https://techcrunch.com/2019/10/01/comodo-forum-vbulletin-breach/
By Zach Whittaker
TechCrunch
October 1, 2019
Comodo, which bills itself as a “global leader in cybersecurity solutions,”
said its forum was hacked.
The admission came in no less than a forum post, which confirmed a hacker
exploited a recently disclosed vulnerability in vBulletin, a popular forum
software used by Comodo. The flaw, which requires little skill to exploit,
allows an attacker to remotely run malicious code on a vulnerable forum. In
this case, the exploit was used to dump the entire user database.
Exploit code was released on September 23. Two days later, vBulletin released
patches for the software.
But despite claiming in its disclosure that it takes “security very seriously”
and is its “highest priority,” the company didn’t immediately patch its forum
software. Four days after the patches were released, its forum was hacked.
According to the disclosure, Comodo said the hackers stole usernames, names and
email addresses, as well as the user’s last IP address used to access the
forum. Some social media handles were also stolen in the breach.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
