Hackers have violated 62 American colleges by exploiting ERP vulnerability

From en.secnews.gr


The Ministry of Education of the USA has announced that one group hackers violated 62 systems and colleges, using a vulnerability to an ERP web application.

This vulnerability is found in Ellucian Banner Web Tailor, an ERP Ellucian Banner, which allows universities to manage various applications. It also affects the service Ellucian Banner Enterprise Identity Services, which is used for management accounts of users.

A security researcher, Joshua Mulliken, had discovered a little earlier that there was one vulnerability in the authentication mechanism of the two functions-services, which can allow hackers to obtain access in user accounts, remotely.

According to the Ministry of Education, vulnerability, known as CVE-2019-8978, began to be used by some hackers who attacked 62 universities.

Police officers said they had received information to show that Criminals scan the internet by searching for candidate victims (universities) to attack using this vulnerability.

Read more…