February 16, 2024 at 08:09AM
Vulnerabilities in the CU Solutions Group (CUSG) content management system (CMS) posed a threat to credit unions, as hackers could exploit them to gain unauthorized access to sensitive data. The flaws included cross-site scripting and SQL injection bugs, allowing attackers to obtain login credentials and admin privileges. CUSG has since addressed the issues.
Based on the meeting notes, here are the key takeaways:
– The CU Solutions Group (CUSG) content management system (CMS) had three critical vulnerabilities identified by LMG Security, including reflected cross-site scripting (XSS) bugs and a blind SQL injection bug.
– These vulnerabilities could have allowed attackers to obtain ‘ultra admin’ privileges and potentially compromise credit union accounts not protected by multi-factor authentication (MFA).
– LMG Security recommended that affected organizations should immediately upgrade to the latest software version and enable multi-factor authentication to prevent unauthorized access.
– CUSG has resolved the vulnerabilities in the CMS in version 7.75 and notified the 275 credit unions relying on its CMS of these vulnerabilities.
Please let me know if you need any further details or if there’s anything else you’d like to discuss.