Hive Systems recently released the results of its latest annual analysis of password cracking through brute-force attacks. The company has been conducting this study for several years and has previously targeted passwords hashed with the widely used MD5 algorithm. In many cases, MD5 hashes can be easily cracked, so organizations are increasingly turning to more secure algorithms, specifically Bcrypt. Bcrypt is not the most secure, but according to Hive's collection of data from the Have I Been Pwned breach notification service, it has grown in use in recent years.

South Korean police recently revealed a major hacking campaign that lasted more than a year, allowing hackers from North Korea to steal defense secrets. A report from the Korean National Police Agency (KNPA) published recently blamed the campaign on three North Korean state-backed groups: Lazarus, Kimsuky, and Andariel. The KNPA claimed that the groups targeted as many as 83 defense contractors and subcontractors and managed to steal sensitive information from 10 of them between October 2022 and July 2023.

Google recently announced the availability of a Chrome 124 update that patches four vulnerabilities, including a critical security hole. Google noted that the critical vulnerability, tracked as CVE-2024-4058, is a type confusion bug in the ANGLE graphics layer engine. Google has credited two members of Qrious Secure for reporting CVE-2024-4058. They have been awarded a $16,000 bounty for their findings. Google has not mentioned if CVE-2024-4058 is being exploited in the wild.

Researchers from the Massachusetts Institute of Technology (MIT) and the MIT-IBM Watson AI Lab developed a new chip that can efficiently accelerate Machine Learning (ML) workloads on edge devices such as smartphones while securing sensitive user data against two common types of attacks: side-channel attacks and bus-probing attacks. Health-monitoring apps can be slow and energy-inefficient as the ML models behind them must be shuttled between a smartphone and a central memory server.

By aekwall 

According to AG Security Research, vulnerabilities impacting Microsoft's PlayReady content access and protection technology enable rogue subscribers to illegally download movies from popular streaming services. Adam Gowdiak, founder and CEO of AG Security Research, conducted the study over several months. PlayReady is a media file copy-prevention technology that includes encryption, output prevention, and Digital Rights Management (DRM).

North Korean hackers have been exploiting eScan antivirus' updating mechanism to install backdoors on large corporate networks and deliver cryptocurrency miners via "GuptiMiner" malware. GuptiMiner is described as "a highly sophisticated threat" capable of making Domain Name System (DNS) requests to the attacker's DNS servers, extracting payloads from images, signing payloads, and performing Dynamic Link Library (DLL) sideloading.