Daily Tech News, Interviews, Reviews and Updates

The online programming learning platform DataCamp shows vulnerabilities can be used by threat actors

Security
By Tista Karmakar
The online programming learning platform DataCamp shows vulnerabilities can be used by threat actors

Security researchers say that online programming learning platforms can be a target for threat actors to launch cyber attacks, steal data, and scan for vulnerable devices via web browsers.

DataCamp, an online programming learning platform, can be hacked by threat actors distributing malware via malicious tools. DataCamp provides Integrated Development Environments (IDEs) offering learning courses on programming languages, and technologies such as R, Python, Shell, Excel, SQL to almost 10 million users. DataCamp users can connect to the IDE on their personal workspace to practice and execute custom codes, upload files, and practice other learning methods.

The IDE is also advanced with importing Python libraries, downloading and compiling repositories, and executing compiled programs. According to a report by cybersecurity researching company Profero, the threat actor can gain access to the accounts of IDE during practice. They stated that DataCamp’s advanced learning program IDE gives users to download and install learning models from a connection to a third party such as Amazon S3 storage bucket which is cloud storage of data.

Profero’s CEO Omri Segev Moyal says that they could exfiltrate all files from Amazon S3 storage to the workspace environment of IDE. The researchers further state that they even could install files of the Nmap network mapping tool “typically used in cyber attacks.”

Nmap can not be downloaded directly but it can be installed on DataCamp from its compilation directory as a compiled and executable file. reportedly Profero said that these download links can be used to allow malware to get access to the computer without the knowledge of a user by simply performing a web request.

According to a spokesperson of DataCamp in response to the recent finding said, “There is inherently a risk that some individuals may attempt to abuse our systems” because the platform provides “a live computing environment.”

However, DataCamp also stated that they “have taken reasonable measures” to prevent future cyber attacks that could impact the learning platform’s safety.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
Tista Karmakar 331 posts

She is Currently doing PG Diploma in Journalism and Mass communication from Indira Gandhi Open University, July Session. 2022.
She has completed Master's Degree in Film Study from Jadavpur University with 8.81 cGPA .

You might also like
Security

macOS Security at Risk: Cthulhu Stealer Malware Targets Apple Users

Crypto

McDonald’s Instagram Account hacked, resulting in a $7,00,000 Cryptocurrency Scam

Security

T-Mobile Fined $60M- Largest Penalty Ever For Data Breaches

Security

X now announces Passkey Support for Android Users

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More