Weekly Update 503

Instructure, the company behind the Canvas learning management system, has not yet publicly addressed a potential data breach, despite a deadline set by a ransomware group known as ShinyHunters. The group had threatened to leak data allegedly stolen from Instructure by November 20th.
As of November 19th, the ShinyHunters website did not feature any data attributed to Instructure. Instead, a press statement from Instructure was present, which the company described as "we're not making any statements." This indicates a lack of public communication from Instructure regarding the alleged incident.

The situation remains fluid, with the deadline for the alleged data leak approaching. It is unclear whether ShinyHunters will proceed with releasing any information or if a resolution has been reached between the ransomware group and Instructure.
This incident highlights the ongoing threat posed by ransomware groups targeting organizations and the potential consequences of data exfiltration. Companies are often faced with difficult decisions when confronting such attacks, balancing the risks of data exposure against the demands of cybercriminals.
Further updates are expected as the situation develops. Organizations are generally advised to maintain robust cybersecurity practices, including regular data backups, strong access controls, and employee training on phishing and social engineering tactics, to mitigate the impact of potential cyberattacks.





