While there is no evidence that the flaws have been exploited in the wild, it’s recommended that users take steps to update their installations to the latest version to mitigate potential risks.
The cyberattack has forced the affected Chambers to disconnect from the network and take their systems offline, causing disruption to vocational training and other online services.
The Saudi Ministry of Industry and Mineral Resources (MIM) had a sensitive environment file exposed for 15 months, potentially allowing attackers to gain unauthorized access and launch ransomware attacks.
The Refuah Health Center in New York has been fined up to $450,000 and required to invest over $1 million in improving its data security following a ransomware attack in 2021.
The authentication bypass flaw in OFBiz allows attackers to remotely execute arbitrary code and access sensitive information. Upgrading to OFBiz version 18.12.11 is crucial to patch both this zero-day vulnerability and another equally serious hole.
The attack was carried out by the Rhysida ransomware gang, who also claimed responsibility for attacking the Lutheran World Federation, a member of the WCC. The WCC’s systems went down on December 26, 2023.
Over the weekend, the Maldives government websites experienced a cyberattack, resulting in temporary unavailability of the President’s office, Foreign Ministry, and Tourism Ministry websites.
Google downplays the severity of the issue, treating it as regular cookie theft and suggesting users log out of their Chrome browser to invalidate the stolen cookies and tokens.
The NoName group has reportedly targeted several Ukrainian government websites, including Accordbank, Zaporizhzhya Titanium-Magnesium Plant, and the State Tax Service. The group posted a list of their latest DDoS attack victims on the dark web.
Cybercriminals are increasingly relying on ready-made bots and human fraud farms, which account for the majority of malicious website and app traffic, highlighting the need for robust defenses.