Studentnet^®: Canvas Data Breach Advisory

Media reports

• Links to media reports of the breach

• https://www.techrepublic.com/article/news-canvas-instructure-breach-275m-users/
• https://www.abc.net.au/news/2026-05-06/australian-educational-facilities-impacted-by-canvas-hack/106650094
• https://www.msn.com/en-au/news/other/australian-universities-probe-canvas-hack-as-ransom-deadline-nears/gm-GMBE2BA5F5
• https://athenaboard.com/2026/05/06/the-canvas-data-breach-a-vital-wake-up-call-for-australian-education-governance/
• https://cybernews.com/security/canvas-lms-shinyhunters-data-breach/
• https://www.bitdefender.com/en-us/blog/hotforsecurity/canvas-data-breach-2026

• Studentnet advice to ensure secure operation

• Studentnet advice to schools is to:
• rotate their Canvas API keys, and then
• Configure new keys in their CLoudwork dashboard
• Breadcrumb: Home>Domains>Canvas
• Establish authorisation rules to control who can still login to Canvas. You may wish to inhibit all access or just restrict access to certain staff. More information on how to establish authorisation rules can be found here: https://wiki.studentnet.net/index.php/Authorization_Rules

Follow up

• Please submit tickets via:

• email: help@studentnet.net
• ticket portal: https://support.studentnet.net
• phone for urgent support: +61 2 9281 1626

Perth school students involved in data breach

With another student hacking story in the news this week, we've put together some information to help you stay secure. #cybersecurity #schools #cloudwork #sso

 

 

Urgent Upgrade Notice V47-Android Auth app June 21, 2024

The Cloudwork Operations team advise of a critical upgrade affecting the Cloudwork Android authenticator app(both the generic version and the school branded version). On the 21st June 2024, Google are deprecating the Android push notification APIs currently used in Cloudwork V46(and previous). Cloudwork's V47 supports the new Google APIs. If you are using the Android version of our app, the upgrade needs to be deployed to your school by 21/6/2024. We need to schedule in a time slot to upgrade your school to the latest Cloudwork V47 in order to continue supporting push notifications in Android. (Please note that even if you do not receive the notification, you can still open the app on your phone after being prompted in the browser to complete authentication). Please send an email to help@studentnet.net advising us of your preferred date and time for completing the deploy of V47. This will create a ticket which you can use to monitor the progress of this task. Thank you for your assistance in completing this critical task. The Studentnet Team

Social Media Sign On - Cloudwork v46 Release Notes

 

Cloudwork^® v46 Release Notes

New Features

• Social Media Sign Ons

• Added the ability to enable and configure Social Authentication (Log in with Facebook, Microsoft, Google, Apple)

• Automatic provisioning of accounts permitted to use Social Media Sign Ons

• Increased security through independent account verification
  

  OU level granular configurability

• Adobe syncing

• Redesigned for greater efficiency and volume handling

• Increased volume capacity by addressing Adobe API's Rate Limiting Issues, improving Cloudwork's Adobe Sync Processes

• Able to Sync Cloudwork's Users, Groups and Group members into Adobe for creating, updating and deleting accounts.

• Improved simplified IT administrator workflow with Cloudwork's Adobe Sync. The Admin no longer needs to manually implement licences to each user in the Adobe Admin Console. Once Cloudwork's Users, Groups and Group Members are synced into Adobe, the Admin will only need to implement a licence profile to a Group within the Adobe Admin Console

• Automated linking of Adobe accounts into Cloudwork. Cloudwork's Adobe Sync will check for existing Adobe Users, and if the email matches, it will link the Adobe Account to Cloudwork.

• Suspended Options for Cloudwork Users. The options are to either be removed from the Adobe Organization, removed from the Adobe Organization and delete the account permanently, or ignored.

• Any changes or updates on a Cloudwork OU or Group regarding Name Changes or Deletions from Cloudwork will be correctly updated in Cloudwork's Adobe configuration. This fixes syncing issues for those OU or Groups that had been updated, which now correctly includes them in the Adobe sync process.

• Log export to SIEM services

• Initially support QRadar SIEM.

• Currently integrated through SecureISS accessing Cloudwork APIs.

• Forgot Username messages

• New template options

Fixes and improvements

• Added the "I trust this device" option to the Cloudwork Authenticator MFA method

• Fixed an issue where Multifactor authentication and ADFS prompted too often

• Fixed some bugs around authorization rules and MFA

• Fixed an issue where the trust token for MFA was some times not stored correctly

• Fixed some sync profiles losing custom attributes

• Small updates to Azure syncing

• Fixes to User search: Will now search alternate email addresses

• Fixes to Groups UI: Groups with multiple group types no longer breaks the Groups UI

• Other UI improvements: Spelling mistakes, grammar improvements

• Started transitioning to Sendgrid's API instead of SMTP for sending email

Passwordless Sign On - Simple, Convenient Secure

Cloudwork PlatformID - world first support for Apple's Platform SSO

 

Apple's Platform SSO: An independent status update   In a significant first for local innovation, Cloudwork® is proud to advise the availability of Cloudwork PlatformID v1 supporting Apple Mac's Extensible SSO and Platform SSO v1.   Schools planning their 2024 device management need to know more about the status and relevance of this announcement.

Image source: Apple.com

Let's start with a quick re-cap: Apple announced both Extensible SSO and Platform SSO v1 at their June, 2022 WWDC. The announcement stated: Extensible SSO will allow seamless single sign-on for users, instead of separate sign-ons for device access, apps and websites. Platform SSO allows school administrators to use identity provider (IdP) credentials to centrally manage passwords, permissions and group memberships. To support these new features, Identity Providers needed to build an installable extension for the managed Mac devices. At the time of announcement, very scant details or documentation were available to Identity Providers to build this new extension. Cloudwork responded to these announcements by committing to providing support for both Extensible and Platform SSO. In a significant first for local innovation, Cloudwork® is proud to advise the availability of Cloudwork PlatformID v1 supporting Apple Mac's Extensible SSO and Platform SSO v1. Using Jamf Pro as the Mobile Device Manager (MDM) and Cloudwork as the Identity Provider we'd like to walk you through an end-to-end experience starting from a clean Mac moving on to password synchronisation and desktop and web sign-on integration. The walk through can be experienced via these four videos: CloudworkPlatformIDv1-Step1-EnrolDevice CloudworkPlatformIDv1-Step2-RegisterUser CloudworkPlatformIDv1-Step3-PasswordSync CloudworkPlatformIDv1-Step4-MacExtensibleSSO

But the story does not end there.
 

At the June 2023 WWDC Apple announced the availability of Platform SSO v2, significantly enhancing its functional range and value:

• Supports local accounts: Platform SSO is designed to be a modern replacement for binding to directory services.
• Integrates into macOS: Platform SSO is integrated with macOS and doesn't use JavaScript or render webpages for authentication.
• Creating users on demand: New local user accounts can be created on demand at the login window using IdP credentials.
• Integrates IdP group membership with macOS: Mobile device management (MDM) configurable groups can be used to manage account permissions.
• Enables the use of network accounts for Authorization: Groups can also be used to authorize network accounts.
• Supports multiple authentication methods: Platform SSO supports many different authentication methods with an IdP.

Cloudwork® has committed to building support for v2 into Cloudwork's PlatformID feature.

Our target is to have v2 available this year for testing in Q4 2023, in time to support schools for the 2024 academic year.

There's a lot in this announcement.

Start your 2024 planning process now! Contact us to arrange a planning session to work through the best options for your school community.

SBS Insight Identity Crime program

SBS Insight: Identity Crime

The SBS Insight program has prepared an episode devoted to Identity Crime. I attended the recording of the episode last night as a non-speaking audience member.

Some of the stories are absolutely harrowing.

They included examples of breaches involving schools. This is a don't miss episode for anybody interested in identity theft and resulting crimes - especially in the education community.

I am so glad that Studentnet is investing so much effort into our Identity Protection initiative for Australian schools.

Insight's Identity Crime episode is scheduled to broadcast on February 28.

Kevin Karp, Studentnet