisor at Trend Micro, said: "Security vendors have often been the target of both malicious and mischievous hackers and without fail, honesty and transparency have always been the best policy in the aftermath of such an event."
UPDATE: Kaspersky got back to us and confirmed an attack had hit the site on Sunday, exploiting a vulnerability in a third party app used for website admin.
The company claimed the redirection to the fake anti-virus only lasted three and a half hours and as soon as it was notified, it took the affected server offline within ten minutes.
"Currently the server is secure and fully back online, and Kaspersky products are available for download," the firm said in a statement sent to IT PRO.
"Kaspersky Lab also wants to confirm that no individual's details were compromised from the company's web servers during this attack."
The statement concluded: "Kaspersky Lab takes any attempt to compromise its security seriously. Our researchers are currently working on identifying any possible consequences of the attack for affected users, and are available to provide help to remove the fake antivirus software."
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Mitre reveals ten worst hardware security weaknesses in 2021News The list aims to highlight common hardware flaws to help eliminate them from product development cycles
-
New malware plants backdoor on Microsoft web server softwareNews IIS target of hackers looking to enter victim’s infrastructure
-
HPE warns of a critical zero-day flaw in server management softwareNews There's a workaround for Windows customers, but nothing for Linux admins
-
BBX BlackBerry Server brings security ruckus for CIOsNews Working with the new BlackBerry Server, BBX will secure enterprise data and provision enterprise apps without blocking consumer apps.
-
DeviceLock 7 reviewReviews Accidental or deliberate data leakage is now a major security headache for businesses. Dave Mitchell takes a look at DeviceLock 7 to see if it plugs those holes that others leave behind.
-
DDoS attack turns servers into botsNews A new distributed denial of service attack has been discovered that uses servers to distribute rather than PCs.
-
Microsoft IIS web server under attack from hackersNews The company has said that exploit code targeting the flaw was ‘not responsibly disclosed’.
-
UPDATED: Hackers could take control of Microsoft's IIS serverNews A flaw in IIS could allow the bad guys to come in and take control.
