Cybersecurity Daily: January 4, 2024

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for January 4, 2024.

Alerts & Advisories

• Google Patches Six Vulnerabilities With First Chrome Update of 2024
• Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service
• ‘Operation Triangulation’ Spyware Attackers Bypass iPhone Memory Protections
• Microsoft disables online Windows App Installer after attackers abuse it
• New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
• Attackers Abuse Google OAuth Endpoint to Hijack User Sessions
• 650,000+ Malicious Domains Registered Resembling ChatGPT
• Hacked Mandiant X Account Abused for Cryptocurrency Theft
• Apache ERP Zero-Day Underscores Dangers of Incomplete Patches
• Ivanti warns critical EPM bug lets hackers hijack enrolled devices
• ‘everything’ blocks devs from removing their own npm packages
• Over 1800 global banking apps targeted by 29 malware variants
• Experts found 3 malicious packages hiding crypto miners in PyPi repository

Cybersecurity News

• Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns
• The U. S. Cyber Trust Mark: Providing Assurance That IoT Devices Are Trustworthy
• UAE Banks on AI to Boost Cybersecurity
• Researchers released a free decryptor for Black Basta ransomware
• Cybercriminals Share Millions of Stolen Records During Holiday Break
• Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in ‘Incognito Mode’
• Cyberattackers Target Nuclear Waste Company via LinkedIn
• Hacker hijacks Orange Spain RIPE account to cause BGP havoc
• LastPass now requires 12-character master passwords for better security
• 4.5 Million Individuals Affected by Data Breach at HealthEC
• Don’t trust links with known domains: BMW affected by redirect vulnerability
• Ukraine’s SBU said that Russia’s intelligence hacked surveillance cameras to direct a missile strike on Kyiv
• Administrator Account For Middle East Internet Registry Hacked

Products & Service

• Airbus Looks to Acquire Atos Cybersecurity Unit for Nearly $2 Billion
• SonicWall buys up SSE startup to accelerate SASE offerings
• Palo Alto Networks Closes Talon Cybersecurity Acquisition
• SentinelOne acquires PingSafe to expand cloud security capabilities
• DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts

For the latest news on malware and ransomware, check out our latest Weekly Malware Roundup.