Antivirus # 2: Hacking BitDefender and Serious Symantec Vulnerabilities

Not so long ago, we wrote that British intelligence agencies had hacked into Kaspersky Lab's antivirus products, and Google researchers (Project Zero) found a serious vulnerability in ESET NOD32. And I must say that the problems of antivirus companies are not over. On July 31, the media spread the news about the hacker attack , which led to the theft of credentials of users of BitDefender products, in addition, on the same day there was information about the detection of a number of serious vulnerabilities in the security software of Symantec.

Vulnerabilities in Symantec Endpoint Protection

July 31, the blog of the German security company Code White revealed information about a number of serious vulnerabilities in the Symantec Endpoint Protection product. Endpoint Protection Manager product security errors found include authentication bypass ( CVE-2015-1486 ), privilege escalation ( CVE-2015-1489 ), file read and write ( CVE-2015-1487 , CVE-2015-1488 , CVE-2015- 1490 ), as well as the implementation of SQL injection ( CVE-2015-1491 ). Endpoint Client also discovered a vulnerability that allows the execution of arbitrary code ( CVE-2015-1492 ).
')
The Code White post describes in detail the process of penetration into the system, elevation of privileges and subsequent code execution.

BitDefender Attack

The attack on the anti-virus company BitDefender has become a much more resonant event. In this case, the main reason for the hype in the media was not even the fact of hacking, but the fact that the passwords of users who managed to steal the attackers were stored in the clear.

Despite the fact that information about the hacking of BitDefender hit the media on July 31, the attack itself was carried out earlier. So on July 24, a user under the nickname DetoxRansome turned to BitDefender with the requirement to pay him $ 15 thousand ... Otherwise, he threatened to publish a database of "merged" accounts:



According to the profile blog Hacker Film, on July 25, the hacker made another attempt to monetize the hacking he did - he posted some stolen logins and passwords (which were not encrypted, and later the hacker himself confirmed to Forbes that accounts were stored in this form) initially).



Later, the hacker published a message stating that with the help of stolen accounts he managed to penetrate into the systems of many BitDefender clients. As a confirmation of his words, he posted screenshots of the analytics panel of companies that used BitDefender antivirus products:



BitDefender representatives later confirmed that the published data are really active user accounts (the company reset passwords for all users whose accounts flowed into the network). The company also refused to pay the hacker and "immediately fixed the problem by taking measures to prevent similar incidents in the future."