According to Check Point Research (CPR), the developers behind the Raspberry Robin malware are now purchasing exploits to accelerate cyberattacks. Researchers believe an exploit developer is either on the Raspberry Robin payroll or a close contact who sells them to the group. CPR has observed how long it takes for vulnerability exploits to be incorporated as features of the malware. Raspberry Robin added exploits for vulnerabilities up to 12 months old in 2022, but this has been changed to those less than a month old.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) recently hosted an event titled "Boosting Water Sector Cybersecurity," which featured CISA Deputy Director Nitin Natarajan and EPA Director of the Water Infrastructure and Cyber Resilience Division David Travers. They emphasized the criticality of water sector cybersecurity. The event shared resources designed specifically for the water sector, including the Water and Wastewater Sector Cybersecurity Toolkit, released by CISA and the EPA on January 30, 2024.

The U.S. State Department recently announced that it is rewarding up to $10 million for information that could help locate, identify, or arrest key leadership positions in the Hive ransomware gang.  The FBI says this ransomware group had extorted roughly $100 million from over 1,300 companies across more than 80 countries between June 2021 and November 2022.  The U.S.

A new version of the XLoader Android malware executes automatically on infected devices, thus requiring no user interaction to run. XLoader, also known as MoqHao, is an Android malware operated and most likely created by the financially motivated threat group called Roaming Mantis, which has previously targeted users in the US, UK, Germany, France, Japan, South Korea, and Taiwan. The malware is primarily distributed via SMS text with a shortened URL pointing to a website containing an Android APK installation file for a mobile app.

The threat actors behind HijackLoader, a loader malware, have added new defense evasion techniques, as other malicious actors increasingly use the malware to deliver additional payloads and tools. CrowdStrike researchers reported that the malware developer used a standard process hollowing technique in conjunction with an additional trigger activated by the parent process writing to a pipe, making defense evasion more stealthy. HijackLoader was first identified by Zscaler ThreatLabz in September 2023 as a conduit for delivering DanaBot, SystemBC, and RedLine Stealer.

LastPass has recently warned that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials.  The company noted that the fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface made to appear close to the brand's authentic design.  However, the fake app's name is "LassPass," instead of "LastPass," and it has a publisher named "Parvati Patel." In addition, there's only a single rating (the real app has over 52 thousand), with only four reviews that warn about it being fake.

According to security researchers at Nozomi Networks, threat actors are targeting operational technology (OT) and Internet of Things (IoT) environments with increasing sophistication and have a growing attack surface of vulnerabilities to help them do so.  The researchers revealed that 885 new ICS-CERT vulnerabilities were disclosed during the second half of 2023, impacting 74 vendors.  The researchers noted that the "critical manufacturing" sector was by far the worst affected, with related CVEs rising 230% over the previous six months to 621 for the second half of 2023.

A team at Ohio State University has received a grant from the Ohio Department of Higher Education's Third Frontier Research Incentive Program to develop long-distance quantum networks and advance cybersecurity throughout the state. The project aims to create technologies enabling statewide Quantum Key Distribution (QKD), which will transform how secure communication is established over long distances. Results could allow cities such as Columbus, Cleveland, Toledo, and Cincinnati to communicate securely, making Ohio a leader in quantum network development.

Dr. Jodi Asbell-Clarke, a senior leader at TERC, brings further attention to how neurodiversity can help address the cybersecurity workforce shortage. She emphasizes that many people with ADHD, autism, dyslexia, and other neurodiverse conditions could bring new perspectives to help organizations solve cybersecurity challenges. One ISC2 recommendation for filling the cybersecurity workforce gap is to recruit a more diverse population, as cybersecurity work requires a wide range of skills at various levels. Problem-solving makes up a significant part of the workload.

Security researcher Kevin Beaumont warns that the Akira and LockBit ransomware groups are attempting to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities. They are focusing on vulnerabilities for which patches have been released in 2020 and 2023. Cisco ASA devices are widely used in organizations of all sizes, and they are often targeted by attackers who exploit unpatched vulnerabilities, conduct credential-stuffing attacks, and perform targeted brute-force attacks.