The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage.
Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly.
Which seems to have paid off. On the Instructure web page about the recent data breach, a status update dated May 11, 26 says:
“We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.
With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
Read more…
Source: Malwarebites Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Jeff Bezos hack: Amazon boss’s phone ‘hacked by Saudi crown prince’
January 22, 2020
The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, sources have told the Guardian. The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated ...
- FTCODE Ransomware Now Steals Chrome, Firefox Credentials
January 21, 2020
FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims. Samples of the ransomware, which has been around since 2013, were recently observed in September 2019. After further analysis, researchers say new versions of the ransomware now aim to steal credentials from Internet Explorer ...
- 16Shop Phishing Gang Goes After PayPal Users
January 21, 2020
A prolific phishing gang known as 16Shop has added PayPal customers to its target set. According to researchers at the ZeroFOX Alpha Team, the latest version of the group’s phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information (PII) as possible from users of the popular ...
- Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
January 20, 2020
A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) “smart” devices. The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can ...
- Emotet Malware Dabbles in Extortion With New Spam Template
January 20, 2020
The Emotet malware has started using a spam template that pretends to be an extortion demand from a “Hacker” who states that they hacked the recipient’s computer and stole their data. Emotet is spread through spam emails that commonly use templates based around a particular theme such as shipping information, voice mails, scanned documents, reports, and ...
- Crime Cracking Technologies for the Dark Web
January 19, 2020
Anonymity is the real currency of the digital dark side and not just for the criminals. Organizations such as the U.S. Federal Bureau of Investigation’s (FBI) J-CODE, Europol’s EC3, the German Federal Criminal Police, La Police Nationale Française, and many others invest significant amounts of time and cash into technologies and methodologies used to break ...