Significant security gaps found in Chinese government sites

China's government websites have been impacted by significant security vulnerabilities that increase their vulnerability against cyberattacks, reports The Register.

Aside from more than 25% of almost 14,000 government websites not having name server records that could hinder reliability and accessibility, most sites have been dependent on five DNS service providers, according to a study by researchers from China's Harbin Institute of Technology, which is yet to be peer-reviewed. Moreover, nearly 30% of all sites had jQuery JavaScript library instances that continue to be unpatched against CVE-2020-23064, which could be leveraged to facilitate remote attacks.

The findings also showed that more than 10,000 sites each were susceptible to MIME-type spoofing and cross-site scripting intrusions, while more than 8,000 sites were vulnerable to cross-site request forgery attacks.

"Despite thorough analyses, practical solutions to bolster the security of these systems remain elusive. Their susceptibility to cyber attacks, which could facilitate the spread of malicious content or malware, underscores the urgent need for real-time monitoring and malicious activity detection," said the researchers.