CyberNews Briefs

vBulletin Zero-Day Exploited for Years, Gets Unofficial Patch

Threat actors have been exploiting a zero-day remote code execution vulnerability in order to attack web forums running vBulletin for years. The flaw came to light when a researcher published the zero-day on a vBulletin security mailing list. The bug can enable attackers to infect web forums with malware, alter the code, delete data, and run all kinds of malicious commands.

Over the past few days, various forum owners have reported that their sites have been attacked using this flaw. In order to fix the flaw, a security researcher suggested a simple fix that involves nothing more than commenting out a vulnerable statement in the code.

Read more: vBulletin Zero-Day Exploited for Years, Gets Unofficial Patch

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.