SQL Injection Attack on Barracuda Networks Exposes Confidential Data

Recently, Barracuda Networks suffered SQL Injection Attack. The attack led to disclosure of confidential information.

Albuquerque, NM (prHWY.com) April 13, 2011 - Albuquerque, NM, United States - Over the last few months, IT security firms such as HBGary Federal and RSA suffered security breaches. In yet another attack on security firm, attackers intruded into the database of Barracuda Networks through SQL injection attack. Attackers targeted the website over the last weekend, when the web application firewall protecting the website was inadvertently placed in passive monitoring mode. According to Barracuda, only names and e-mail addresses were extracted from the targeted databases. One-way cryptographic hashes of salted passwords were also stored in the databases. An intruder, who identified himself as Fdf claimed credit for the attack and posted names, phone numbers, e-mail addresses and company affiliations of sales leads collected by Barracuda's channel partners on the Web. The post also includes names and e-mail addresses of company employees. Barracuda has not confirmed the claims of the intruder.

Investigations by security professionals at Barracuda revealed that attackers constantly scanned the website and a detected a SQL injection vulnerability in a PHP script, which supports a customer case study database. The database also shared a SQL database used for marketing programs, which contained names and e-mail addresses of employees, leads and channel partners. The investigations by the company reveal that two IP addresses were used by the intruders in the attack. The security company plans to notify all users, whose e-mail addresses were disclosed in the attack.

Cybercriminals constantly scan the networks to identify and exploit security flaws. As such, adequate protection must be provided to the websites and networks at all times. Website security must be constantly evaluated through penetration testing. Professionals qualified in IT masters degree and secured programming could help organizations in identifying and rectifying security flaws. SQL injection attacks could be reduced by proper validation of all inputs and use of parameterized queries. Web application firewalls must be in active mode to thwart sophisticated attacks and intrusions.

Repeated data breaches may make users susceptible of online activity. Information security is critical for the continued growth of Internet.Online technology degree courses may help IT professionals in improving skills and acquiring expertise on latest security tools and techniques.

Cyber security education has become even more significant in the wake of repeated data breach incidents. Internet users must use strong and unique passwords for different accounts. Online computer degree programs, e-tutorials and e-flyers could be used to educate users on cyber security tips and best practices.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

###

Tag Words: sql injection attack, barracuda networks, fdf, security flaw, web application firewalls, sql database, input validation, online computer degree

Categories: Security

Link To This Press Release:

URL HTML Code