Education

62 Colleges Affected in ERP Application Vulnerability

16 - 23 July 2019

Hackers have breached the systems of 62 colleges and universities by exploiting a vulnerability
Cyber_News_Educations

Hackers have breached the systems of 62 colleges and universities by exploiting a vulnerability in the Ellucian Banner enterprise resource planning (ERP) web app. The vulnerability, tracked as CVE-2019-8978, affects the Web Tailor module and Enterprise Identity Services module such that an attacker can gain access to administrative functions depending on the privileges granted to the affected account. The US Department of Education has warned that hackers are exploiting the vulnerability to create hundreds of fake student accounts that can be used for criminal activities. Ellucian has issued a fix for the vulnerability but denied that the flaw is responsible for the creation of multiple fake student accounts. It further recommends adding reCAPTCHA capabilities to the admission process to reduce the likelihood of experiencing fraudulent applications for admissions.

 

References:

Exploitation of Ellucian Banner System Vulnerability

Ellucian Banner System Vulnerability Update

[CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence