In this day and age, cyberspace has taken a position in our lives that is of extreme importance. While helping cyberspace realize its whole potential opened up a range of unprecedented possibilities for us, it also increased our reliance on this phenomenon. Nevertheless, the world continues to build on a foundation that has the cyber world at its very core. After all, the benefits are just too lucrative to be passed upon. Every major innovation today is created while bearing in mind how it will hold up within the digital realm; therefore it wouldn’t be wrong to say that we are surrounded by the structures of cyberspace in quite an overwhelming fashion. However, if the recent USA cyber crisis taught us anything, it would be that this ‘surrounded’ bit can quickly transform into being ‘trapped’. Cyberspace is a profound concept. The depths of it are far-reaching, which can be considered as an advantage, but it also means it has a lot of room for all sorts of loopholes that can be exploited to cause a sensational level of damage. Hence, protecting this cyberspace becomes an unavoidable responsibility, but by the looks of it, we aren’t really doing a great job at fulfilling this responsibility.
Yes, ransomware and other attacks of somewhat similar nature have ravaged U.S. over the last few months, however a good chunk of it can be put down to companies’ carelessness regarding securing their system. The latest one joining this infamous club is the popular online learning platform, Coursera.
As per a recently-conducted research by Checkmarx Security Research Team, the learning platform has multiple application programming interface (API) issues of severe magnitude. The report published by the team on Thursday sheds light on some potential loopholes they spotted in Coursera’s framework such as user and account enumeration via the reset password feature, a GraphQL misconfiguration, and lack of resources limiting on both a GraphQL and REST API.
The biggest revelation made by the report was of BOLA’s presence in Coursera’s system. Broken Object Level Authorization (BOLA) is an issue that affects user’s preferences. It’s deemed as one of the 10 most threatening API issues. With over 82 million users that include many Fortune 500 companies, it remains to be seen what kind of measures Coursera takes to ensure maximum security.
So far, the organization has maintained that no personal data got exposed.