ZoneAlarm, a security firm owned by Check Point that offers security solutions to PC users worldwide, recently suffered an unauthorised intrusion into one of its web domains that compromised names, email addresses, hashed passwords, and date of births of up to 4,500 users.
Upon contacting the security firm, The Hacker News learned that “attackers exploited a known critical RCE vulnerability (CVE-2019-16759) in the vBulletin forum software to compromise ZoneAlarm’s website and gain unauthorised access”.
It also learned that the firm was running an outdated 5.4.4 version of the vBulletin software that contained a zero-day vulnerability that was revealed by a hacker in September this year and which was exploited by hackers to hack into the Comodo forum website and access login information of 245,000 users
TEISS has covered the story here: https://www.teiss.co.uk/
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.