The Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog now includes a critical Microsoft SharePoint server bug that can be used as part of a Remote Code Execution (RCE) exploit chain. The vulnerability, tracked as CVE-2023-29357, is an elevation of privilege flaw with a CVSS v3 score of 9.8. The flaw enables attackers to gain administrator privileges on the SharePoint host by using spoofed JSON web tokens (JWTs).

According to security researchers at Comparitech, crypto heists increased in volume by 42% in 2023, with 283 incidents.  This compares to 199 crypto theft incidents in 2022.  However, the total monetary value stolen in 2023 fell by 51% from $3.55bn in 2022 to $1.75bn.  The researchers noted that worryingly, $16.93m of crypto has already been stolen in 2024 as of January 15.  This is double the $8.37m stolen throughout January 2023.

The first research program at Imperial College London's first overseas research and innovation center in Singapore, is a major $20 million grant in collaboration with Nanyang Technological University, Singapore (NTU Singapore), to improve the cybersecurity of medical devices and health data. The IN-CYPHER program will use Imperial's expertise in this area to help Singapore become a global leader in health cybersecurity and Artificial Intelligence (AI) for healthcare.

The Guardio Labs research team discovered a security flaw, dubbed MyFlaw, in the Opera web browser for Microsoft Windows and Apple macOS, which could be used to execute any file on the underlying operating system. The Remote Code Execution (RCE) vulnerability involves My Flow, a feature that allows users to sync messages and files between mobile and desktop devices. According to the company, this is possible through a controlled browser extension, evading the browser's sandbox and the entire browser process. The vulnerability affects both the Opera browser and Opera GX.

A vulnerability, tracked as CVE-2023-36025, that Microsoft fixed in November 2023, is being used by threat actors to deliver Phemedrone Stealer. By exploiting the vulnerability, attackers can bypass Windows Defender SmartScreen checks and associated prompts. If the victim is tricked into downloading and opening a malicious file, Windows will not warn them if the service finds the file or website potentially malicious.

Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical Remote Code Execution (RCE) flaw that affects all versions released before December 5, 2023, including out-of-support releases. The vulnerability, tracked as CVE-2023-22527 with a CVSS v3 score of 10.0, is a template injection vulnerability that allows unauthenticated attackers to carry out RCE on impacted Confluence endpoints. The many potential entry points and ability to use the flaw in chained attacks widen its scope to the point where it is difficult to identify definitive exploitation signs.

Security researchers at threat intelligence and incident response firm Volexity have started seeing widespread exploitation of the recently disclosed Ivanti Connect Secure VPN appliance vulnerabilities. The researchers warned on January 10 that they had seen threat actors, a group tracked as UTA0178 and likely linked to China, exploiting two Ivanti VPN zero-day vulnerabilities in an attempt to gain access to internal networks and steal information. The vulnerabilities are an authentication bypass flaw tracked as CVE-2023-46805 and a command injection issue tracked as CVE-2024-21887.

According to security researchers at Egress, email security remained top of mind for cybersecurity professionals in 2023 as over nine in ten (94%) cyber decision-makers had to deal with a phishing attack.  This is up 2% from the previous year.  The researchers found that the top three phishing techniques used throughout 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts.

Security researchers at Microsoft and the Pacific Northwest National Laboratory (PNNL) have used artificial intelligence (AI) and supercomputing to discover a brand new substance which could reduce lithium use in batteries.  The researchers say that the material could potentially reduce lithium use by up to 70%.  Since its discovery, the new material has been used to power a lightbulb.