CyberNews Briefs

Over 60 US Colleges Compromised by ERP Exploit

A major vulnerability in popular enterprise resource planning (ERP) software has enabled threat actors to compromise at least 62 colleges in the United States, the US Department of Education recently warned. A NIST advisory states that the flaw, tracked as CVE-2019-8978, impacts Ellucian Banner ERP and “allows remote attackers to steal a victim’s session (and cause a denial of service).”

According to the education department, threat actors are using the flaw to create fake student accounts in the admissions or enrollment sections of the vulnerable system. Over the course of a few days, thousands such accounts were created, some of which “appear to be leveraged almost immediately for criminal activity,” the education department stated.

Read more: Over 60 US Colleges Compromised by ERP Exploit

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.