Here are the key takeaways from the SecureResearch Cyber Intelligence Briefs for January 10, 2025: Critical Priority Updates: Multiple vulnerabilities discovered in SonicWall SonicOS, Ivanti products, GitLab, and Juniper Networks products. These flaws enable remote code execution, privilege escalation, authentication bypass, and potential data compromise. Mozilla Thunderbird also contains vulnerabilities allowing for remote code execution, privilege escalation, and denial of service (DoS). High Priority Updates A vulnerability in HPE Aruba Networking products poses a risk of data breach by allowing attackers to bypass security policies. Bring Your Own Vulnerable Driver (BYOVD) attacks are increasing, particularly in ransomware operations. Attackers exploit vulnerable drivers to escalate privileges, disable security tools, and deploy malware. Notable Cyber Incidents: BayMark Health Services, a major US addiction treatment provider, suffered a data breach in September 2024. Attackers exfiltrated personal and health-related data. The Chinese hacking group MirrorFace has been targeting the Japanese government and politicians since 2019. The group aims to steal sensitive information, likely for geopolitical leverage. The US Treasury's Office of Foreign Assets Control (OFAC) was breached by the Chinese state-sponsored hacking group Silk Typhoon. The attack raises concerns about the security of national financial infrastructure. A zero-day vulnerability in Ivanti Connect Secure was exploited to deploy the new malware variants 'Dryhook' and 'Phasejam.' Fake CrowdStrike job offer emails are being used to distribute the XMRig cryptocurrency miner. Emerging Threat Trends: Increased exploitation of public-facing applications and remote services. Targeting of security and IT management tools to gain initial footholds. Attackers using valid accounts and weakening encryption to bypass defenses. Shift from advanced threat actors to the use of commoditized tools and techniques. Overall Risk Assessment: The current risk landscape is High to Critical. Strategic Recommendations: Immediately patch critical vulnerabilities. Audit security and IT management tools. Implement robust network segmentation, access controls, and monitoring. Enforce use of certified drivers and block legacy drivers. Educate users about phishing risks and implement strong identity and access management practices. For more information in the SecureResearch Daily Cyber Intelligence Brief, email info@secureresearch.com…