Friday, April 23, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Hackers Breach ZoneAlarm’s Forum Site — Outdated vBulletin to Blame

November 12, 2019
in Internet Privacy
Hackers Breach ZoneAlarm’s Forum Site — Outdated vBulletin to Blame
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

ZoneAlarm, an internet security software company owned by Israeli cybersecurity firm Check Point Technologies, has suffered a data breach exposing data of its discussion forum users, the company confirmed The Hacker News.

With nearly 100 million downloads, ZoneAlarm offers antivirus software, firewall, and additional virus protection solutions to home PC users, small businesses, and mobile phones worldwide.

You might also like

Cybercriminals Using Telegram Messenger to Control ToxicEye Malware

Cost of Account Unlocks, and Password Resets Add Up

Researchers Find Additional Infrastructure Used By SolarWinds Hackers

Though neither ZoneAlarm or its parent company Check Point has yet publicly disclosed the security incident, the company quietly sent an alert via email to all affected users over this weekend, The Hacker News learned.

The email-based breach notification advised ZoneAlarm forum users to immediately change their forum account passwords, informing them hackers have unauthorizedly gained access to their names, email addresses, hashed passwords, and date of births.

Moreover, the company has also clarified that the security incident only affects users registered with the “forums.zonealarm.com” domain, which has a small number of subscribers, nearly 4,500.

“This [forum] is a separate website from any other website we have and used only by a small number of subscribers who registered to this specific forum,” the email notification reads.

“The website became inactive in order to fix the problem and will resume as soon as it is fixed. You will be requested to reset your password once joining the forum.”

Hackers Exploited Recent vBulletin 0-Day Flaw

Upon reaching out to the company, a spokesperson confirmed The Hacker News that attackers exploited a known critical RCE vulnerability (CVE-2019-16759) in the vBulletin forum software to compromise ZoneAlarm’s website and gain unauthorized access.

For those unaware, this flaw affected vBulletin versions 5.0.0 up to the latest 5.5.4, for which the project maintainers later released patch updates, but only for recent versions 5.5.2, 5.5.3, and 5.5.4.

ZoneAlarm forum data breach

The Hacker News found that, surprisingly, the security company itself was running an outdated 5.4.4 version of the vBulletin software until last week that let attackers compromise the website easily.

It’s the same then-zero-day vBulletin exploit that an anonymous hacker publicly disclosed in late September this year, which, if exploited, could allow remote attackers to take full control over unpatched vBulletin installations.

Web Application Firewall

Moreover, a week after that, the same flaw was also exploited by unknown attackers to hack the Comodo forum website, which exposed login account information of over nearly 245,000 Comodo Forums users.

Though the ZoneAlarm team learned about the breach just late last week and immediately informed affected users, it’s unclear exactly when the attackers breached the website.

ZoneAlarm hacked

“ZoneAlarm is conducting an investigation into the matter. We take pride in the fact that we took a proactive approach once this incident was detected and within 24 hours and alerted the forum members,” the company’s spokesperson told the Hacker News.

Since the ZoneAlarm forum website is down at the time of writing, users would not be able to change their account password on the forum at this moment.

But if you are one of the affected users, you are also recommended to change your passwords for any other online account where you use the same credentials, and do the same for the ZoneForum website as soon as the site goes live again.


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

Microsoft Ignite postmortem: Cutting through the complexity

Next Post

A Simple Framework for data collection for any Analytics Project

Related Posts

Cybercriminals Using Telegram Messenger to Control ToxicEye Malware
Internet Privacy

Cybercriminals Using Telegram Messenger to Control ToxicEye Malware

April 23, 2021
Cost of Account Unlocks, and Password Resets Add Up
Internet Privacy

Cost of Account Unlocks, and Password Resets Add Up

April 23, 2021
1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them
Internet Privacy

Researchers Find Additional Infrastructure Used By SolarWinds Hackers

April 22, 2021
Facebook Busts Palestinian Hackers’ Operation Spreading Mobile Spyware
Internet Privacy

Facebook Busts Palestinian Hackers’ Operation Spreading Mobile Spyware

April 22, 2021
Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations
Internet Privacy

Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

April 22, 2021
Next Post
A Simple Framework for data collection for any Analytics Project

A Simple Framework for data collection for any Analytics Project

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Evolving ITOps with AIOps with no-code AI training with Cloud Pak for Watson AIOps – IBM Developer
Technology Companies

Evolving ITOps with AIOps with no-code AI training with Cloud Pak for Watson AIOps – IBM Developer

April 23, 2021
Best free PC antivirus software in 2021
Internet Security

Best free PC antivirus software in 2021

April 23, 2021
Cybercriminals Using Telegram Messenger to Control ToxicEye Malware
Internet Privacy

Cybercriminals Using Telegram Messenger to Control ToxicEye Malware

April 23, 2021
Strategies for a successful Voice of the Customer program
Data Science

Strategies for a successful Voice of the Customer program

April 23, 2021
European Values Confront AI Innovation in EU’s Proposed AI Act  
Artificial Intelligence

European Values Confront AI Innovation in EU’s Proposed AI Act  

April 23, 2021
Artificial Intelligence and Machine Learning: Demographics & Firmographics
Machine Learning

Global Federated Learning Solutions Market (2020 to 2028)

April 23, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Evolving ITOps with AIOps with no-code AI training with Cloud Pak for Watson AIOps – IBM Developer April 23, 2021
  • Best free PC antivirus software in 2021 April 23, 2021
  • Cybercriminals Using Telegram Messenger to Control ToxicEye Malware April 23, 2021
  • Strategies for a successful Voice of the Customer program April 23, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates