In early November, vBulletin forum software was hacked, typically with the attack on the official website of vBulletin causing a breach of critical data of its customers. vBulletin then issused a security patch and recommended its users update as soon as possible. However, according to Bkav, users are still highly at risk.
Specifically, just before Halloween, a hacker called "Coldzer0" used an SQL Injection to exploit a zero-day vulnerability disclosed by Swedish hacker Exidous to take down the website of vBulletin.com, accessed and stole data. After the attack, the hacker left a message of "Hacked by Coldzer0" in the forum of vBulletin.com/forum/ and uploaded a shell.
vBulletin.com then was inaccessible and displayed a message of down for maintenance in 2 days.
Foxit Software's forum running vBulletin's forum software was also reported to be hacked by the same zero-day vulnerability.
These two attacks posed a big question of the security of other websites running vBulletin's forum software.
On November 3, right after returning online, vBulletin confirmed the attack and stated that customer IDs and encrypted passwords on its systems might have been accessed. It immediately applied a precautionary reset of all passwords, issued security patches for versions of vBulletin from 5.1.4 to 5.1.9 and recommended users update as soon as possible.
However, according to Bkav, the risk for users is still so high. As vBulletin is a web-based platform, the patch is not automatically updated but users have to download the patch manually then update their websites. In addition, as a web-based platform, hackers can reverse the patch and find the location of the vulnerability, then exploiting unpatched systems. In fact, to November 4, the exploit was shared on the Internet. Therefore, users should immediately update their systems to avoid the exploit.
System administrators can also use Bkav's tool dubbed vBulletin Checker to check whether their systems are vulnerable or not. The tool is available here http://tools.whitehat.vn. Click on the link and enter your website URL to check.
- Viet Nam cyber security overview in 2017 and predictions for 2018
- New variant of Mirai malware targeting IoT devices in Vietnam
- More than 5,000 Linux system in Vietnam affected by serious flaw Dirty COW
- Malware attacking Vietnam Airlines appears in many other agencies
- Warning on malware hijacking smartphones in fake Pokémon GO
- Luật ATTT mạng số 86/2015/QH13 ra đời năm 2015
- Nghị định 85/2016/NĐ-CP
- Chỉ thị 14/CT-TTg năm 2018
- CT 14/2019, BTTT-CATTT
- Công văn số 2973/BTTTT-CATTT năm 2019 Hướng dẫn triển khai hoạt động giám sát an toàn thông tin trong cơ quan, tổ chức nhà nước hướng dẫn CQNN
- Công văn số 235/CATTT-ATHTTT năm 2020 hướng dẫn mô hình bảo đảm an toàn thông tin cấp Bộ, Tỉnh.