Cengage to Buy Cybersecurity Training platform, Infosec

A global education technology company based in Boston has signed a $191M deal to buy the cybersecurity training platform, Infosec.

Cengage Group announced the planned addition to its ed2Go business on Monday. The deal is expected to close in the first quarter of 2022. 

“The online, employer-paid cybersecurity training segment is currently a $1bn market, with expectations that it will grow to $10bn annually by 2027,” said Cengage CEO Michael Hansen. 

He added: “Combining Infosec with our already-successful Workforce Skills business will provide top-line growth, expand our base of recurring revenue and accelerate our opportunity within the space.”

Infosec was founded in 2004 by its current chief executive Jack Koziol who will remain at the helm to manage the transition. The company is based in Wisconsin and provides skills development and certification programs for the cybersecurity industry. 

“Cengage Group has the same level of passion for making learning accessible, affordable and applicable to today’s cybersecurity professionals,” said Jack Koziol, CEO and Founder of Infosec. 

He added: “Building on ed2go’s history in online training, Infosec will benefit from Cengage Group’s scale and expertise, which means we can reach more cybersecurity professionals and employers that are looking to not only grow their careers but to keep businesses, governments and people safe from cyber threats.”

Infosec employs around 100 people and offers more than 1,400 online cybersecurity courses. Nearly all Infosec’s current employees will reportedly be joining Cengage’s workforce of 4,500 people. 

According to Cyber Seek, there are just under 600,000 vacant cybersecurity roles in the United States. Research by Burning Glass Technologies suggests that around half of these positions require at least one certification. 

“We can’t hire people fast enough,” Hansen told The Boston Globe. “Right now, the demand for workforce skills courses is just exploding, and it’s exploding in very specific job categories,” he said. 

Hansen continued: “There is such a labor shortage. Every CEO tells me that…the labor shortage is really a skills shortage.”

News of Cengage’s planned purchase comes as rival British publishing house Pearson announced its acquisition of Credly, a digital workforce credentialing service provider, for around $200m.

Academic Journal Claims it Fingerprints PDFs for ‘Ransomware,’ Not Surveillance

Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.

One of the world’s largest publishers of academic papers said it adds a unique fingerprint to every PDF users download in an attempt to prevent ransomware, not to prevent piracy. 

Elsevier defended the practice after an independent researcher discovered the existence of the unique fingerprints and shared their findings on Twitter last week. 


“The identifier in the PDF helps to prevent cybersecurity risks to our systems and to those of our customers—there is no metadata, PII [Personal Identifying Information] or personal data captured by these,” an Elsevier spokesperson said in an email to Motherboard. “Fingerprinting in PDFs allows us to identify potential sources of threats so we can inform our customers for them to act upon. This approach is commonly used across the academic publishing industry.”

When asked what risks he was referring to, the spokesperson sent a list of links to news articles about ransomware. 

However, Elsevier has a long history of pursuing people who pirate or share its paywalled academic articles. In 2015, Elsevier sued SciHub, the “Pirate Bay of Science,” which hosts millions of journal articles, including those from Elsevier. In the past, the company has faced criticism for acquiring other academic platforms that distributed papers for free in an attempt to corner the market. Some universities have boycotted Elsevier in the past, and the company has used legal threats against other sites that host academic papers online. The company has had cybersecurity issues before. In 2019, it left a server open to the public internet and exposed user email addresses and passwords


It’s unclear exactly how fingerprinting every PDF downloaded could actually prevent ransomware. Jonny Saunders, a neuroscience PhD candidate at University of Oregon, who discovered the practice, said he believes Elsevier is trying to surveil its users and prevent people from sharing research without paying the company. 

“The subtext there is pretty loud to me,” Saunders told Motherboard in an online chat. “Those breaches/ransoms are really a pretext for saying ‘universities need to lock down accounts so people can’t skim PDFs.’” 

“When you have stuff that you don’t want other people to give away for free, you want some way of finding out who is giving it away, right?” they added.

Do you know of any other companies or organizations doing this type of tracking? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email [email protected]

Moreover, Saunders said, Elsevier’s claim that there is no metadata or personal data captured is disingenuous, given that the company itself admits it uses this system to identify whose accounts have been breached. 

“Saying that the unique identifiers *themselves* don’t contain PII is a semantic dodge: the way identifiers like these work is to be able to match them later with other identifying information stored at the time of download like browser fingerprint, institutional credentials, etc,” Saunders said. “Justifying them as a tool to protect against ransomware is a straightforward admission that these codes are intended to identify the downloader: how would they help if not by identifying the compromised account or system?”

The company’s spokesperson did not respond to Saunders’ allegations.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.

Osintgram is a OSINT tool on Instagram

Disclaimer: FOR EDUCATIONAL PURPOSE ONLY! The contributors do not assume any responsibility for the use of this tool.

Warning: It is advisable to not use your own/primary account when using this tool.

Osintgram offers an interactive shell to perform analysis on Instagram account of any users by its nickname. You can get:

- addrs           Get all registered addressed by target photos
- captions        Get user's photos captions
- comments        Get total comments of target's posts
- followers       Get target followers
- followings      Get users followed by target
- fwersemail      Get email of target followers
- fwingsemail     Get email of users followed by target
- fwersnumber     Get phone number of target followers
- fwingsnumber    Get phone number of users followed by target
- hashtags        Get hashtags used by target
- info            Get target info
- likes           Get total likes of target's posts
- mediatype       Get user's posts type (photo or video)
- photodes        Get description of target's photos
- photos          Download user's photos in output folder
- propic          Download user's profile picture
- stories         Download user's stories  
- tagged          Get list of users tagged by target
- wcommented      Get a list of user who commented target's photos
- wtagged         Get a list of user who tagged target

You can find detailed commands usage here.

Latest version | Commands | CHANGELOG

  1. link
  2. Docker-composed installed (if using Docker-compose) – link
  3. Credentials configured – This can be done manually or by running the make setup command from the root of this repo

Important: Your container will fail if you do not do step #3 and configure your credentials

Website operator fined for using Google Fonts “the cloudy way”

Website operator fined for using Google Fonts “the cloudy way”

Typefaces can be a tricky business, both technically and legally.

Before word processors, laser printers and digital publishing, printed materials were quite literally “set in metal” (or wood), with typesetters laying out lines and pages by hand, using mirror-image letters cast on metal stalks (or carved into wooden blocks) that could be arranged to create a back-to front image of the final page.

The laid-out page was effectively a giant stamp; when inked up and pressed against a paper sheet, a right-way-round image of the printing surface would be transferred to the page.

Ming Dynasty movable type set with wooden blocks
.Note how the printed page is the mirror of the typesetter’s blocks.

For books printed in Roman script, typesetters kept multiple copies of each letter in separate pigeonholes in a handy tray, or printer’s case, making them easy to find at speed. The capital letters were kept in their own case, which was placed by convention above the case containg the small letters, presumably so that the more commonly-used small letters were closer to hand. Thus capital letters came from the upper case, and small letters from the lower case, with the result that the terms upper case and lower case became metaphorical phrases used to refer to the letters themselves – names that have outlived both printers’ cases and movable type.