News Roundup — January 17th 2024 edition. We’re back!!!
This week in cybersecurity, we witnessed a variety of significant security incidents and updates. GitHub responded to a credential exposure flaw by rotating keys, while Ivanti faced a surge in zero-day exploits. Bosch’s smart thermostats were hit by a firmware bug, and Atlassian urgently called for patching a critical bug. AI’s role in voice-faking scams raised new concerns, and the FBI identified the Androxgh0st malware botnet as a threat to AWS and Microsoft credentials.
Ransomware incidents significantly increased in 2023, with one hacker illegally mining crypto on a massive scale by spinning up 1 million virtual servers. The SEC faced Senate scrutiny over its handling of a crypto hack, and GitLab alerted users to a critical account hijacking vulnerability. The FBI warned of potential election-related chaos in 2024, and Mandiant and the SEC struggled with X accounts lacking 2FA. NIST focused on AI security threats, and discussions around education for federal cybersecurity jobs gained momentum.
Meanwhile, cyber insurers debated exclusions related to war, and hospitality hackers targeted hotel booking logins. An e-crime rapper’s new card shop and CISA’s warning about targeted AWS and Microsoft 365 accounts by Androxgh0st underscored the ongoing and diverse cybersecurity challenges.
