The threat actors behind HijackLoader, a loader malware, have added new defense evasion techniques, as other malicious actors increasingly use the malware to deliver additional payloads and tools. CrowdStrike researchers reported that the malware developer used a standard process hollowing technique in conjunction with an additional trigger activated by the parent process writing to a pipe, making defense evasion more stealthy. HijackLoader was first identified by Zscaler ThreatLabz in September 2023 as a conduit for delivering DanaBot, SystemBC, and RedLine Stealer.

LastPass has recently warned that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials.  The company noted that the fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface made to appear close to the brand's authentic design.  However, the fake app's name is "LassPass," instead of "LastPass," and it has a publisher named "Parvati Patel." In addition, there's only a single rating (the real app has over 52 thousand), with only four reviews that warn about it being fake.

According to security researchers at Nozomi Networks, threat actors are targeting operational technology (OT) and Internet of Things (IoT) environments with increasing sophistication and have a growing attack surface of vulnerabilities to help them do so.  The researchers revealed that 885 new ICS-CERT vulnerabilities were disclosed during the second half of 2023, impacting 74 vendors.  The researchers noted that the "critical manufacturing" sector was by far the worst affected, with related CVEs rising 230% over the previous six months to 621 for the second half of 2023.

A team at Ohio State University has received a grant from the Ohio Department of Higher Education's Third Frontier Research Incentive Program to develop long-distance quantum networks and advance cybersecurity throughout the state. The project aims to create technologies enabling statewide Quantum Key Distribution (QKD), which will transform how secure communication is established over long distances. Results could allow cities such as Columbus, Cleveland, Toledo, and Cincinnati to communicate securely, making Ohio a leader in quantum network development.

Dr. Jodi Asbell-Clarke, a senior leader at TERC, brings further attention to how neurodiversity can help address the cybersecurity workforce shortage. She emphasizes that many people with ADHD, autism, dyslexia, and other neurodiverse conditions could bring new perspectives to help organizations solve cybersecurity challenges. One ISC2 recommendation for filling the cybersecurity workforce gap is to recruit a more diverse population, as cybersecurity work requires a wide range of skills at various levels. Problem-solving makes up a significant part of the workload.

Security researcher Kevin Beaumont warns that the Akira and LockBit ransomware groups are attempting to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities. They are focusing on vulnerabilities for which patches have been released in 2020 and 2023. Cisco ASA devices are widely used in organizations of all sizes, and they are often targeted by attackers who exploit unpatched vulnerabilities, conduct credential-stuffing attacks, and perform targeted brute-force attacks.

The personal information of 33 million French citizens could be exposed after two French health insurance operators suffered a data breach recently.  Viamedis, France’s leading provider of medical third-party payment, confirmed on February 1 that it had suffered a data breach.  Medical third-party payment is a French system in which a health insurance provider advances the patient fee for a medical service on behalf of the national social security services.  Viamedis is the payment operator for a number of such health insurance providers.

Security researcher Stacksmashing cracked Microsoft's BitLocker encryption in 43 seconds using a $4 Raspberry Pi Pico mini-PC. BitLocker encryption is a standard feature in Windows 11 Pro Enterprise and Education that aims to protect data. According to the ethical hacker, malicious parties can evade BitLocker encryption by directly accessing the hardware and filtering the encryption keys from the Trusted Platform Module (TPM) via the LPC bus. The activity is possible because of a design flaw in devices with dedicated TPMs.

The National Security Agency (NSA) has partnered with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the UK National Cyber Security Center (NSC-UK) on a Cybersecurity Technical Report (CTR) titled "Identifying and Mitigating Living Off the Land Techniques," which provides guidance on how to defend against common Living Off the Land (LOTL) methods. Instead of placing malicious code into a system, LOTL threats exploit existing system tools to bypass security measures, making cyberattacks more difficult to detect and mitigate.

"The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States."