Monthly Security Bulletin – January 2023

January hot topics:

• Hyundai app bugs allowed hackers to remotely unlock, start cars
• Sirius XM Software Vulnerability
• ConnectWise Quietly Patches Flaw That Helps Phishers
• New CryWiper data wiper targets Russian courts, mayor’s offices
• Sneaky hackers reverse defense mitigations when detected
• Massive DDoS attack takes down Russia’s second-largest bank VTB
• Rackspace says ransomware is behind four-day Exchange outage
• Antivirus and EDR solutions tricked into acting as data wipers
• Cisco discloses high-severity IP phone zero-day with exploit code
• New Python malware backdoors VMware ESXi servers for remote access
• Microsoft finds macOS bug that lets malware bypass security checks
• Okta’s source code stolen after GitHub repositories hacked
• Critical Microsoft Code-Execution Vulnerability
• Hackers exploit bug in WordPress gift card plugin with 50K installs
• Hacker claims to be selling Twitter data of 400 million users
• New info-stealer malware infects software pirates via fake cracks sites
• EarSpy attack eavesdrops on Android phones via motion sensors
• Hackers steal $8 million from users running trojanized BitKeep apps
• Thousands of Citrix servers vulnerable to patched critical flaws
• Hackers abuse Google Ads to spread malware in legit software
• Google Home speakers allowed hackers to snoop on conversations