A number of US school districts, already stressed by the unfamiliarity of distance-learning systems whose use the COVID-19 pandemic has imposed on them, are recovering from a range of cyberattacks. A few, like the distributed denial-of-service attack the Miami-Dade Public Schools sustained last week, were essentially cyber-enabled truancy (“so easy a teenager could do it," as WPLG sniffed haughtily). But ransomware seems to have been more common. The case of the Hartford (Connecticut) Public Schools is representative: a ransomware infestation forced a delayed opening.
Schools in Toledo, Ohio (as reported by WTOL) and Clark County, Nevada (in an incident described by the AP) were among the larger systems similarly afflicted. Schools are reopening as they’re able, but Tuesday’s planned first day was, for many students, disrupted. Ransomware operators are attracted to targets during periods of heightened vulnerability, and schools attempting to operate either fully remotely or in some hybrid combination of distance and in-person instruction present criminals an opportunity.
Yesterday was September’s Patch Tuesday, and the Zero-Day Initiative has a summary of the major fixes. Adobe’s three patches addressed Framemaker (out-of-bounds read and stack-based buffer overflow), InDesign (memory corruption problems), and Experience Manager (mostly cross-site scripting issues). Microsoft’s one-hundred-twenty-nine fixes dealt with issues in Microsoft Windows, Edge, ChakraCore, Internet Explorer, SQL Server, Office and Office Services and Web Apps, Microsoft Dynamics, Visual Studio, Exchange Server, ASP.NET, OneDrive, and Azure DevOps. Twenty three of the patches are rated “Critical,” one hundred five as "Important," and one as being of "Moderate" severity.