Cybersecurity Daily: January 17, 2024

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for January 17, 2024.

Alerts & Advisories

• Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet
• Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now
• GitHub Rotates Credentials in Response to Vulnerability
• Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows
• MacOS info-stealers quickly evolve to evade XProtect detection
• Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software
• CISA adds patched MS SharePoint server vulnerability to KEV catalog
• WordPress Plugin Flaw Exposes 300,000+ to Hack Attacks
• Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
• Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
• Citrix warns of new Netscaler zero-days exploited in attacks
• Google fixes actively exploited Chrome zero-day (CVE-2024-0519)
• VMware patches critical access control vulnerability in Aria Automation
• Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances
• Oracle Patches 200 Vulnerabilities With January 2024 CPU
• New Bluetooth vulnerability allows takeover of iOS, Android, Linux, and MacOS devices
• Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

Cybersecurity News

• FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation
• Mandiant, SEC Lose Control of X Accounts Without 2FA
• Hyundai MEA X Account Hacked, Followed by Crypto Promotion
• Fake Recruiters Defraud Facebook Users via Remote-Work Offers
• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services
• Quantum Radiology ransomware attack turns nightmare to patients
• DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023
• Microsoft: Iranian APT Impersonating Prominent Journalist in Clever Spear-Phishing Attacks
• Swiss Govt Websites Hit by Pro-Russia Hackers After Zelensky Visit

Products & Service

• Kaspersky releases utility to detect iOS spyware infections
• Snyk Acquires Helios for Runtime Visibility
• Badge privacy-preserving authentication tool launches with Okta integration
• Keeper Security Adds Support for Hardware Security Keys as Sole 2FA Method
• Critical Start Implements Cyber Risk Assessments With Peer Benchmarking and Prioritization Engine
• Wing Security unveils automated protection against AI-SaaS risks

For the latest news on malware and ransomware, check out our latest Weekly Malware Roundup.