Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Cybersecurity giant Comodo can't even keep its own website secure

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 4 Oct 2019 09:19:30 +0000 (UTC)
https://techcrunch.com/2019/10/01/comodo-forum-vbulletin-breach/

By Zach Whittaker
TechCrunch
October 1, 2019
Comodo, which bills itself as a “global leader in cybersecurity solutions,” said its forum was hacked.
The admission came in no less than a forum post, which confirmed a hacker exploited a recently disclosed vulnerability in vBulletin, a popular forum software used by Comodo. The flaw, which requires little skill to exploit, allows an attacker to remotely run malicious code on a vulnerable forum. In this case, the exploit was used to dump the entire user database.
Exploit code was released on September 23. Two days later, vBulletin released patches for the software.
But despite claiming in its disclosure that it takes “security very seriously” and is its “highest priority,” the company didn’t immediately patch its forum software. Four days after the patches were released, its forum was hacked.
According to the disclosure, Comodo said the hackers stole usernames, names and email addresses, as well as the user’s last IP address used to access the forum. Some social media handles were also stolen in the breach. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: