Incidents

Critical vulnerability found in phpBB software

phpBB.com have announced that their phpBB software contains a critical vulnerability.
This news comes just days after the release of 2.0.12, which was released to adress certain other vulnerabilities.

Exploitation of this vulnerability gives administrative rights, meaning arbitrary code can be executed.

This could mean that we see a Santy-like scenario all over again, with a lot of servers being affected.
Although I believe we would see only a few defaced websites in this case, instead I’m expecting a lot of zombies.

phpBB.com have released version 2.0.13 which is no longer vulnerable for this vulnerability.

You are severely urged to update to the latest version as soon as possible.

Critical vulnerability found in phpBB software

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2022

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022.

APT10: Tracking down LODEINFO 2022, part I

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor.

Subscribe to our weekly e-mails

The hottest research right in your inbox