Hey kids, escalate privileges with the function learn_press_accept_become_a_teacher
Back to school? Your searches are fodder for phishers, with researchers at security firm Check Point saying it has seen the number of suspicious domains registered with “back to school” as a key word tripling in recent weeks, with some 356 suspicious “back to school”-themed domains coming online weekly.
Over 35,149 new domains were registered around the back-to-school theme in the past three months; 3,401 were found to be suspicious
The finding comes after the same team exposed a series of vulnerabilities in popular home learning platforms, including one in the LearnPress plugin for WordPress, which let students use the feature
learn_press_accept_become_a_teacher to upgrade a registered user to a teacher role, resulting in privilege escalation.
The researchers were auditing the most popular educational plugins on WordPress; LearnPress, LearnDash and LifterLMS, and found four vulnerabilities that, left unchecked, would allow students or unauthenticated users to gain sensitive information, edit personal records and even take control of the LMS platforms.
In the climate of learning from home via online resources the risks from poor online cyber hygiene are worrying, as neither pupils nor students are receiving the appropriate training to detect or avoid these sorts of online dangers.
A study conducted last month by ESET and Internet Matters meanwhile, and released by the NCSC, revealed that of 1,000 teachers, more than half felt that their school has not done enough to defend themselves against cyber security threats; 36% said that they had not received any cyber security information from their schools in the past year, while a meagre 20% actually received targeted cyber training after lock down began.