vBulletin Breached; User Data Compromised
Posted by: Timothy Weaver on 11/07/2015 10:10 AM
[
Comments
]
vBulletin was breached and it made 480,000 subscribers vulnerable. To mitigate the attack, vBulletin reset the passwords for all subscribers.
A security patch was released Monday night, but ars technica suggested that from available evidence the site "contained a zero-day vulnerability that allowed hackers in the wild to gain almost complete control over websites that used the forum app."
Wayne Luke, technical support lead at vBulletin, denied it being a zero day attack and instead suggested that the attack was: "These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications."
However, Tod Beardsley, principal security research manager at Rapid7, said in a statement issued on Wednesday, that it looks like the attack on vBulletin was due to a SQL injection bug in its forum software.
Beardsley went on to say that organizations that rely on vBulletin should apply the security patch immediately. "vBulletin is a popular target, since compromising a forum site can provide an effective platform for a watering hole attack. An unpatched bug in the platform can expose downstream users to serious risk."
Source: SCMagazine
A security patch was released Monday night, but ars technica suggested that from available evidence the site "contained a zero-day vulnerability that allowed hackers in the wild to gain almost complete control over websites that used the forum app."Wayne Luke, technical support lead at vBulletin, denied it being a zero day attack and instead suggested that the attack was: "These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications."
However, Tod Beardsley, principal security research manager at Rapid7, said in a statement issued on Wednesday, that it looks like the attack on vBulletin was due to a SQL injection bug in its forum software.
Beardsley went on to say that organizations that rely on vBulletin should apply the security patch immediately. "vBulletin is a popular target, since compromising a forum site can provide an effective platform for a watering hole attack. An unpatched bug in the platform can expose downstream users to serious risk."
Source: SCMagazine
Comments
