Blog | InfoSec

More SQL Injection: Barracuda Networks Hacked

Posted on April 12, 2011Link 

Barracuda Networks is latest on the list of security vendors/service providers to be compromised. The Malaysian group, "HMSec," used blind SQL injection to retrieve database contents including emails, CMS logins, and MD5-hashed passwords. A poston barracudalabs.com titled "Learning the Importance of WAF Technology – the Hard Way" explains that, "The Barracuda Web Application Firewall in front of the...Continue reading 

RSA Breached by Advanced Persistent Threat

Posted on March 18, 2011Link 

RSA has announced that they have been compromised by an "extremely sophisticated cyber attack" of which details are not clear. All that is known is that RSA's two-factor authentication seems to be affected. The degree to which this breach impacts their two-factor authentication solutions is not known and RSA has filed an 8-K with the SEC so don't expect too...Continue reading 

HBGary Incident - Anatomy of the Attack

Posted on February 22, 2011Link 

CEO Aaron Barr decided to unmask who he thought was behind the leadership of attacks against MasterCard, Visa, and other perceived enemies of WikiLeaks.Before unmasking this individual, Barr spilled the beans and communicated his intended actions to this person.A custom written CMS application (http://www.hbgaryfederal.com) suffered from SQL injection, SQL injection in a URL parameter no...Continue reading 

Have Questions?
Get Answers