Tuesday, March 9, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Comodo Forums Hack Exposes 245,000 Users’ Data — Recent vBulletin 0-day Used

October 1, 2019
in Internet Privacy
Comodo Forums Hack Exposes 245,000 Users’ Data — Recent vBulletin 0-day Used
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

If you have an account with the Comodo discussion board and support forums, also known as ITarian Forum, you should change your password immediately.

Cybersecurity company Comodo has become one of the major victims of a recently disclosed vBulletin 0-day vulnerability, exposing login account information of over nearly 245,000 users registered with the Comodo Forums websites.

You might also like

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

Microsoft Exchange Cyber Attack — What Do We Know So Far?

Iranian Hackers Using Remote Utilities Software to Spy On Its Targets

In a brief security notice published earlier today, Comodo admitted the data breach, revealing that an unknown attacker exploited the vBulletin vulnerability (CVE-2019-16759) and potentially gained access to Comodo Forums database.

It’s worth noting that Comodo forum was hacked on September 29, almost four days after vBulletin developers released a patch to let administrators address the vulnerability, but the company failed to apply the patches on time.

As The Hacker News broke the news last week, an anonymous hacker publicly disclosed details of a critical then-unpatched vulnerability in vBulletin—one of the widely used internet forum software—which could have allowed remote attackers to execute arbitrary commands on the web server.

However, Comodo has not specified which of the company’s forums has been hacked out of the two separate forums it owns.

One the forums, “forums.comodo.com,” is hosted at Comodo’s own sub-domain and is powered by the different forum software, called Simple Machines Forum, and appears not to be impacted.

The second forum, which runs over the vBulletin software and has likely been hacked, is ITarian Forum hosted at “forum.itarian.com,” a discussion board where the company offers technical assistance to the users of its products.

Comodo vbulletin forums hacked

What Type of Information Was Accessed?

The breached database contains forum users’ information, including:

  • Login username
  • Name
  • Email address
  • Hashed passwords
  • Last IP address used to access the forums
  • Some social media usernames in very limited situations.

The company became aware of the security breach over the weekend on September 29 morning, which suggests users registered on Comodo Forums until this Sunday are impacted by the breach.

“Very recently a new vulnerability in the vBulletin software, which is one of the most popular server applications for website comments including the Comodo Forums, was made public,” the company says.

“Over the weekend at 4:57 am ET on Sunday, September 29, 2019, we became aware that this security flaw in the vBulletin software had become exploited resulting in a potential data breach on the Comodo Forums.”

Immediately after detecting the security intrusion, the Comodo IT infrastructure team immediately took the forums offline in an attempt to mitigate the vBulletin exploit and applied the recommended security patches.

What Users Should Do Now?

If you have registered with Comodo Forums on or before September 29, you are highly recommended to immediately change the password for your forum account to a strong and unique one and for any other online account where you use the same credentials.

Web Application Firewall

Although the account passwords were hashed in vBulletin for the Comodo Forum users, Comodo advises users to change their passwords as part of good password practices.

“We deeply regret any inconvenience or distress this vulnerability may have caused you, our users,” the company says.

“As members of our community of Comodo Forum users, we want to reassure you that we have put in place measures to ensure that vulnerabilities in third-party software, such as vBulletin, will be patched immediately when patches become available.”

Besides this, at the time of writing, the company has also temporarily disabled the registration for new users on the affected forums, The Hacker News confirmed.


Credit: The Hacker News By: noreply@blogger.com (Wang Wei)

Previous Post

The state of open source databases in 2019: Multiple Databases, Clouds, and Licenses

Next Post

German police storm bulletproof data center in former NATO bunker

Related Posts

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
Internet Privacy

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

March 9, 2021
Microsoft Exchange Cyber Attack — What Do We Know So Far?
Internet Privacy

Microsoft Exchange Cyber Attack — What Do We Know So Far?

March 9, 2021
Iranian Hackers Using Remote Utilities Software to Spy On Its Targets
Internet Privacy

Iranian Hackers Using Remote Utilities Software to Spy On Its Targets

March 8, 2021
Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
Internet Privacy

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

March 6, 2021
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Internet Privacy

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

March 6, 2021
Next Post
German police storm bulletproof data center in former NATO bunker

German police storm bulletproof data center in former NATO bunker

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report
Internet Security

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

March 9, 2021
Is investing in AI the highest ROI opportunity?
Data Science

Is investing in AI the highest ROI opportunity?

March 9, 2021
Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News
Machine Learning

Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News

March 9, 2021
Ezviz C3X outdoor security camera review: Simple setup, superb features Review
Internet Security

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

March 9, 2021
Operationalizing AI – Introduction to the ModelOps Pipeline
Data Science

Operationalizing AI – Introduction to the ModelOps Pipeline

March 9, 2021
SCA invests in Australian AI and machine learning company
Machine Learning

SCA invests in Australian AI and machine learning company

March 9, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report March 9, 2021
  • Is investing in AI the highest ROI opportunity? March 9, 2021
  • Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News March 9, 2021
  • Ezviz C3X outdoor security camera review: Simple setup, superb features Review March 9, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates