The U.S. State Department recently announced that it is rewarding up to $10 million for information that could help locate, identify, or arrest key leadership positions in the Hive ransomware gang.  The FBI says this ransomware group had extorted roughly $100 million from over 1,300 companies across more than 80 countries between June 2021 and November 2022.  The U.S.

A new version of the XLoader Android malware executes automatically on infected devices, thus requiring no user interaction to run. XLoader, also known as MoqHao, is an Android malware operated and most likely created by the financially motivated threat group called Roaming Mantis, which has previously targeted users in the US, UK, Germany, France, Japan, South Korea, and Taiwan. The malware is primarily distributed via SMS text with a shortened URL pointing to a website containing an Android APK installation file for a mobile app.

The threat actors behind HijackLoader, a loader malware, have added new defense evasion techniques, as other malicious actors increasingly use the malware to deliver additional payloads and tools. CrowdStrike researchers reported that the malware developer used a standard process hollowing technique in conjunction with an additional trigger activated by the parent process writing to a pipe, making defense evasion more stealthy. HijackLoader was first identified by Zscaler ThreatLabz in September 2023 as a conduit for delivering DanaBot, SystemBC, and RedLine Stealer.

LastPass has recently warned that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials.  The company noted that the fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface made to appear close to the brand's authentic design.  However, the fake app's name is "LassPass," instead of "LastPass," and it has a publisher named "Parvati Patel." In addition, there's only a single rating (the real app has over 52 thousand), with only four reviews that warn about it being fake.

According to security researchers at Nozomi Networks, threat actors are targeting operational technology (OT) and Internet of Things (IoT) environments with increasing sophistication and have a growing attack surface of vulnerabilities to help them do so.  The researchers revealed that 885 new ICS-CERT vulnerabilities were disclosed during the second half of 2023, impacting 74 vendors.  The researchers noted that the "critical manufacturing" sector was by far the worst affected, with related CVEs rising 230% over the previous six months to 621 for the second half of 2023.

A team at Ohio State University has received a grant from the Ohio Department of Higher Education's Third Frontier Research Incentive Program to develop long-distance quantum networks and advance cybersecurity throughout the state. The project aims to create technologies enabling statewide Quantum Key Distribution (QKD), which will transform how secure communication is established over long distances. Results could allow cities such as Columbus, Cleveland, Toledo, and Cincinnati to communicate securely, making Ohio a leader in quantum network development.

Dr. Jodi Asbell-Clarke, a senior leader at TERC, brings further attention to how neurodiversity can help address the cybersecurity workforce shortage. She emphasizes that many people with ADHD, autism, dyslexia, and other neurodiverse conditions could bring new perspectives to help organizations solve cybersecurity challenges. One ISC2 recommendation for filling the cybersecurity workforce gap is to recruit a more diverse population, as cybersecurity work requires a wide range of skills at various levels. Problem-solving makes up a significant part of the workload.

Security researcher Kevin Beaumont warns that the Akira and LockBit ransomware groups are attempting to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities. They are focusing on vulnerabilities for which patches have been released in 2020 and 2023. Cisco ASA devices are widely used in organizations of all sizes, and they are often targeted by attackers who exploit unpatched vulnerabilities, conduct credential-stuffing attacks, and perform targeted brute-force attacks.

The personal information of 33 million French citizens could be exposed after two French health insurance operators suffered a data breach recently.  Viamedis, France’s leading provider of medical third-party payment, confirmed on February 1 that it had suffered a data breach.  Medical third-party payment is a French system in which a health insurance provider advances the patient fee for a medical service on behalf of the national social security services.  Viamedis is the payment operator for a number of such health insurance providers.

Security researcher Stacksmashing cracked Microsoft's BitLocker encryption in 43 seconds using a $4 Raspberry Pi Pico mini-PC. BitLocker encryption is a standard feature in Windows 11 Pro Enterprise and Education that aims to protect data. According to the ethical hacker, malicious parties can evade BitLocker encryption by directly accessing the hardware and filtering the encryption keys from the Trusted Platform Module (TPM) via the LPC bus. The activity is possible because of a design flaw in devices with dedicated TPMs.