Taiwan media reports that there are serious loopholes in Taiwan's digital websites for up to seven months, so that the outside world can easily upload malicious programs to steal information and attack the network system of other government departments.

According to Taiwan reported on Friday (May 26), the "Hitcon Zeroday" of the security platform received a notification recently.In the webpage applied for modification, the detection function verification is not rigorous, resulting in those with interested people who can easily implant malicious programs into the webpage.

According to the analysis of the security platform, the above vulnerabilities allow someone to upload any files to the host, which is more likely to obtain the permissions of the host system through the uploaded file.

In this regard, there are security experts analyzed that the above -mentioned vulnerabilities of the digital websites are very serious security issues. The attackers can control the computer host of the digital part through vulnerabilities.The portal of the digital part is open, letting the hacker come and go freely.

However, after the above -mentioned loopholes were notified earlier last month, it has been confirmed to be completed this month.

Zi'an experts said that from the recording of Wayback Machine, the website was launched on August 29, 2022, indicatingNot only did outsiders easily obtain sensitive information when the digital ministry could not be perceived, and even worse, hackers may have shifted and lurked in the internal network of the digital parts, waiting for the opportunity to attack other government units.

Experts suggest that the Digital Ministry and the Guoan will take action immediately to review the online inspection process related to the website of government units, and cooperate with the civilian security industry to perform simulation real hacking detection, such as depthThe penetration test and the Red Team drills are discovered and repaired early. In addition, the digital parts need to check the related connection records of this computer, and further investigate whether there are other malicious activities to avoid the possibility of data leakage.

For the on -site vulnerabilities of the website, the digital part said that there is no confidential information in the "barrier -free network space service network" test report, and no abnormal situation is found after reviewing the connection of the host; the website architecture is not found;At the manufacturer's console, the attacker cannot use the weakness of the system to obtain any relevant system permissions.

In addition, Digital also thanked the Hitcon platform to notify the system vulnerability. After investigation, the service website was transferred from NCC to the digital ministry at the end of last August.Complete repair.At present, the investigation, handling and improvement reports have been completed in accordance with the provisions of the security operations, and personnel training will continue to be strengthened.