<thead id="prjbr"></thead>
<big id="prjbr"></big>

<noframes id="prjbr"><del id="prjbr"><em id="prjbr"></em></del>
<font id="prjbr"><del id="prjbr"></del></font>

    <dfn id="prjbr"></dfn>
    <thead id="prjbr"><del id="prjbr"><rp id="prjbr"></rp></del></thead>
      <sub id="prjbr"></sub>
      <noframes id="prjbr">
      <address id="prjbr"></address>

          Home Cyber Security News Educational Institutions Websites Found Vulnerable to Multiple Threats

          Educational Institutions Websites Found Vulnerable to Multiple Threats

          by Abeerah Hashim
          educational institutions websites vulnerable

          As the world went digital following the lockdowns due to the COVID-19 pandemic, educational institutions also switched to online teaching methods. This made it even more important for the institutions to take care of the cybersecurity status of their online portals and websites. However, latest research has found websites of numerous educational institutions vulnerable to cyberthreats.

          Educational Institutions Websites Vulnerable

          According to recent research by MacKeeper, a technology firm focused on securing and empowering Mac, reveals how multiple security flaws make the websites of numerous educational institutions vulnerable to cyber attacks.

          As elaborated, they assessed 89 different educational websites (with .edu domains) for their security status. Consequently, they found 293 vulnerabilities posing a threat to these websites. Further analysis made them group these vulnerabilities into five different categories. These include content spoofing, subdomain hijacking, malicious redirections, and unrestricted file uploads.

          Exploiting these vulnerabilities can lead to various dangerous consequences. These include anything from simple website defacement to remote code execution, website takeovers, and a compromise of the infrastructure.

          A quick overview of the bugs and the subsequent impact

          Specifically, they found a majority of these issues existing due to vulnerable and outdated WordPress CMS. Such bugs included 138 vulnerabilities, followed by 67 content spoofing issues; 59 bugs allowing URL redirection to untrusted sites related to awkward subjects; 25 flaws allowing unrestricted file uploads, and 4 issues due to insufficient security controls at subdomain levels.

          While vulnerable CMS potentially affects the specific website only, the other flaws may have a long-term impact on the business reputation as well as the customers.

          For instance, MacKeeper observed that exploiting content spoofing flaws allow an adversary to meddle with the website’s content by injecting malicious code. This might also affect the website’s ranking with Google SERPs. Such vulnerabilities also allow stealing users’ credentials.

          Similarly, malicious redirect issues posed a significant threat to site visitors. Researchers observed that most untrusted redirections from these educational websites lead to “prohibited content and questionable businesses”. Some of these redirections promoted online gambling sites, custom essay writing services and adult websites.

          Likewise, by exploiting file upload vulnerabilities, an adversary can possibly send malicious executables to the website server. This will allow the attacker to move laterally on the shared IT infrastructure.

          Prevention Is Better Than Cure

          The vulnerabilities pose a serious threat to the security of numerous educational websites. However, as the report indicates, most of these issues exist due to a lack of attention from these educational institutions with regard to their websites’ security.

          For instance, a majority of issues that exist due to outdated WordPress CMS simply require the site owners to keep their CMS up to date. All subsequent bug fixes will automatically be implemented with this single action of updating.

          As the report states,

          Sadly, the cause of many vulnerabilities usually lies in the indifference shown to the common security requirements of a modern website. Fortunately, though, they can all be prevented.

          Therefore, what educational institutions need to do is to focus on improving their website and overall IT infrastructure. They should invest more towards cybersecurity and ask their IT personnel to implement all measures necessary to prevent such minor issues as the ones referred to in this report.

          With a little vigilance in prevention, these institutions can successfully avoid falling a victim to devastating cyber-attacks.

          You may also like

          Leave a Comment

          Latest Hacking News

          Privacy Preference Center


          The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

          cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

          For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

          __cfduid, cookie_notice_accepted, gdpr[allowed_cookies]


          DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

          DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

          DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

          DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

          DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

          DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.



          The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

          The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

          _gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

          _ga, _gat, _gid