A clear example of how non-updated software harms user security.
Cybercriminals use an outdated CMS content editor that was discontinued 14 years ago to manipulate search results and direct users to malicious sites or fraudulent resources.
The main tactic of attackers is to use so-called open redirects (Open Redirect), which allow you to redirect visitors from a legitimate site to an external URL without proper security checks. This mechanism makes it possible to conduct phishing attacks, distribute malware, and simulate trusted domains, which increases the chances of bypassing security filters.
The attacks were made possible by a vulnerability in FCKeditor, a popular web editor that allows users to edit HTML content directly on a web page. The editor was renamed and updated in 2009. Despite the launch of a more modern version called CKEditor, some institutions still use the outdated version, which is the reason for the current problems.
Cybersecurity specialist "@g0njxa" identified the campaign after finding malicious links posted on university websites in Google search results. Among the affected institutions are MIT, Columbia University, the University of Barcelona, the University of Washington, as well as government and corporate sites, including the site of the government of Virginia and the city of Austin in Texas.
Advertising of the "Free V Bucks" generator (Fortnite in-game currency) placed on university websites
Scammers create static HTML pages under a legitimate domain in order to "poison" search engine results with malicious links (SEO Poisoning). For example, one of these pages disguises itself as an article about tinnitus medications, but in fact promotes other pages, which can then redirect the victim to malicious sites.
The software developers stated that FCKeditor has been deprecated since 2010 and its use has not been recommended since then. However, it is not uncommon for university and government websites to continue to use software that was discontinued many years ago, putting them at risk of cyber attacks.
Cybercriminals use an outdated CMS content editor that was discontinued 14 years ago to manipulate search results and direct users to malicious sites or fraudulent resources.
The main tactic of attackers is to use so-called open redirects (Open Redirect), which allow you to redirect visitors from a legitimate site to an external URL without proper security checks. This mechanism makes it possible to conduct phishing attacks, distribute malware, and simulate trusted domains, which increases the chances of bypassing security filters.
The attacks were made possible by a vulnerability in FCKeditor, a popular web editor that allows users to edit HTML content directly on a web page. The editor was renamed and updated in 2009. Despite the launch of a more modern version called CKEditor, some institutions still use the outdated version, which is the reason for the current problems.
Cybersecurity specialist "@g0njxa" identified the campaign after finding malicious links posted on university websites in Google search results. Among the affected institutions are MIT, Columbia University, the University of Barcelona, the University of Washington, as well as government and corporate sites, including the site of the government of Virginia and the city of Austin in Texas.
Advertising of the "Free V Bucks" generator (Fortnite in-game currency) placed on university websites
Scammers create static HTML pages under a legitimate domain in order to "poison" search engine results with malicious links (SEO Poisoning). For example, one of these pages disguises itself as an article about tinnitus medications, but in fact promotes other pages, which can then redirect the victim to malicious sites.
The software developers stated that FCKeditor has been deprecated since 2010 and its use has not been recommended since then. However, it is not uncommon for university and government websites to continue to use software that was discontinued many years ago, putting them at risk of cyber attacks.
