Security researcher Kevin Beaumont warns that the Akira and LockBit ransomware groups are attempting to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities. They are focusing on vulnerabilities for which patches have been released in 2020 and 2023. Cisco ASA devices are widely used in organizations of all sizes, and they are often targeted by attackers who exploit unpatched vulnerabilities, conduct credential-stuffing attacks, and perform targeted brute-force attacks.

The personal information of 33 million French citizens could be exposed after two French health insurance operators suffered a data breach recently.  Viamedis, France’s leading provider of medical third-party payment, confirmed on February 1 that it had suffered a data breach.  Medical third-party payment is a French system in which a health insurance provider advances the patient fee for a medical service on behalf of the national social security services.  Viamedis is the payment operator for a number of such health insurance providers.

Security researcher Stacksmashing cracked Microsoft's BitLocker encryption in 43 seconds using a $4 Raspberry Pi Pico mini-PC. BitLocker encryption is a standard feature in Windows 11 Pro Enterprise and Education that aims to protect data. According to the ethical hacker, malicious parties can evade BitLocker encryption by directly accessing the hardware and filtering the encryption keys from the Trusted Platform Module (TPM) via the LPC bus. The activity is possible because of a design flaw in devices with dedicated TPMs.

The National Security Agency (NSA) has partnered with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the UK National Cyber Security Center (NSC-UK) on a Cybersecurity Technical Report (CTR) titled "Identifying and Mitigating Living Off the Land Techniques," which provides guidance on how to defend against common Living Off the Land (LOTL) methods. Instead of placing malicious code into a system, LOTL threats exploit existing system tools to bypass security measures, making cyberattacks more difficult to detect and mitigate.

"The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States."

Google has recently launched a pilot program aimed at enhancing financial fraud protection for Android users in Singapore.  To address security concerns associated with standalone app distribution sources like web browsers and messaging apps, Google introduced enhanced real-time scanning through Google Play Protect in October 2023.  Google noted that this feature aims to detect and block malicious apps, particularly those downloaded from the internet, thereby enhancing user safety.

According to a new SecurityScorecard report, in 2023, 90 percent of the world's top energy companies experienced data breaches caused by third parties. Their growing reliance on digital systems causes an increase in attacks on infrastructure networks. The breaches have resulted in financial losses, damaged reputations, and eroded trust. There were 264 reported breaches in the energy sector stemming from third-party issues. Confirmed third-party breaches affected the top ten energy companies in the US.

The China-backed hacking group Volt Typhoon failed to revive a botnet recently shut down by the FBI. The botnet had previously been used in attacks against US critical infrastructure. Before the KV-botnet was taken down, it enabled the Volt Typhoon threat group to evade detection by proxying malicious activity through hundreds of compromised Small Office/Home Office (SOHO) routers. On December 6, the FBI obtained a court order authorizing it to dismantle the botnet.

Mitsubishi Electric recently announced that two potentially serious vulnerabilities have been found in their factory automation products.  Mitsubishi Electric said several factory automation (FA) products are impacted by a high-severity authentication bypass and a critical remote code execution vulnerability.  Impacted products include EZSocket, FR Configurator2, GT Designer3, GX and MT Works, MELSOFT Navigator, and MX.

An international initiative involving over 35 nations aims to combat hack-for-hire operations. At a recent conference, countries led by the US, UK, and France, together with companies including Google, Apple, BAE Systems, and Microsoft, signed a declaration called the "Pall Mall Process." The goal is to establish guiding principles and policy options for states, industry, and civil society regarding developing and implementing commercially available cyber intrusion capabilities.