Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Hacker Compromised Official phpBB Download Links
#1
Quote:An unknown attacker has compromised download links for the phpBB forum software, according to a statement released today by the phpBB development team.
Download links compromised only for three hours
The compromised download links were live only for 181 minutes, between 12:02 PM UTC and 15:03 PM UTC on yesterday, January 26.
The phpBB team did not reveal exact details of how the attacker managed to poison the download links, and only said:
The point of entry was a third-party site. Neither phpBB.com nor the phpBB software were exploited in this attack.
phpBB staff removed the links to the malicious files as soon as they were discovered. They said the download links pointed off-site to malicious versions of the original phpBB files that also contained additional "malicious code."
Bleeping Computer reached out via email to the phpBB team and inquired for more details, such as the nature of the malicious code and the number of possible affected users.
On Twitter, the phpBB team said they are "currently investigating what caused the issues" and will publish more details once they know more.
Download links are currently safe
"The downloads currently available on the downloads page are safe," the phpBB team said.
Users who downloaded phpBB 3.2.2 packages on Friday are advised to verify the SHA256 file hash of the file they downloaded against the one listed on the phpBB official downloads page.

Source: BleepingComputer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)