62 Colleges Affected in ERP Application Vulnerability
Hackers have breached the systems of 62 colleges and universities by exploiting a vulnerability in the Ellucian Banner enterprise resource planning (ERP) web app. The vulnerability, tracked as CVE-2019-8978, affects the Web Tailor module and Enterprise Identity Services module such that an attacker can gain access to administrative functions depending on the privileges granted to the affected account. The US Department of Education has warned that hackers are exploiting the vulnerability to create hundreds of fake student accounts that can be used for criminal activities. Ellucian has issued a fix for the vulnerability but denied that the flaw is responsible for the creation of multiple fake student accounts. It further recommends adding reCAPTCHA capabilities to the admission process to reduce the likelihood of experiencing fraudulent applications for admissions.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services