"Students across the United States were locked out of coursework, quizzes, and grades during finals week after threat actors defaced hundreds of Canvas login portals in a ShinyHunters-linked extortion campaign."
"“ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some 'security patches,'” the group wrote in a Canvas login portal defacement message, according to BleepingComputer."
"Reports indicate that the attackers exploited a vulnerability that allowed them to modify institutional login pages. The disruption impacted colleges, universities, and school districts worldwide, underscoring the growing cybersecurity risks facing cloud-based education platforms."
"Canvas is placed into maintenance mode while the investigation continues. The incident follows claims that attackers stole 280 million student and staff records tied to Canvas platforms, highlighting the growing risks associated with centralized cloud-based education platforms and SaaS extortion tactics."
ShinyHunters-linked threat actors defaced hundreds of Instructure Canvas login portals, disrupting access to coursework, quizzes, and grades during US university finals week. Approximately 330 educational institutions were affected, including colleges, universities, and school districts, with reports also indicating impact in Australia. The defacement prevented students and faculty from using Canvas services at a critical time. The incident follows prior claims of stolen student and staff records tied to Canvas platforms. Reports indicate attackers exploited a vulnerability that enabled modification of institutional login pages. Canvas was placed into maintenance mode while investigation and remediation continued, underscoring growing risks for centralized cloud-based education platforms and SaaS extortion tactics.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]