SQL injection sneaks into Kaspersky’s support website

The recent compromise of Kaspersky’s support database left the company with a bit of explaining to do. The hacker published a blog post on hackersblog detailing stunts with Kaspersky’s USA support website. Kaspersky also published their own account based on their log files and the hacker’s (nicknamed unu) blog post. The following is a summary of what happened and how such attacks can be prevented.

Read More →