According to security researchers at Sophos, schools, colleges, and universities face growing costs from ransomware attacks.  In a new study the researchers found that 44% of schools across 14 nations surveyed faced a ransom demand of $5m or more.  In higher education, 32% faced demands of between $1m and $5m, and 35% over $5m.  The researchers found that schools paid the highest median ransoms at $6.6m.  The researchers noted that the number of ransomware attacks against the education sector actually fell in 2024 compared with 2023.

Cisco recently announced patches for eight vulnerabilities in the IOS XR network operating system, including fixes for six high-severity bugs.  The most severe of the flaws is CVE-2024-20398 (CVSS score of 8.8), an insufficient validation of user arguments that IOS XR passes to specific CLI commands.  Cisco noted that an attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt.  A successful exploit could allow the attacker to elevate privileges to root.

According to ESET, the "CosmicBeetle" ransomware group, also known as "NONAME" or "Spacecolon," may now be affiliated with "RansomHub." ESET's recent report details the activities and tactics that CosmicBeetle has carried out since its discovery in 2023, though the group is suspected to have been active since at least 2020. In June 2024, ESET investigated an attack involving RansomHub's ransomware and Endpoint Detection and Response (EDR) killer, and discovered similarities to CosmicBeetle's previous activities.

A "simplified Chinese-speaking actor" is linked to a new Search Engine Optimization (SEO) rank manipulation campaign targeting countries in Asia and Europe. Cisco Talos calls the black hat SEO cluster "DragonRank," which has victims in Thailand, India, Korea, Belgium, the Netherlands, and China. According to security researcher Joey Chen, DragonRank exploits targets' web application services to deploy a web shell, which is then used to collect system information and launch malware.

According to the "2024 ISC2 Cybersecurity Workforce Study," the global cybersecurity workforce gap has grown by 19 percent in the past year, with an additional 4.8 million professionals needed to adequately secure organizations. The top cause of cybersecurity staffing shortages in 2024, according to ISC2 survey respondents, was a lack of budget, replacing a shortage of talent as the leading reason for these shortages in 2023. This article continues to discuss key findings from the 2024 ISC2 Cybersecurity Workforce Study.

Attackers have weaponized an "ancient" version of Microsoft Word in an attack dubbed "WordDrone." The wave of WordDrone attacks targeted Taiwanese drone manufacturers. The malware delivered in these attacks supports the performance of cyber espionage and disruption of military and satellite-related industrial supply chains. Researchers with the Acronis Threat Research Unit discovered the attack, which involves using a Dynamic Link Library (DLL) side-loading technique common in Microsoft Word installation.

Team82 security researchers at Claroty highlight that the uncontrolled use of Remote Access Tools (RATs) threatens Operational Technology (OT). According to the researchers, 55 percent of organizations have four or more RATs, and 33 percent use six or more. The team analyzed data from over 50,000 remote access-enabled devices. They found that businesses used non-enterprise-grade tools on OT network devices. These tools lack basic security features such as Multi-Factor Authentication (MFA) and privilege access management.

The Sekoia TDR team found more implants associated with the "Quad7" botnet, the operators of which are exploiting known and unknown vulnerabilities in targeting Small Office/Home Office (SOHO) and Virtual Private Network (VPN) devices. The botnet has evolved, targeting new SOHO devices, including Axentra media servers, Ruckus wireless routers, and Zyxel VPN appliances. This article continues to discuss the evolution of the Quad7 botnet's tactics.

SonicWall customers are urged to patch a critical firewall vulnerability that security researchers say is being exploited in ransomware attacks. The improper access control vulnerability in the SonicWall SonicOS management access and SSLVPN could enable unauthorized resource access and crash the firewall. This article continues to discuss the active exploitation of the critical improper access control vulnerability in ransomware attacks.

Intel has released four new advisories, one of which addresses 11 vulnerabilities impacting Unified Extensible Firmware Interface (UEFI) firmware for some server, workstation, mobile, and embedded processors. Over half of the security flaws have received a high severity rating as they can cause local privilege escalation, Denial-of-Service (DoS) attacks, or information disclosure. This article continues to discuss Intel's new advisories regarding 20 vulnerabilities impacting processors and other products.