News

ZoneAlarm forums hacked due to vBulletin vulnerability

The forums at ZoneAlarm, which is owned by Check Point and whose products are used by over 100 million people, have been hacked because of a vulnerability in vBulletin. As a result, users’ data fell into the hands of attackers.

Fortunately, despite the considerable user base of ZoneAlarm, the leak affected the forum hosted on forums.zonealarm.com (currently unavailable because the company fixes the problem), which has only about 4,500 users.

It was reported that among the compromised data was information about email addresses, password hashes, dates of birth and IP addresses of users.

Although neither ZoneAlarm nor its parent company, Check Point, have disclosed detailed information about the incident, emails have already been sent to all affected users to notify them of the incident.

Despite the fact that leaked passwords (according to the company) were “encrypted”, users of the ZoneAlarm forum are still advised to immediately change the passwords from their accounts.

“This [forum] is a separate website from any other website we have and used only by a small number of subscribers who registered to this specific forum. The website became inactive in order to fix the problem and will resume as soon as it is fixed. You will be requested to reset your password once joining the forum”, — said in a message sent to the forum by e-mail.

The forum is currently unavailable, and the company is still working on a fix.

The Hacker News publication, citing company representatives, reports that the forum was compromised with the use of the CVE-2019-16759 RCE vulnerability that was discovered and fixed in the vBulletin forum engine at the end of September this year. As it turned out, until recently, ZoneAlarm used an outdated version of vBulletin.

“We found that, surprisingly, the security company itself was running an outdated 5.4.4 version of the vBulletin software until last week that let attackers compromise the website easily. It’s the same then-zero-day vBulletin exploit that an anonymous hacker publicly disclosed in late September this year, which, if exploited, could allow remote attackers to take full control over unpatched vBulletin installations”, — reports The Hacker News magazine.

Let me remind you that earlier, due to this vulnerability, the official Comodo forums have already suffered, as well as Italian and Dutch resources for sex workers (prostitution is legal in these countries).

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Aboutlottads.top Pop-up Ads

About Aboutlottads.top Aboutlottads.top pop-ups can not open out of nowhere. If you have clicked on…

53 mins ago

Remove News-xboyodi.site Pop-up Ads

About News-xboyodi.site News-xboyodi.site pop-ups can not introduce out of nowhere. If you have actually clicked…

55 mins ago

Remove Himalayaview.top Pop-up Ads

About Himalayaview.top Himalayaview.top pop-ups can not launch out of the blue. If you have actually…

21 hours ago

Remove Youdilgad.top Pop-up Ads

About Youdilgad.top Youdilgad.top pop-ups can not expose out of the blue. If you have clicked…

21 hours ago

Remove Alkads.com Pop-up Ads

About Alkads.com Alkads.com pop-ups can not launch out of the blue. If you have clicked…

21 hours ago

Remove Bigamirt.xyz Pop-up Ads

About Bigamirt.xyz Bigamirt.xyz pop-ups can not launch out of nowhere. If you have clicked some…

21 hours ago