The Guardio Labs research team discovered a security flaw, dubbed MyFlaw, in the Opera web browser for Microsoft Windows and Apple macOS, which could be used to execute any file on the underlying operating system. The Remote Code Execution (RCE) vulnerability involves My Flow, a feature that allows users to sync messages and files between mobile and desktop devices. According to the company, this is possible through a controlled browser extension, evading the browser's sandbox and the entire browser process. The vulnerability affects both the Opera browser and Opera GX.

A vulnerability, tracked as CVE-2023-36025, that Microsoft fixed in November 2023, is being used by threat actors to deliver Phemedrone Stealer. By exploiting the vulnerability, attackers can bypass Windows Defender SmartScreen checks and associated prompts. If the victim is tricked into downloading and opening a malicious file, Windows will not warn them if the service finds the file or website potentially malicious.

Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical Remote Code Execution (RCE) flaw that affects all versions released before December 5, 2023, including out-of-support releases. The vulnerability, tracked as CVE-2023-22527 with a CVSS v3 score of 10.0, is a template injection vulnerability that allows unauthenticated attackers to carry out RCE on impacted Confluence endpoints. The many potential entry points and ability to use the flaw in chained attacks widen its scope to the point where it is difficult to identify definitive exploitation signs.

Security researchers at threat intelligence and incident response firm Volexity have started seeing widespread exploitation of the recently disclosed Ivanti Connect Secure VPN appliance vulnerabilities. The researchers warned on January 10 that they had seen threat actors, a group tracked as UTA0178 and likely linked to China, exploiting two Ivanti VPN zero-day vulnerabilities in an attempt to gain access to internal networks and steal information. The vulnerabilities are an authentication bypass flaw tracked as CVE-2023-46805 and a command injection issue tracked as CVE-2024-21887.

According to security researchers at Egress, email security remained top of mind for cybersecurity professionals in 2023 as over nine in ten (94%) cyber decision-makers had to deal with a phishing attack.  This is up 2% from the previous year.  The researchers found that the top three phishing techniques used throughout 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts.

Security researchers at Microsoft and the Pacific Northwest National Laboratory (PNNL) have used artificial intelligence (AI) and supercomputing to discover a brand new substance which could reduce lithium use in batteries.  The researchers say that the material could potentially reduce lithium use by up to 70%.  Since its discovery, the new material has been used to power a lightbulb.

Security researchers at Bishop Fox have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks.  The researchers noted that these appliances are affected by two DoS security flaws tracked as CVE-2022-22274 and CVE-2023-0656, the former also allows attackers to gain remote code execution.

Juniper Networks has recently published more than two dozen security advisories to inform customers about well over 100 vulnerabilities affecting its products, with a majority of the flaws impacting third-party components.  The company has released patches and mitigations for the vulnerabilities, most of which affect its Junos operating system.  The most serious of the flaws is CVE-2024-21591, which affects Junos OS on SRX series firewalls and EX series switches.

Netscout has announced that malicious actors are increasingly abusing free cloud services, which has led to a significant spike in botnet scanning activity.  Netscout typically sees 10,000-20,000 IP addresses conducting internet scans every day.  However, the company observed an increase to more than 35,000 devices on December 8 and another spike that reached 43,000 devices on December 20.  According to the company, the number of source IPs associated with scanning activity saw a sharp increase on several days since, peaking on January 5, with nearly 1.3 million IPs.

Europol has recently announced that a 29-year-old man in Ukraine was arrested for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency.  The suspect is believed to be the mastermind behind a large-scale cryptojacking scheme that involves hijacking cloud computing resources for cryptomining.  Europol noted that by using the computing resources of others' servers to mine cryptocurrency, cybercriminals can profit at the expense of the compromised organizations, whose CPU and GPU performance is degraded by the mining.