A recent investigation has uncovered that numerous universities around the world, including some of the most renowned, have left their websites exposed to cyberattacks. Alarmingly, of the 20 cases examined, six websites belonged to universities ranked in the top 100 globally.
The study scrutinized 20 university websites, each with millions of monthly visitors. Despite the historical prevalence of attacks on such sites, many remain unprotected. The vulnerabilities were not necessarily tied to the size or prestige of the institution, with both small and large universities showcasing similar security lapses. Although no unprotected databases or vulnerabilities older than a year were found, some institutions had delayed security updates, leading to the leakage of sensitive credentials.
Five universities, including UTEL University (Mexico), National Taiwan University, Walden University, University of West Indies (Jamaica), and University of California San Diego, had such severe vulnerabilities that a complete website takeover was possible. Additionally, 12 universities, including the aforementioned, were at risk of private student and teacher information being accessed through leaked credentials or by exploiting vulnerabilities like Remote Code Execution.
The vulnerabilities were primarily due to exposed environment files or remote code execution vulnerabilities. For instance, the University of California San Diego’s website exposed various critical credentials, making it susceptible to multiple cyber threats. Similarly, National Taiwan University’s site leaked vital information that could allow attackers to gain admin access.
The importance of not leaving environment files publicly accessible was emphasized, and developers were urged to monitor for potential leaks. The study also highlighted the need for timely patching of known vulnerabilities. Fortunately, all identified vulnerabilities were addressed before the study’s publication. The team reached out to all mentioned universities, with some acknowledging and addressing the issues.
Source: Cybernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.