Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
The Canvas Breach Follow-Up: Instructure Reaches an “Agreement” with ShinyHunters
If you caught my update last week, you know we’ve been tracking the massive security nightmare hitting Canvas and its parent company, Instructure. The situation took an even wilder turn just days later when the “ShinyHunters” extortion gang struck again. The hackers exploited multiple cross-site scripting (XSS) vulnerabilities within the platform’s Free-For-Teacher environment to hijack administrator sessions, defacing Canvas login portals across hundreds of universities and threatening a massive data dump if a ransom wasn’t paid by May 12th.
Right as the deadline hit, Instructure announced they reached an “agreement” with the cybercrime group to prevent the leak of 3.65 terabytes of stolen student and teacher data. According to the company, ShinyHunters returned the data, provided “shred logs” confirming its destruction, and removed Instructure from their dark web leak site. Instructure sought to reassure the academic community by stating that no individual schools or customers would face further extortion, though the platform has temporarily shut down Free-For-Teacher accounts while they overhaul their security.
While a public data dump was averted, the cybersecurity community is treating this deal with heavy skepticism. As the FBI routinely warns, paying extortionists offers zero guarantees, and there is nothing stopping the hackers from secretly keeping copies of the database to sell or exploit later. Even though an agreement was signed, the threat of highly targeted phishing scams using leaked school IDs and emails remains high, so keep your passwords updated, watch out for suspicious links, and make sure your Multi-Factor Authentication (MFA) is turned on.
Projects
- TryHackMe – Session Management – Complete
- TryHackMe – Secure Network Architecture – In Progress
Videos
Articles
- Over 500 Organizations Hit in Years-Long Phishing Campaign – Victims span across the aviation, critical infrastructure, energy, logistics, public administration, and technology sectors.
- Google: Hackers used AI to develop zero-day exploit for web admin tool – Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI.
- Instructure reaches ‘agreement’ with ShinyHunters to stop data leak – Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an “agreement” with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online.
- BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months – Threat actors obtained names and contact information for an unspecified number of BWH Hotels guests.
- Foxconn Confirms North American Factories Hit by Cyberattack – The Nitrogen ransomware group claims to have hacked the company’s systems, stealing 8TB of data, including confidential documents.
- Dell confirms its SupportAssist software causes Windows BSOD crashes – Dell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of user reports about random reboots affecting Dell devices since Friday.