New Zealand
Story image

MacOS High Sierra zero-day shows Keychain passwords in plain text

27 Sep 2017
Sara Barker
Share:
LinkedIn
Twitter
Facebook

MacOS users who are starting the upgrade to High Sierra – and  those who are using El Capitan – are vulnerable to a proof-of-concept attack that shows their online passwords in plain text, according to Synack security researcher Patrick Wardle.

He discovered that Mac Keychain, a native password management tool, can store online account usernames and passwords in plain text, allowing malicious applications direct access to the account details. However, the Keychain is generally protected by a master password.

Wardle revealed the details in a video that showed a demonstration of the attack.

 

Related stories:
Education prime target for cyber attacks, report finds
September’s top malware, Emotet botnet strikes again – Check Point
Public dataset to help researchers predict malicious activity unveiled
Disruptionware emerges as newest and nastiest cyber threat
Malware hiding on popular content delivery networks - WatchGuard
Apple issues clarification on extent of iOS malware infection
Dig deeper:
Story image
07 Oct
WatchGuard releases cloud-based service to automatically block phishing attempts
DNSWatchGO aims to fill security gap beyond the network perimeter, as new research shows 64% of remote users have fallen victim to a cyber-attack.More
Story image
04 Oct
Are Fortune 500 companies failing at cyber security? 
"Lax security and its resulting breaches have long-term repercussions for organisations as well as their customers, shareholders, partners, and other stakeholders."More
Story image
21 Oct
ManageEngine launches holistic take on privileged access security
PAM360 provides governance over privileged access entitlements, correlation of privileged access data with other IT management platforms.More
Story image
17 Oct
How to achieve secure, flexible and scalable IaaS - Bitglass
While using IaaS brings many advantages, it also raises unique data leakage concerns that must be addressed in order to maintain robust cybersecurity.More
Story image
14 Oct
September’s top malware, Emotet botnet strikes again – Check Point
Check Point’s researchers report that the notorious botnet has been reactivated and is spreading active campaigns again.More
Story image
10 Oct
Nuance announces updates to biometric fraud detection offering
A recent Nuance survey found 1 in 4 people have fallen victim to fraud in the last twelve months, each person losing an average of $2,000 due to inefficient passwords.More
Story image
WatchGuard releases cloud-based service to automatically block phishing attempts
DNSWatchGO aims to fill security gap beyond the network perimeter, as new research shows 64% of remote users have fallen victim to a cyber-attack.More
Story image
Are Fortune 500 companies failing at cyber security? 
"Lax security and its resulting breaches have long-term repercussions for organisations as well as their customers, shareholders, partners, and other stakeholders."More
Story image
ManageEngine launches holistic take on privileged access security
PAM360 provides governance over privileged access entitlements, correlation of privileged access data with other IT management platforms.More
Story image
How to achieve secure, flexible and scalable IaaS - Bitglass
While using IaaS brings many advantages, it also raises unique data leakage concerns that must be addressed in order to maintain robust cybersecurity.More
Story image
September’s top malware, Emotet botnet strikes again – Check Point
Check Point’s researchers report that the notorious botnet has been reactivated and is spreading active campaigns again.More
Story image
Nuance announces updates to biometric fraud detection offering
A recent Nuance survey found 1 in 4 people have fallen victim to fraud in the last twelve months, each person losing an average of $2,000 due to inefficient passwords.More
Download image
Whitepaper: The IT director’s role in creating a digital-ready environment
Businesses must update processes before moving to the cloud and also support emerging technologies such as AI, blockchain, IoT, robotics, and 3D manufacturing.More
Story image
Sophos launches managed threat response service
The resellable service provides organisations with a dedicated 24/7 security team to neutralise threats.More
Story image
Forcepoint increases cloud security presence to cover 128 countries
This PoP expansion brings Forcepoint services to virtually anywhere in the world while delivering optimal security and productivity enhancing capabilities. More
Story image
Atlassian to integrate Okta’s authentication solution in cloud products
This partnership enables Atlassian to focus on its core products while Okta solves for enterprise identity challenges, securing Atlassian customers.More
Story image
BlackBerry creates R&D lab to stay on security's cutting edge
BlackBerry has created a new cybersecurity research and development (R&D) unit comprised of more than 120 security experts to drive the company’s mission to drive security innovation.More
Story image
Unisys: Staying cyber safe during Rugby World Cup
“New Zealanders have registered their concerns about both their physical and cyber safety at large-scale events loudly and clearly, to the point of rethinking their plans to attend."More
Story image
WatchGuard releases new ruggedised network security appliance
The Firebox T35-R provides network security capabilities beyond traditional office settings and to industrial internet of things (IIoT).More
Download image
Whitepaper: How the threat hunting paradigm is evolving with APTs
The newest generation of cyberthreats presents significant challenges to the security community and changes how we need to view, implement and manage security operations.More
Story image
Fortune 500 companies failing to demonstrate cybersecurity commitment - Bitglass
The report found that 38% of the 2019 Fortune 500 do not have a chief information security officer (CISO).More
Story image
Trend Micro acquires Cloud Conformity to expand capabilities
The acquisition resolves often overlooked security issues caused by cloud infrastructure misconfiguration.More
Download image
Whitepaper: Why businesses needs to invest in cloud expertise urgently
Four in 10 IT decision makers (40%) are concerned that they cannot keep pace with cloud technology’s evolution and demands.More
Download image
How to unlock the full breadth of your AWS deployment’s potential
A secure and high-performing cloud journey is at its best when it’s a shared experience – one of learning and exchanging knowledge between trusted partners.More
Story image
This is what our kids will hate us for: IoT devices 'asbestos of the future' 
"The proliferation of stupid internet-connected smart devices will be the IT asbestos of the future.More
Story image
Social media a growing business risk across Asia Pacific
Organisations now face an even wider risk landscape, as they seek to tackle emerging digital threats and deal with complex reputational and regulatory issues. More
Download image
Seven experts talk security automation & analytics
"It all comes back to understanding your capabilities, building your playbooks, and finding a tool that can help you automate. That’s the path you have to go take, because without automation, you’re an easy target.”More
Story image
Orca Tech onboards auto penetration testing company
The cybersecurity and analytics VAD has formed an agreement with the Israeli company Pcysys.More
Story image
Lack of IT security input in DevOps creates unnecessary risk 
The lack of security involvement in DevOps projects was reportedly creating cyber risk for IT leaders.  More
Story image
Ping Identity releases self-service IAM solution
The solution addresses common tasks across the Ping Intelligent Identity platform with simple, self-service workflows and standardised templates that can be delegated to business users.More
Story image
Aura InfoSec grows Wellington team
Aura Information Security has selected Christo Gouws as its new senior security consultant.More
Story image
Public dataset to help researchers predict malicious activity unveiled
The dataset comprises 51.6 malicious activity reports involving 662,000 unique IP addresses across the globe. More
Story image
Trustwave introduces dashboard to manage security testing
Through point-and-click navigation, users can scan business-critical applications to search for unpatched vulnerabilities, exploitable code or evidence of malicious activity. More
ESG puts Juniper Networks security solutions to the test
With a multitude of solutions on the market, ESG decided to use malware attacks to evaluate market solutions like Juniper Networks’ automated threat detection and remediation.More
IBM announces z15 with new data privacy capabilities
The IBM z15 is a new enterprise platform delivering the ability to manage the privacy of customer data across hybrid multicloud environments.More
DXC Connect named ExtraHop’s 2019 Breakthrough Partner
DXC Connect has built out a major service offering focused on the ExtraHop suite of cloud-native network detection and response (NDR) solutions.More
ComCom faces security breach from stolen computer equipment
The Commission was informed last week that more than 200 meeting and interview transcripts across a range of the Commission’s work were contained on computer equipment stolen in a burglary.More
NZ information security award finalists revealed
The iSANZ Awards were established five years ago to recognise the achievements of New Zealanders in the country’s information security (InfoSec) and cybersecurity field. More
Manage Windows 10 with the most simple, intuitive toolset available
Mobile Mentor’s solution comes with built-in best practice security policies, round-the-clock employee support and bundled endpoint management.More
Whitepaper: Designing a secure data centre from the ground up
How to decide which security functions to deploy and where you want to deploy them in your data centre.More
Whitepaper: How businesses can stay secure in the cloud with MSSPs
The changing landscape of risk demands decisive action from information security specialists.More
ESET discovers campaign stealing bitcoins from darknet users
ESET researchers have discovered a trojanised Tor Browser that cybercriminals use to steal bitcoins from darknet market buyers.More
Major security, privacy and ethical blindspots in AI development
Security, privacy and ethics are low-priority issues for developers when modelling their machine learning solutions.More
The key performance metrics to monitor for perfect server visibility
Organisations need to have server monitoring tools that cover the right performance indicators that fit the applications they have running on their servers. More
Symantec updates endpoint security offering
The Symantec Endpoint Security (SES) brings automated assistance with security management to evaluate risks and take action to secure their organisation.More
Sophos Cloud Optix SaaS offering now on AWS Marketplace
Endpoint and network security firm Sophos has now launched its Sophos Cloud Optix SaaS offering on Amazon Web Services (AWS) Marketplace.More
E-book: Ten steps to automate network security
The modern cybersecurity landscape is continually evolving with new, sophisticated malware and attack techniques that threaten enterprises on a massive scale.More
NetScout's Arbor Networks cybersecurity play shows fruit
We look at the how the vendors cybersecurity strategy has come togetherMore
LogRhythm releases True Unlimited Data Plan for SIEM
CISOs are feeling the brunt of rising data volumes as the cost to protect the vast amount of data in their environment might double — or even triple — year over year. More
Gartner names SailPoint Leader in identity governance for the sixth time
Users today encompass both human and non-human users; applications, data and infrastructure are no longer purely on-premise but largely live in the cloud today.More
Elastic launches endpoint security offering
The offering is based on its acquisition of Endgame, a company focusing on threat prevention, detection, and response based on the MITRE ATT&CK matrix.More
More stories