When it comes to software, schools are either on top of it or a little behind. The reason being is mostly the budgets they have to deal with, one piece of software that is often ignored by schools, which tend to have to work on the “if it isn’t broken we don’t need to replace it” policy, is the Library management software. If people are using any of Follett’s old library management software, they may want to change that approach and update soon as it’s been revealed that the software may be open to ransomware attacks.
The vulnerability was discovered by Cisco’s Talos group and found that users could remotely install backdoors and ransomware code to the JBoss web server element of the library management system, leaving users with either a large bill or no access to their libraries information.
Follett has not sat idly by with them already releasing a patching system to fix the flaws that expose the system and it even picks up any unofficial files which may have been snuck on to compromise the servers. Working with the Talos group, Follett is seeking to inform customers about the security risk and how to address the issue, potentially removing the threat and damage it could do before someone manages to make any money off of your local schools’ library.