The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage.
Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly.
Which seems to have paid off. On the Instructure web page about the recent data breach, a status update dated May 11, 26 says:
“We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.
With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
Read more…
Source: Malwarebites Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware Attack Cripples Cosco Shipping Network – Report
July 26, 2018
A shipping giant is likely to run up in millions of dollars of additional costs after a ransomware attack apparently crippled its US network. The attack was against COSCO (China Ocean Shipping Company), which is a Chinese owned shipping giant. It comes after its larger shipping rival Maersk admitted in August 2017 that its operations had been impacted by ...
- Hackers Breach Virginia Bank, Make Off With Millions
July 25, 2018
Hackers have compromised a bank in the United States twice in the past eight months and made off with millions of dollars. But the cyber attacks has resulted in a spat between the bank and its insurer provider which is refusing to fully cover the losses. The incident is a salient reminder of the online threat being ...
- Emotet Malware Evolves Beyond Banking to Threat Delivery Service
July 24, 2018
The Emotet trojan has been popping up in the news for years: From widespread malspam infections of banking German targets in 2014, all the way up to the costly infection of a New Hampshire town’s computer network in July. And while the tricky Emotet malware first emerged targeting banking credentials, lately researchers have spotted the trojan ...
- Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT
July 20, 2018
A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create “shortcuts” to various Windows 10 setting pages. “All this file does is open the Control Panel ...
- Singapore’s Largest Healthcare Group Hacked, 1.5 Million Patient Records Stolen
July 20, 2018
Singapore’s largest healthcare group, SingHealth, has suffered a massive data breach that allowed hackers to snatch personal information on 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018. SingHealth is the largest healthcare group in Singapore with 2 tertiary hospitals, 5 national specialty , and eight polyclinics. According to an advisory released by Singapore’s Ministry ...
- Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch
July 20, 2018
Hackers stole almost $1m from a Russian bank earlier this month after breaching its network via an outdated router. PIR Bank was looted by the notorious MoneyTaker hacking group, according to Group-IB, the Moscow-based security firm called in by the bank to handle incident response. Funds were stolen on 3 July through the Russian Central Bank’s Automated ...