Stolen Canvas data was “returned” after hacker agreement, Instructure says

The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage. Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering...

The Canvas Hack Is a New Kind of Ransomware Debacle

Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters...

CVE-2021-36539

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...

Fearing WannaCry-Level Danger, Enterprises Wrestle with BlueKeep

The nightmare vision of a “mega-worm” global BlueKeep infection could be closer to becoming reality as working exploits are now becoming available to the public, and there’s evidence that adversaries are actively scanning for the vulnerability. Researchers weighed in with Threatpost about how...

cnvs Canvas Cross-Site Scripting Vulnerability

cnvs.io Canvas is a blog publishing platform. An XSS cross-site scripting vulnerability exists in the title and content fields of the "Posts Add New" action and during the creation of new tags and users in Canvas, which can be exploited by attackers to steal sensitive information such as cookies...