Top stories.
- Instructure strikes a deal with ShinyHunters.
- Texas sues Netflix over alleged data sharing.
- Humanitarian-themed phishing lures deliver stealthy Python malware.
Instructure strikes a deal with ShinyHunters.
Utah-based educational technology giant Instructure yesterday provided an update on its response to the ShinyHunters extortion campaign targeting the company, the Register reports. Instructure's CEO, Steve Daly, apologized for the lack of communication from the company, and confirmed that Instructure "reached an agreement" with the threat actor to prevent the publication of stolen customer data. Daly said the company "received digital confirmation of data destruction (shred logs)," adding, "While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible."
Instructure, which owns the Canvas learning management software, confirmed a data breach earlier this month after the ShinyHunters extortion gang listed the company on its leak site. Last Thursday, the threat actor defaced around 330 Canvas school login portals, disrupting students' access during finals week to exert additional pressure on the company to pay the ransom. Instructure says this second incident was due to a vulnerability in Free for Teacher, a product that allows teachers to create courses in Canvas. Daly stated, "We temporarily disabled Free for Teacher while we complete a full security review. We know that's disruptive, and we didn't make that call lightly. But keeping the entire Canvas platform secure has to come first."
Texas sues Netflix over alleged data sharing.
The state of Texas has sued Netflix for allegedly collecting and sharing customer data with advertisers and data brokers without obtaining consent, the Record reports. Attorney General Ken Paxton said in a press release yesterday, "Netflix uses intentional engineering to track and log users’ viewing habits, preferences, devices, household networks, application usage, and other sensitive behavioral data. Every interaction on the platform became a data point revealing information about the user. This tracking applied to not only adults' accounts, but also kids' profiles. Netflix has then disclosed this information to commercial data brokers and advertising technology companies, where it was combined with data collected from other platforms to build detailed consumer profiles."
The lawsuit, filed under the Texas Deceptive Trade Practices Act (DTPA), "seeks to stop the unlawful collection and disclosure of user data, require Netflix to disable autoplay by default on kids’ profiles, and secure other injunctive relief and civil penalties."
A spokesperson for Netflix said the lawsuit "lacks merit and is based on inaccurate and distorted information," adding, "We look forward to addressing the Texas Attorney General’s allegations in court and further explaining our industry-leading, kid‑friendly parental controls and transparent privacy practices."
Humanitarian-themed phishing lures deliver stealthy Python malware.
Cyble has published a report on a cyberespionage campaign that's using humanitarian-themed phishing lures to deliver a fileless Python infostealer to Russian-speaking targets. The researchers note, "The Python implant goes beyond credential collection. It enables the attacker to monitor every action a victim takes, collect active browser sessions, capture communications, and maintain live remote desktop access. The use of PyArmor v9.2 Pro for payload obfuscation, GitHub Releases for payload hosting, and a custom Flask C2 panel demonstrates a technically skilled and operationally disciplined threat actor."
