|
Israeli researchers discover security flaws in online learning platforms
[Jpost] Security flaws in the most popular online-learning platforms could enable users to steal personal information and money, Israeli cyber experts have discovered.The findings published by researchers at Tel Aviv-based Check Point Software come as millions of students and employees worldwide turn to online-learning management systems (LMS) to conduct virtual classes. The vulnerabilities were identified by researchers in three WordPress plugins -- LearnPress, LearnDash and LifterLMS -- which are used to turn WordPress websites into effective learning environments by top global universities and many Fortune 500 companies. Researchers said the plugins are installed on approximately 100,000 educational platforms, including by the University of Florida, University of Michigan and University of Washington. The three platforms also are used in approximately half of all remote-learning solutions on the Israeli market, enabling companies to create quizzes, lessons, learner rewards and certificates. The flaws enabled students and unauthenticated users to steal personal information, including names, emails, usernames and passwords; funnel money from an LMS to their bank account; change grades for themselves or peers; forge certificates; retrieve test answers; and escalate their system privileges to that of a teacher. Following their discovery and disclosure by Check Point in March, all the identified vulnerabilities have been patched by the plugin developers. Related: Check Point Software: 2019-07-02 Libyan hacker used Facebook to access tens of thousands of users’ data Check Point Software: 2019-03-17 Russia supplied Iran with advanced phone hacking tech — Israel TV report Check Point Software: 2016-01-29 Israeli generals said among 1,600 global targets of Iran's latest cyber-attack Posted by: g(r)omgoru 2020-04-30 |
| http://www.rantburg.com/poparticle.php?ID=570222 |