Vupen Security denies it's been hacked
Reports of 130 zero-days being leaked 'totally false,' says CEO of French vulnerability research firm
Computerworld - The CEO of French vulnerability research firm Vupen Security today dismissed reports suggesting hackers had broken into the company's systems and stolen information on as many as 130 zero-day vulnerabilities.
In response to a Computerworld query, Vupen CEO and chief hacker Chaouki Bekrar said the reports of the compromise are incorrect. "Nothing happened at all. We're safe," he said.
Bekrar's comments echoed atweethe sent out late Wednesday night in which he called the rumors "totally false and pure troll."
It's unclear how speculation of the breach started. Many reports pointed to a brief post by security blogger Kevin Townsend that talked about Vupen being hacked and data on the zero-day flaws leaked. The report was picked up by other blogs and tweeted widely on Twitter.
A breach at Vupen, if true, would have wide impact. The company is widely regarded as one of the top vulnerability research firms in the business. Most recently, the company placed first at the Pwn2Own 2012 security event where it cracked Microsoft's Internet Explore 9 browser and Google's Chrome in two days.
Vupen is heavily focused on finding and exploiting unpatched bugs in leading software products. The company sells its vulnerability and exploit information to security vendors, governments, law enforcement agencies and to corporations to help them secure their systems against the flaws.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts