If anyone is bored this weekend - and wants to help the edu sector out in the wake of the Canvas LMS attacks - take a gander at the recently implemented and forthcoming security patches in Canvas LMS and see what you might glean. Instructure - the company that was attacked - has provided scant technical details on how initial access and exfil happened - and as a result customers (schools and universities) are left unsure as to how to trust the software or what mitigations to put in place.

Instructure has said the attack was "carried out...by exploiting an issue related to our Free-For-Teacher accounts" instructure.com/incident_updat…

Precautionary UX changes made by Instructure in response community.instructure.com/en/d…

Instructure Enforcements, Deprecations, and Breaking Changes (which contain some upcoming security related changes): community.instructure.com/en/k…

May be other threads to pull; this is being actively worked on by many.

Thank you!

#edtech #Instructure #Canvas cc/ @funnymonkey @PogoWasRight

Instructure Enforcements, Deprecations, and Breaking Changes

Periodically functionality will be added, changed, or removed in Instructure products. Announcements are made in Release Notes on an ongoing basis.

^{InstContentTeam (Instructure, Inc.)}