The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage.
Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly.
Which seems to have paid off. On the Instructure web page about the recent data breach, a status update dated May 11, 26 says:
“We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.
With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
Read more…
Source: Malwarebites Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Healthcare Targeted by 37 Percent of All Ransomware Attacks in Q3 2018
November 7, 2018
During the third quarter of 2018 ransomware attacks were at an all-time high and the ransoms asked from organizations to decrypt the locked files were also on the rise according to a report from Beazley Breach Response (BBR) Services. According to their analysis, the number of ransomware attacks more than doubled during September when compared to ...
- ‘Almost all’ Pakistani banks hacked in security breach, says FIA cybercrime head
November 6, 2018
In a shocking revelation, the head of the Federal Investigation Agency’s (FIA) cybercrime wing has said data from “almost all” Pakistani banks was stolen in a recent security breach. “According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked,” FIA Cybercrimes Director retired Capt Mohammad Shoaib told Geo News on Tuesday. When ...
- HSBC discloses security incident
November 6, 2018
Banking giant HSBC disclosed on Monday a security incident that impacted an undisclosed number of the institution’s customers. “HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018,” the bank wrote in a data breach notification lettersubmitted to Californian authorities. The bank said it suspended access to online accounts ...
- Inception Group Uses POWERSHOWER Backdoor in Two-Stage Spear Phishing Attacks
November 5, 2018
The Inception threat group has been observed exploiting the CVE-2017-11882 Microsoft Office memory corruption vulnerability and a PowerShell-based backdoor dubbed POWERSHOWER in their most recent multi-stage attack campaign during October 2018. Inception was seen in action since at least 2014, using multiple highly automated malware toolkits targeting a vast array of industries and platforms from all ...
- Two botnets are fighting over control of thousands of unsecured Android devices
November 2, 2018
Two botnet gangs are fighting to take control over as many unsecured Android devices as they can to use their resources and mine cryptocurrency behind owners’ backs. The turf war between these two botnets –one named Fbot and the other named Trinity– has been going on for at least a month if we’re to combine the ...
- Utilities, Energy Sector Attacked Mainly Via IT, Not ICS
November 1, 2018
Stealing administrative credentials to carry out months-long spy campaigns is a top threat. While industrial control systems (ICS) are the most talked-about when it comes to cyberattacks against energy and utilities firms, most attacks actually take aim at the enterprise IT networks used by these organizations, rather than critical infrastructure itself. The Vectra 2018 Spotlight Report on Energy and ...