Saturday, June 12, 2021

CERT report Shows security holes In the Polish education sector

Must Read

Amey suffers from a cyberattack

UK's prominent infrastructure management company Amey has been hit by the Mount Locker ransomware group in what the company...

Turkey launches a 3-year Cybersecurity Strategy and action plan

The Notice about the national cybersecurity plan and action plan was published on Tuesday together with the Signature of...

Firefox, Chrome, Edge Bugs Allows Remote System Hijacking

Major browsers get an upgrade to fix individual bugs which allow for remote attacks, which could potentially allow hackers...

Education associations in Poland are counseled to tighten their security controls following a fresh report highlighted many different openings in their internet infrastructure.

Misconfigured safety mechanisms, a lack of preventative steps against cyber-attacks, and unpatched vulnerabilities were emphasized as the primary issues affecting the eastern European nation’s schooling sector.

Moreover, only 42 percent of the analyzed pages had their SSL/TLS certifications correctly configured.

Large-scale research

Throughout the course of the study, the CERT Polska team analyzed 20,464 pages belonging to educational governments throughout the nation.

While a few were only brochureware-style sites containing information about the school itself, others were included in the selection of sensitive student data.

This comprised web applications which were constructed to accommodate distance learning through the Covid-19 pandemic.

“While the majority of the colleges’ sites are only purely informative with no access to pupils’ information, their importance increased from the Covid-19 pandemic, particularly when pupils from all grades are remote-learning as of late November.”

CERT Polska clarified that because education institutions manage the information using a”significant share” of the nation’s taxpayers, the decision had been made to guarantee this information was protected.

“Enormous testing of the public-facing services online is our largest yet, but perhaps not the very first job,” the spokesperson said.

They included: “We intend to execute routine testing similar to this in various sectors.”

By employing this Joomscan tool, CERT Polska stated it identified at least one or critical-severity vulnerability — for example SQL injection or remote code execution — on 25 percent of Polish education websites that were constructed with Joomla.

Utilizing the open source wpscan applications, the group detected the very same vulnerabilities on just 4 percent of WordPress websites.

“The fantastic point is that we’ve found almost half of WordPress and Joomla approaches to be up-to-date variants,” CERT Polska told The Daily Swig.

The analysis also discovered that the vast majority of associations lacked mechanisms to stop email spoofing.

“from 13,522 domains using the MX record, we discovered 9,929 of these using a suitable SPF policy, and just 1,297 using a legitimate DMARC record,” the spokesperson said.

Sage information

CERT Polska stated it’s advised each college and their hosting providers on best practices going ahead, making a personalized strategy on”the way to resolve vulnerabilities, correctly configure lost or misconfigured security mechanisms, and a few best practices such as, but not restricted to, email and web services”.

The entire report (in Polish) is available on CERT Polska’s site.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

What is a Cyber Attack or Virtual Attack

Firstly We Wil Discuss About Cyberattack or we will also say virtual attack. A Cyberattack is a type of attack that will be done...

Firefox 88 start disabling FTP with removal set for Firefox 90

Firefox 88 update has disabled File Transfer Protocol (FTP) support completely from the browser. The handling of clicking on FTP links from within Firefox...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other cities experienced a data breach...

More Articles Like This