Information Security News mailing list archives
Cybersecurity giant Comodo can't even keep its own website secure
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 4 Oct 2019 09:19:30 +0000 (UTC)
https://techcrunch.com/2019/10/01/comodo-forum-vbulletin-breach/ By Zach Whittaker TechCrunch October 1, 2019Comodo, which bills itself as a “global leader in cybersecurity solutions,” said its forum was hacked.
The admission came in no less than a forum post, which confirmed a hacker exploited a recently disclosed vulnerability in vBulletin, a popular forum software used by Comodo. The flaw, which requires little skill to exploit, allows an attacker to remotely run malicious code on a vulnerable forum. In this case, the exploit was used to dump the entire user database.
Exploit code was released on September 23. Two days later, vBulletin released patches for the software.
But despite claiming in its disclosure that it takes “security very seriously” and is its “highest priority,” the company didn’t immediately patch its forum software. Four days after the patches were released, its forum was hacked.
According to the disclosure, Comodo said the hackers stole usernames, names and email addresses, as well as the user’s last IP address used to access the forum. Some social media handles were also stolen in the breach.
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Cybersecurity giant Comodo can't even keep its own website secure InfoSec News (Oct 04)