Threat Landscape Update Report January 2024

This document is a Threat Landscape Update Report for January 2024, detailing significant cybersecurity incidents and vulnerabilities. It outlines the exploitation of zero-day vulnerabilities in Ivanti Connect Secure VPN appliances, which have been actively targeted by multiple actors, leading to a substantial increase in compromised devices. The report also discusses the compromise of Microsoft by Russian state actors, highlighting the methods used, including a password spray attack that exploited a legacy OAuth application. Additionally, it addresses the broader trend of infrastructure and appliance compromises, noting vulnerabilities in various devices from other vendors like Citrix and Cisco. The report emphasizes the implications of these vulnerabilities, particularly concerning the management and security of appliances in enterprise environments. It also mentions the challenges faced by organizations in mitigating these risks and the importance of adhering to security best practices.