The cyber Security Analyst 'Ebrahim Hegazy' (@Zigoo0) Consultant at Q-CERT has found an "Unvalidated Redirection Vulnerability" in the website of the giant security solutions vendor "Kaspersky".
Ebrahim, who found a SQL Injection in "Avira" website last month, this time he found a Unvalidated Redirection Vulnerability that could be exploited for various purposes such as:
- Cloned websites (Phishing pages)
- It could also be used by Black Hats for Malware spreading
In the specific case what is very striking is that the link usable for the attacks is originated by a security firm like Kaspersky with serious consequences.
Would you trust a link from your security vendor? Absolutely Yes! But imagine your security vendor is asking you to download a malware!
No comments:
Post a Comment