The creators of vBulletin are having a bad week. Not only did they have a data breach that resulted in around 400,00 stolen user records, but it sounds like the attacker leveraged a zero day vulnerability in their own software to compromise their network. Watch today’s Daily Byte to learn more about this story, and what you should do if you use vBulletin software.
(Episode Runtime: 2:10)
Direct YouTube Link: https://www.youtube.com/watch?v=5XIwY4seah0
EPISODE REFERENCES:
- vBulletin’s site and forum software hacked – Ars Technica
- vBulletin asks users to reset password – vBulletin
- vBulletin released patch for forum software – vBulletin
- Researcher discloses his vBulletin RCE vuln – Twitter
- His actual Pastie disclosure – Pastie
- Hacker claims responsibility for breach – The Admin Zone
- Coldzer0 attempts to sell vBulletin 0day – oday.today
- Video demonstrating the vBulletin exploit – YouTube
— Corey Nachreiner, CISSP (@SecAdept)
Ban kem nen cc sugao gia re nhat