A team at Ohio State University has received a grant from the Ohio Department of Higher Education's Third Frontier Research Incentive Program to develop long-distance quantum networks and advance cybersecurity throughout the state. The project aims to create technologies enabling statewide Quantum Key Distribution (QKD), which will transform how secure communication is established over long distances. Results could allow cities such as Columbus, Cleveland, Toledo, and Cincinnati to communicate securely, making Ohio a leader in quantum network development.

Dr. Jodi Asbell-Clarke, a senior leader at TERC, brings further attention to how neurodiversity can help address the cybersecurity workforce shortage. She emphasizes that many people with ADHD, autism, dyslexia, and other neurodiverse conditions could bring new perspectives to help organizations solve cybersecurity challenges. One ISC2 recommendation for filling the cybersecurity workforce gap is to recruit a more diverse population, as cybersecurity work requires a wide range of skills at various levels. Problem-solving makes up a significant part of the workload.

Security researcher Kevin Beaumont warns that the Akira and LockBit ransomware groups are attempting to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities. They are focusing on vulnerabilities for which patches have been released in 2020 and 2023. Cisco ASA devices are widely used in organizations of all sizes, and they are often targeted by attackers who exploit unpatched vulnerabilities, conduct credential-stuffing attacks, and perform targeted brute-force attacks.

The personal information of 33 million French citizens could be exposed after two French health insurance operators suffered a data breach recently.  Viamedis, France’s leading provider of medical third-party payment, confirmed on February 1 that it had suffered a data breach.  Medical third-party payment is a French system in which a health insurance provider advances the patient fee for a medical service on behalf of the national social security services.  Viamedis is the payment operator for a number of such health insurance providers.

Security researcher Stacksmashing cracked Microsoft's BitLocker encryption in 43 seconds using a $4 Raspberry Pi Pico mini-PC. BitLocker encryption is a standard feature in Windows 11 Pro Enterprise and Education that aims to protect data. According to the ethical hacker, malicious parties can evade BitLocker encryption by directly accessing the hardware and filtering the encryption keys from the Trusted Platform Module (TPM) via the LPC bus. The activity is possible because of a design flaw in devices with dedicated TPMs.

The National Security Agency (NSA) has partnered with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the UK National Cyber Security Center (NSC-UK) on a Cybersecurity Technical Report (CTR) titled "Identifying and Mitigating Living Off the Land Techniques," which provides guidance on how to defend against common Living Off the Land (LOTL) methods. Instead of placing malicious code into a system, LOTL threats exploit existing system tools to bypass security measures, making cyberattacks more difficult to detect and mitigate.

"The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States."

Google has recently launched a pilot program aimed at enhancing financial fraud protection for Android users in Singapore.  To address security concerns associated with standalone app distribution sources like web browsers and messaging apps, Google introduced enhanced real-time scanning through Google Play Protect in October 2023.  Google noted that this feature aims to detect and block malicious apps, particularly those downloaded from the internet, thereby enhancing user safety.

According to a new SecurityScorecard report, in 2023, 90 percent of the world's top energy companies experienced data breaches caused by third parties. Their growing reliance on digital systems causes an increase in attacks on infrastructure networks. The breaches have resulted in financial losses, damaged reputations, and eroded trust. There were 264 reported breaches in the energy sector stemming from third-party issues. Confirmed third-party breaches affected the top ten energy companies in the US.

The China-backed hacking group Volt Typhoon failed to revive a botnet recently shut down by the FBI. The botnet had previously been used in attacks against US critical infrastructure. Before the KV-botnet was taken down, it enabled the Volt Typhoon threat group to evade detection by proxying malicious activity through hundreds of compromised Small Office/Home Office (SOHO) routers. On December 6, the FBI obtained a court order authorizing it to dismantle the botnet.