Technology
Student raised security concerns about Mobile Guardian MDM weeks before cyberattack
An individual posing as a student in Singapore publicly posted documentation showing weak security at a wildly popular school mobile device management service called Mobile Guardian, weeks before a cyberattack on the corporate led to a mass wipe of student devices and major disruptions to its operations.
In an email to TechCrunch, the coed — who declined to offer his last name, citing fear of legal retaliation — said he reported the bug to the Singapore government via email in late May, but couldn’t make certain if the bug was ever fixed. The Singapore government told TechCrunch that the bug had been fixed before the Mobile Guardian cyberattack on Aug. 4, but the coed said the bug was really easy to search out and exploit by an inexperienced attacker that he fears there are more vulnerabilities with similar exploitability.
Mobile Guardian, a U.K.-based company that gives software to administer student devices in hundreds of faculties worldwide, disclosed the breach on Aug. 4 and shut down its platform to dam malicious access, but before it could discover the intruder had used his access to remotely wipe hundreds of scholars’ devices.
A day later, the coed published details of the vulnerability that he had previously sent to the Singapore Ministry of Education, primary customer Mobile Guardian from 2020.
IN Reddit poststudent said a security bug he present in Mobile Guardian granted any logged-in user “super admin” access to the corporate’s user management system. With that access, the coed said, a malicious actor could perform actions reserved for college administrators, including the power to “reset anyone’s personal learning device,” he said.
The student wrote that he reported the problem to Singapore’s Ministry of Education on May 30. Three weeks later, the ministry responded to the coed saying the flaw was “no longer an issue” but declined to offer him with further details, citing “commercial sensitivity,” in line with an email seen by TechCrunch.
When contacted by TechCrunch, the ministry confirmed that it had received information about the bug from a security researcher and that “the vulnerability was discovered during a previous security review and has already been patched,” spokesman Christopher Lee said.
“We also confirmed that the disclosed exploit was no longer usable after the patch was installed. In June, an independent certified penetration tester conducted further evaluation and did not detect any such vulnerability,” the spokesperson said.
“Nevertheless, we are aware that cyber threats can evolve rapidly and uncover new vulnerabilities,” the spokesperson said, adding that the ministry “takes such disclosures of vulnerabilities seriously and will investigate them thoroughly.”
The bug might be exploited in any browser
The student described the bug to TechCrunch as a client-side privilege escalation vulnerability that allowed anyone on the web to create a brand new Mobile Guardian user account with extremely high levels of system access, using only web browser tools. This happened because Mobile Guardian servers allegedly didn’t perform proper security checks and didn’t trust responses from a user’s browser.
The bug was that the server might be tricked into accepting the next level of system access for a user account by modifying network traffic within the browser.
TechCrunch obtained a video — recorded on May 30, the day it was disclosed — showing how the bug works. The video shows a user making a “super admin” account using only the browser’s built-in tools to switch web traffic containing the user role to raise that account’s access from “admin” to “super admin.”
The recording shows the server accepting the modified network request and, after logging in with the newly created “super administrator” user account, getting access to a dashboard displaying the lists of faculties signed up for Mobile Guardian.
Mobile Guardian CEO Patrick Lawson didn’t reply to multiple requests for comment before publication, including questions about the coed vulnerability report and whether the corporate had fixed the bug.
After we reached out to Lawson, the corporate updated its statement to read: “Internal and external investigations into previous vulnerabilities in the Mobile Guardian platform have been confirmed and no longer pose a threat.” The statement didn’t specify when the previous vulnerabilities were resolved, nor did it specifically rule out a connection between the previous vulnerabilities and the August cyberattack.
This is second security incident this 12 months to harass Mobile Guardian. In April, Singapore’s education ministry confirmed that the corporate’s management portal had been hacked and that the non-public information of fogeys and college staff from tons of of faculties across Singapore had been compromised. The ministry a violation was assigned This was as a result of Mobile Guardian’s lax password policy moderately than a security flaw in its systems.
It grows “open” AI Google, Gemma, grows.
While Google I/O 2025 On Tuesday, Google removed Gemma 3N compresses, a model designed for “liquid” on phones, laptops and tablets. According to Google, available in a preview starting on Tuesday, Gemma 3N can support sound, text, paintings and flicks.
Models efficient enough to operate in offline mode and without the necessity to calculate within the cloud have gained popularity within the AI community lately. They will not be only cheaper to make use of than large models, but they keep privacy, eliminating the necessity to send data to a distant data center.
During the speech to I/O product manager, Gemma Gus Martins said that GEMMA 3N can work on devices with lower than 2 GB of RAM. “Gemma 3N shares the same architecture as Gemini Nano, and is also designed for incredible performance,” he added.
In addition to Gemma 3N, Google releases Medgemma through the AI developer foundation program. According to Medgemma, it’s essentially the most talented model to research text and health -related images.
“Medgemma (IS) OUR (…) A collection of open models to understand the text and multimodal image (health),” said Martins. “Medgemma works great in various imaging and text applications, thanks to which developers (…) could adapt the models to their own health applications.”
Also on the horizon there may be SignGEMMA, an open model for signaling sign language right into a spoken language. Google claims that Signgemma will allow programmers to create recent applications and integration for users of deaf and hard.
“SIGNGEMMA is a new family of models trained to translate sign language into a spoken text, but preferably in the American sign and English,” said Martins. “This is the most talented model of understanding sign language in history and we are looking forward to you-programmers, deaf and hard communities-to take this base and build with it.”
It is value noting that Gemma has been criticized for non -standard, non -standard license conditions, which in accordance with some developers adopted models with a dangerous proposal. However, this didn’t discourage programmers from downloading Gemma models tens of tens of millions of times.
.
(Tagstransate) gemma
President Donald Trump is predicted to sign the act on Take It Down, a bilateral law that introduces more severe punishments for distributing clear images, including deep wardrobes and pornography of revenge.
The Act criminalizes the publication of such photos, regardless of whether or not they are authentic or generated AI. Whoever publishes photos or videos can face penalty, including a advantageous, deprivation of liberty and restitution.
According to the brand new law, media firms and web platforms must remove such materials inside 48 hours of termination of the victim. Platforms must also take steps to remove the duplicate content.
Many states have already banned clear sexual desems and pornography of revenge, but for the primary time federal regulatory authorities will enter to impose restrictions on web firms.
The first lady Melania Trump lobbyed for the law, which was sponsored by the senators Ted Cruz (R-TEXAS) and Amy Klobuchar (d-minn.). Cruz said he inspired him to act after hearing that Snapchat for nearly a 12 months refused to remove a deep displacement of a 14-year-old girl.
Proponents of freedom of speech and a group of digital rights aroused concerns, saying that the law is Too wide And it will probably lead to censorship of legal photos, similar to legal pornography, in addition to government critics.
(Tagstransate) AI
While the general director of Microsoft, Satya Nadella, says that he likes podcasts, perhaps he didn’t take heed to them anymore.
That the treat is approaching at the end longer profile Bloomberg NadellaFocusing on the strategy of artificial intelligence Microsoft and its complicated relations with Opeli. To illustrate how much she uses Copilot’s AI assistant in her day by day life, Nadella said that as a substitute of listening to podcasts, she now sends transcription to Copilot, after which talks to Copilot with the content when driving to the office.
In addition, Nadella – who jokingly described her work as a “E -Mail driver” – said that it consists of a minimum of 10 custom agents developed in Copilot Studio to sum up E -Mailes and news, preparing for meetings and performing other tasks in the office.
It seems that AI is already transforming Microsoft in a more significant way, and programmers supposedly the most difficult hit in the company’s last dismissals, shortly after Nadella stated that the 30% of the company’s code was written by AI.
(Tagstotransate) microsoft
We took the Corepower sculptor lesson with Jordan Chiles to celebrate the month of mental health awareness
Schools announced to the National Battle of the Bands
Donald Trump issued a warning after threatening the “serious investigation” in the case of Bruce Springsteen, Beyoncé and Oprah Winfrey
Former president Joe Biden, diagnosed “aggressive form” of prostate cancer – essence
Minnesota Timberwolves Guardian Mike Conley “Having a ball” in search of the first NBA finals
-
Press Release1 year agoU.S.-Africa Chamber of Commerce Appoints Robert Alexander of 360WiseMedia as Board Director
-
Press Release1 year agoCEO of 360WiSE Launches Mentorship Program in Overtown Miami FL
-
Business and Finance12 months agoThe Importance of Owning Your Distribution Media Platform
-
Business and Finance1 year ago360Wise Media and McDonald’s NY Tri-State Owner Operators Celebrate Success of “Faces of Black History” Campaign with Over 2 Million Event Visits
-
Ben Crump1 year agoAnother lawsuit accuses Google of bias against Black minority employees
-
Theater1 year agoTelling the story of the Apollo Theater
-
Ben Crump1 year agoHenrietta Lacks’ family members reach an agreement after her cells undergo advanced medical tests
-
Ben Crump1 year agoThe families of George Floyd and Daunte Wright hold an emotional press conference in Minneapolis
-
Theater1 year agoApplications open for the 2020-2021 Soul Producing National Black Theater residency – Black Theater Matters
-
Theater12 months agoCultural icon Apollo Theater sets new goals on the occasion of its 85th anniversary