Monthly Security Bulletin – January 2024

This month’s security bulletin hot topics:

1. Hackers breach US govt agencies using Adobe ColdFusion exploit

2. “Sierra:21” vulnerabilities impact critical infrastructure routers 

3. US senator: Govts spy on Apple, Google users via mobile notifications

4. New SLAM attack steals sensitive data from AMD, future Intel CPUs  

5. AutoSpill attack steals credentials from Android password managers 

6. Toyota warns customers of data breach exposing personal, financial info  

7. 50K WordPress sites exposed to RCE attacks by critical bug in backup plugin 

8. Microsoft disrupts cybercrime gang behind 750 million fraudulent accounts  

9. Ubiquiti users report having access to others’ UniFi routers, cameras 

10. MongoDB says customer data was exposed in a cyberattack  

11. Terrapin attacks can downgrade security of OpenSSH connections 

12. Interpol operation arrests 3,500 cybercriminals, seizes $300 million

13. BlackCat Ransomware Raises Ante After FBI Disruption 

14. New phishing attack steals your Instagram backup codes to bypass 2FA

15. Android malware Chameleon disables Fingerprint Unlock to steal PINs

16. Lapsus$ hacker behind GTA 6 leak gets indefinite hospital sentence

17. Fake VPN Chrome extensions force-installed 1.5 million times

18. Europol warns 443 online shops infected with credit card stealers

19. Nissan Australia cyberattack claimed by Akira ransomware gang

20. New Xamalicious Android malware installed 330k times on Google Play

21. Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts