ZoneAlarm, a security firm owned by Check Point that offers security solutions to PC users worldwide, recently suffered an unauthorised intrusion into one of its web domains that compromised names, email addresses, hashed passwords, and date of births of up to 4,500 users.
Upon contacting the security firm, The Hacker News learned that “attackers exploited a known critical RCE vulnerability (CVE-2019-16759) in the vBulletin forum software to compromise ZoneAlarm’s website and gain unauthorised access”.
It also learned that the firm was running an outdated 5.4.4 version of the vBulletin software that contained a zero-day vulnerability that was revealed by a hacker in September this year and which was exploited by hackers to hack into the Comodo forum website and access login information of 245,000 users
TEISS has covered the story here: https://www.teiss.co.uk/
Experts Comments
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Javvad Malik, Security Awareness Advocate, provides expert commentary at @Information Security Buzz.
" While there may not be payment information on such forums, at the very least, they will have email addresses and passwords...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/checkpoints-zone-alarm-suffers-breach-of-4500-subscribers-data
Facebook Message
@Javvad Malik, Security Awareness Advocate, provides expert commentary at @Information Security Buzz.
" While there may not be payment information on such forums, at the very least, they will have email addresses and passwords...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/checkpoints-zone-alarm-suffers-breach-of-4500-subscribers-data