Canvas Breach Highlights Growing Risks to Students, Parents, and Schools

This week, news broke that cybercriminals targeted the popular education platform Canvas, impacting schools and universities across the country, including organizations here in metro Atlanta. According to reports, attackers may have accessed user data including names, email addresses, and private messages within the platform. I spoke with WSB-TV Channel 2 Atlanta about the incident and what it means for parents, schools, and students moving forward. The reality is simple: educational platforms have become high-value targets for cybercriminals. Schools hold enormous amounts of sensitive information, and unlike many enterprises, they often operate with limited security staffing and constrained budgets. What makes this incident particularly concerning is not just the exposure of names or email addresses. It's the potential misuse of private communications and student-related information. When attackers gain access to communication platforms used daily by students and teachers, the risks quickly move beyond technology and into personal safety, social engineering, harassment,…

0 Comments

Monthly Threat Brief: April 2026

Monthly Threat Brief: What Shaped Cyber Risk in April 2026 Cyber risk in April wasn't defined by a single event, it was shaped by patterns. Across environments, attackers are continuing to shift how they operate - leaning into trusted tools, valid access, and speed. This month's developments highlight a clear reality: the attack surface isn't just expanding, it's blending into normal business activity in ways that are harder to detect and easier to overlook. Here's what stood out. Social Engineering Is Moving Into Everyday Tools Phishing hasn't gone away, it's just changed form. Instead of relying solely on email, attackers are now initiating conversations through platforms employees already trust, like collaboration and messaging tools. By impersonating internal IT or helpdesk personnel, they're able to guide users into launching legitimate remote support tools and granting access themselves. Because these interactions happen in familiar environments and follow what looks like normal workflow,…

Comments Off on Monthly Threat Brief: April 2026

Critical Path Security Advisory: Defending Against Attacks from Compromised Networks

This advisory details steps organizations can take to defend against attacks originating from large, dynamic networks of compromised devices, based on guidance from the National Cyber Security Centre. The recommendations are tailored based on organizational size and risk level. All Organizations: The NCSC recommends mapping and understanding your network edge devices to gain a clear understanding of organizational assets and expected connections. General good cyber security practices should also be followed. Larger or More At-Risk Organizations: For organizations facing higher risk, consider these more comprehensive measures, either in-house or through a security provider: Apply IP address allow lists instead of deny lists for connections to corporate VPNs for remote workers. Use geographic allow lists or profile incoming connections based on operating system, time zones, and/or organization-specific system configuration settings. Implement zero trust policies for connections. Enforce machine certificates for Secure Sockets Layer (SSL) connections. Reduce the internet-facing presence of your IT…

0 Comments

Fortinet FortiClient EMS – Unauthenticated Remote Code Execution (CVE-2026-35616)

Critical Security Bulletin Fortinet FortiClient EMS - Unauthenticated Remote Code Execution (CVE-2026-35616)Advisory: Fortinet PSIRT FG-IR-26-099Published: April 4, 2026Severity: Critical (CVSS 9.1-9.8)Status: Active exploitation observed Executive Summary A critical vulnerability in Fortinet FortiClient EMS (Endpoint Management Server) allows unauthenticated remote attackers to execute arbitrary code via crafted API requests. This issue, tracked as CVE-2026-35616, stems from improper access control in exposed API functionality and requires no authentication or user interaction. Active exploitation has already been observed in the wild, elevating this from a patching priority to an immediate incident response concern. Technical Overview Vulnerability Type: Improper Access Control (CWE-284) Attack Vector: Network (remote, unauthenticated) Component: FortiClient EMS API Attack Complexity: Low Privileges Required: None User Interaction: None The flaw allows attackers to bypass API authentication controls and submit crafted requests that execute arbitrary code on the EMS server. Root Cause Failure to properly enforce authentication and authorization checks within API endpoints…

0 Comments