Unu, a Romanian hacker (he who may enjoy the challenge of breaking into other computers but does no harm) who we’ve talked about on the site before has been busy with his fifth demonstrated SQL Injection vulnerability on the web site of a well known company in the last 30 days. This time he has again targeted Kaspersky Labs, the anti-virus vendor that he previously demonstrated web site vulnerabilities for back on February 7th of this year. The sites affected this time around are the Kaspersky Lab sites in Malaysia http://www.kaspersky.com.my and Singapore http://www.kaspersky.com.sg. On both sites it is a news section, news.php, that is vulnerable, leading to the same MySQL database backend, and exposing customer and employee access credentials as well as what appear to be activation keys for Kaspersky Internet Security 2010.

Read more here.