[ISN] Yet Another Security Firm Breached: Employee Email, User Accounts Leaked

From: InfoSec News <alerts_at_private>
Date: Tue, 12 Apr 2011 00:53:22 -0500 (CDT)
http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229401358/yet-another-security-firm-breached-employee-email-user-accounts-leaked.html

By Kelly Jackson Higgins
Darkreading 
April 11, 2011

Another week, another security firm breach: Hackers have posted 
employee, partner, and customer credentials stolen from Barracuda 
Networks in what began with a SQL injection attack on the security 
firm's website.

UPDATE: Barracuda late tonight confirmed that its corporate website 
indeed had been hacked via a SQL injection attack, and names and emails 
of customer and partners, including some hashes of salted passwords, 
exposed. "However, all active passwords for applications in use remain 
secure," said Michael Perone, executive vice president and CMO at 
Barracuda in a blog posting on the security vendor's website.

Perone said the attack occurred when the company's web application 
firewall was accidentally set in passive monitoring mode during a 
maintenance period on the site. "So, the bad news is that we made a 
mistake ... The Barracuda Web Application Firewall in front of the 
Barracuda Networks Web site was unintentionally placed in passive 
monitoring mode and was offline through a maintenance window that 
started Friday night (April 8, 2011) after close of business Pacific 
time. Starting Saturday night at approximately 5pm Pacific time, an 
automated script began crawling our Web site in search of unvalidated 
parameters," he blogged.

The attackers found a SQL injection bug in PHP script in the company's 
customer case study database, which shared the company's marketing 
database of customer leads, partners, and some Barracuda employees. "The 
attack utilized one IP address initially to do reconnaissance and was 
joined by another IP address about three hours later. We have logs of 
all the attack activity, and we believe we now fully understand the 
scope of the attack," Perone blogged.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Apr 11 2011 - 22:53:22 PDT

This archive was generated by hypermail 2.2.0 : Mon Apr 11 2011 - 23:00:55 PDT