<![CDATA[If anyone is bored this weekend - and wants to help the edu sector out in the wake of the Canvas LMS attacks - take a gander at the recently implemented and forthcoming security patches in Canvas LMS and see what you might glean.]]>If anyone is bored this weekend - and wants to help the edu sector out in the wake of the Canvas LMS attacks - take a gander at the recently implemented and forthcoming security patches in Canvas LMS and see what you might glean. Instructure - the company that was attacked - has provided scant technical details on how initial access and exfil happened - and as a result customers (schools and universities) are left unsure as to how to trust the software or what mitigations to put in place.

Instructure has said the attack was "carried out...by exploiting an issue related to our Free-For-Teacher accounts" https://www.instructure.com/incident_update

Precautionary UX changes made by Instructure in response https://community.instructure.com/en/discussion/666044/incident-change-log-for-may-2026

Instructure Enforcements, Deprecations, and Breaking Changes (which contain some upcoming security related changes): https://community.instructure.com/en/kb/articles/664261-instructure-enforcements-deprecations-and-breaking-changes

May be other threads to pull; this is being actively worked on by many.

Thank you!

cc/ @funnymonkey @PogoWasRight

]]>https://board.circlewithadot.net/topic/a86847c5-e991-41b6-9f04-84b93d2e2cde/if-anyone-is-bored-this-weekend-and-wants-to-help-the-edu-sector-out-in-the-wake-of-the-canvas-lms-attacks-take-a-gander-at-the-recently-implemented-and-forthcoming-security-patches-in-canvas-lms-and-see-what-you-might-glean.RSS for NodeFri, 15 May 2026 02:34:13 GMTSat, 09 May 2026 17:16:04 GMT60<![CDATA[Reply to If anyone is bored this weekend - and wants to help the edu sector out in the wake of the Canvas LMS attacks - take a gander at the recently implemented and forthcoming security patches in Canvas LMS and see what you might glean. on Sat, 09 May 2026 19:47:18 GMT]]>@knapjack While some have claimed that the Canvas login page was 'hacked' - including most of the intial media reports - I suspect it was the compromise of a built-in broadcast messaging feature. (Though, I suppose it could be both, or something else all together.)

Reporter Joe Tidy (BBC) describes a report of how the delivery of Friday's exortion demand was experienced by active users:

Link Preview Image
Cyber Attack Disrupts Student Exam | Joe Tidy posted on the topic | LinkedIn

It's really hard to bring cyber attacks to life for the average reader. As my mum always helpfully reminds me - [in a Dudley accent] "cyber is bloody boring!". But I spoke to a student who's exam was literally interupted by the Canvas hack and it was one of those rare visual incidents that makes you wonder at the power of these cyber criminals. Oh and I asked Shiny Hunters if they cared about the impact and disruption they were having on people like Aubrey. "We don't have a comment about that", was the answer. https://lnkd.in/e76nRswq

favicon

LinkedIn (www.linkedin.com)

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/douglevin/statuses/116546341319842289https://board.circlewithadot.net/post/https://infosec.exchange/users/douglevin/statuses/116546341319842289Sat, 09 May 2026 19:47:18 GMT<![CDATA[Reply to If anyone is bored this weekend - and wants to help the edu sector out in the wake of the Canvas LMS attacks - take a gander at the recently implemented and forthcoming security patches in Canvas LMS and see what you might glean. on Sat, 09 May 2026 19:04:10 GMT]]>Thanks for your insights.

@knapjack re: defacing see: https://news.ycombinator.com/item?id=48057532 (low confidence, but could be legit)

Many rumors of info stealers on login page, but near as I can tell it all goes back to this claim: https://old.reddit.com/r/sysadmin/comments/1t6m7e0/canvas_instructure_lms_seems_to_have_been_hit_by/okijzkm/ (which also is low confidence)

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/douglevin/statuses/116546171729371879https://board.circlewithadot.net/post/https://infosec.exchange/users/douglevin/statuses/116546171729371879Sat, 09 May 2026 19:04:10 GMT<![CDATA[Reply to If anyone is bored this weekend - and wants to help the edu sector out in the wake of the Canvas LMS attacks - take a gander at the recently implemented and forthcoming security patches in Canvas LMS and see what you might glean. on Sat, 09 May 2026 18:12:38 GMT]]>@douglevin I have my theories. None of them good. Most involve crappy API key handling and OWASP Top 10 vulnerabilities in the front end for the exfil, but it has to be more than that for the defacing of the website. I have trouble letting go of them having access to the CI/CD pipeline to pull that off, which smells of something much different than what I can envision from their public info dumps.

]]>https://board.circlewithadot.net/post/https://social.vivaldi.net/ap/users/116387395794911208/statuses/116545969101727895https://board.circlewithadot.net/post/https://social.vivaldi.net/ap/users/116387395794911208/statuses/116545969101727895Sat, 09 May 2026 18:12:38 GMT