OP 11 September, 2023 - 05:50 AM
Many universities worldwide, including some of the most prestigious, leave their webpages unpatched, leaking sensitive information, and even open to full takeovers, a Cybernews Research team investigation reveals. Among the 20 cases found, at least six websites belong to the top 100 universities list worldwide.
The Cybernews Research team scrutinized 20 websites with millions of monthly visitors in more detail. An investigation into indexed information from internet-connected devices provided a list of universities with compromised website security. Researchers were able to confirm the entries were accurate.
“Seeing many websites left vulnerable was unexpected, as attacks against universities have historically been very common, starting from DDoS attacks launched by students trying to cancel classes to full-blown ransomware attacks,” Cybernews researchers said.
All of the investigated university websites had more than a million monthly visitors, according to Similarweb. Six universities were ranked in the Top 100 list, and 13 were in the Top 1000 list.
The level of security wasn't necessarily linked to the university's size or significance, as both small and large universities displayed similar vulnerabilities. While the findings didn’t include any unprotected databases or vulnerabilities more than a year old, some universities were late to apply security updates. Researchers also found several critical vulnerabilities and very sensitive credentials being leaked.
In the case of the following five universities, leaked information could have allowed a complete website takeover:![[Image: OuxjUfe.gif]](https://i.imgur.com/OuxjUfe.gif)
![[Image: Zes3Dqz.png]](https://imgur.com/Zes3Dqz.png)
![[Image: SOySz.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fs1.gifyu.com%2Fimages%2FSOySz.gif)
\r\n
The Cybernews Research team scrutinized 20 websites with millions of monthly visitors in more detail. An investigation into indexed information from internet-connected devices provided a list of universities with compromised website security. Researchers were able to confirm the entries were accurate.
“Seeing many websites left vulnerable was unexpected, as attacks against universities have historically been very common, starting from DDoS attacks launched by students trying to cancel classes to full-blown ransomware attacks,” Cybernews researchers said.
All of the investigated university websites had more than a million monthly visitors, according to Similarweb. Six universities were ranked in the Top 100 list, and 13 were in the Top 1000 list.
The level of security wasn't necessarily linked to the university's size or significance, as both small and large universities displayed similar vulnerabilities. While the findings didn’t include any unprotected databases or vulnerabilities more than a year old, some universities were late to apply security updates. Researchers also found several critical vulnerabilities and very sensitive credentials being leaked.
In the case of the following five universities, leaked information could have allowed a complete website takeover:
