Join our followers
vBulletin zero-day: Critical exploit leaves forum sites open to attack
Wednesday, September 25, 2019
Ilia Kolochenko, founder and chief executive of web security company ImmuniWeb, said site admins who are running the vulnerable forums should consider suspending their use of the software, pending the development and rollout of the necessary security patches.
“Website owners running the vulnerable versions should urgently shut down their vBulletin forums completely while the vendor is working on an emergency patch,” Kolochenko warned.
“This critical RCE vulnerability is surprisingly simple to exploit, and sadly very few web application firewalls will block its exploitation.
He added: “These days security flaws exploitable in a default configuration and without authentication are very rare in such well-establish web software.”
The motives for the spontaneous disclosure of this critical security bug remain unclear, especially since a vulnerability of this type can be worth $10,000 or perhaps more on exploit marketplaces, given the number of high-profile targets using vBulletin forum software. Read Full Article
SC Media: Report: Scotiabank exposed source code and credentials on GitHub repositories
IT World Canada: Scotiabank source code, credentials found open on GitHub: news report
