sb-nz logo
Story image

MacOS High Sierra zero-day shows Keychain passwords in plain text

27 Sep 2017
Sara Barker
Share:

MacOS users who are starting the upgrade to High Sierra – and  those who are using El Capitan – are vulnerable to a proof-of-concept attack that shows their online passwords in plain text, according to Synack security researcher Patrick Wardle.

He discovered that Mac Keychain, a native password management tool, can store online account usernames and passwords in plain text, allowing malicious applications direct access to the account details. However, the Keychain is generally protected by a master password.

Wardle revealed the details in a video that showed a demonstration of the attack.

Related stories:
Check Point exposes Android malware vendor using dark net to rebrand products
A brief history of cyber-threats — from 2000 to 2020
Emotet remains leading malware in global threat index
WatchGuard report tracks rise of network attacks in Q3
Malwarebytes expands protection suite, with focus on protecting remote workers
DDoS campaigns, BEC scams & Emotet: CERT NZ reports top security threats
Dig deeper:
Synack Malware Apple macOS
Story image
New year, time to update your passwords
The most popular passwords of 2020 were easy-to-guess number combinations, such as 123456, the word password, qwerty, iloveyou, and other uncomplicated options.More
Story image
The top search terms from IT execs in 2020
Covid, cybersecurity and operating models were amongst the most searched terms by IT executives in 2020, according to the analyst firm.More
Story image
Alibaba Cloud and LGMS tackle hybrid and multi-cloud security
Alibaba Cloud and LGMS, a cybersecurity consulting company, are teaming up to tackle the challenge of security around digital transformation and hybrid cloud.More
Story image
Christmas tech gifts pose cybersecurity risks - ProofPoint
Fraudsters are targeting last-minute Christmas shoppers via email and hackers are targeting electronic devices that feature on many wish lists.More
Story image
Telcos plagued by DNS attacks, but budgets should focus elsewhere
“What is most attacked, or hardest to defend, is not always the same."More
Story image
Ministry of Health successfully completes COVID-19 tracing technology trial
The New Zealand Ministry of Health, the New Zealand Government's principal advisor on health and disability, completed the community-led Bluetooth contact tracing technology trial in Rotorua.More
Story image
New year, time to update your passwords
The most popular passwords of 2020 were easy-to-guess number combinations, such as 123456, the word password, qwerty, iloveyou, and other uncomplicated options.More
Story image
The top search terms from IT execs in 2020
Covid, cybersecurity and operating models were amongst the most searched terms by IT executives in 2020, according to the analyst firm.More
Story image
Alibaba Cloud and LGMS tackle hybrid and multi-cloud security
Alibaba Cloud and LGMS, a cybersecurity consulting company, are teaming up to tackle the challenge of security around digital transformation and hybrid cloud.More
Story image
Christmas tech gifts pose cybersecurity risks - ProofPoint
Fraudsters are targeting last-minute Christmas shoppers via email and hackers are targeting electronic devices that feature on many wish lists.More
Story image
Telcos plagued by DNS attacks, but budgets should focus elsewhere
“What is most attacked, or hardest to defend, is not always the same."More
Story image
Ministry of Health successfully completes COVID-19 tracing technology trial
The New Zealand Ministry of Health, the New Zealand Government's principal advisor on health and disability, completed the community-led Bluetooth contact tracing technology trial in Rotorua.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
The best DDoS protection depends on the use case
On-demand, always-on and hybrid models provide different services for different needs, writes Radware product marketing manager Eyal Arazi.More
Story image
Quantea and Attivo Networks launch joint network security solution
"Attivo and Quantea together provide advanced, real-time, in-network threat detection and improved incident response."More
Story image
Kaspersky discovers COVID-19 research related cyber threats
Kaspersky researchers have identified two APT incidents that targeted entities related to COVID-19 research - a Ministry of Health body and a pharmaceutical company. More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
PDI acquires Cybera and ControlScan MSS to protect against security threats
The acquisition complements PDI's existing industry-focused cloud product strategy, bringing customers a fully managed, cloud-based network security solution, the company states.More
Story image
Trend Micro unveils world first cloud-native file storage security
"The explosion of cloud-based file and object storage presents a new attack vector for threat actors to target with malicious files."More
Story image
Top security threats for 2021
2021 will see several themes develop into full blown security threats, many of them borne from the struggles of pandemic-stricken 2020, writes Wontok head of technology Mick Esber.More
Story image
UPDATED: RBNZ ascribes data breach to third-party file sharing service
“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” says RBNZ Governor.More
Story image
Holistic web protection market to reach $3.63bn by 2025
Retail, banking and technology sectors are driving the global holistic web protection market, according to new findings from Frost and Sullivan. More
Story image
LogRhythm buys out MistNet to bolster analytics capabilities
LogRhythm says its aim is to bring stronger levels of machine learning-based detection and response.More
Story image
5G flaws allow criminals to steal data, cut access to the web
"There is a risk that attackers will take advantage of standalone 5G networks while they are being established and operators are getting to grips with potential vulnerabilities."More
Story image
How the editorial team works at Techday: Our tips for you
Preparing your releases in a particular way will not only make our lives easier, but improve the chances of your lead being picked among the masses.More
Story image
BackupAssist partners with Wasabi for greater cyber-resilience
This partnership provides customers with an up to 80% less expensive solution that is faster than the competition for achieving enterprise-grade cyber-resilience, the company states. More
Story image
Dark net vendors wanting Bitcoin payments for unverified COVID-19 vaccines
As the medicines are being offered on the dark net, purchasers have no way of knowing whether they are genuine, according to Check Point.More
Story image
Swann home security kit recognised for innovation
The new 4K NVR Enforcer Kit was named a 2021 CES Innovation Award Honouree.More
Story image
SASE vs zero trust – or the best of both worlds
Zero trust and SASE work together by converging a least-privilege access strategy with an architecture that simplifies how highly distributed users, BYOD, and cloud resources are secured.More
Story image
Fortinet promises free cybersecurity training until skills gap trend reverses
"We are committed to continue offering the entire catalogue of self-paced Network Security Expert training at no cost until we see the skills gap trend reverse."More
Story image
Microsoft top targeted brand by cyber criminals in Q4 2020
In Q4, 43% of all brand phishing attempts related to Microsoft (up from 19% in Q3), as threat actors continued to try to capitalise on people working remotely during the COVID-19 pandemic’s second wave. More
Story image
Scammers target victims using COVID vaccine news
Security experts are warning consumers to watch for phishing attempts linked to vaccine news. More
Story image
WatchGuard report tracks rise of network attacks in Q3
WatchGuard’s Q3 2020 Internet Security Report has called to attention the rise in attacks on corporate networks, even as many organisations shifted to remote work.More
StorageCraft launches latest SMB data recovery solution
ShadowProtect SPX 7 is the next edition of the company's ShadowProtect offering, which is a SMB data recovery solution. More
Gartner names Zscaler the only leader in Magic Quadrant for Secure Web Gateways
"Legacy technology is an inhibitor to digital transformation."More
QNAP launches new desktop smart edge PoE switch
Includes 16 x 30-watt Gigabit PoE ports, 2 x 2.5GbE host management ports, Intel J4125 quad-core 2.0 GHz processor, and 4 x 3.5-inch SATA drive bays.More
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
22 billion records exposed from breaches in 2020 — report
The research also found that 35% of the breaches recorded by Tenable were caused by ransomware attacks, while 14% of breaches stemmed from email compromises.More
COVID sees 400% surge in cyber crime
"The current global pandemic has restrained the world, creating a perfect environment for cybercriminals to flourish."More
Hackers in your bedroom: Hackers targeting smart sex toys
A group of researchers reported vulnerabilities in an internet-enabled male chastity cage. More
Cybersecurity spending to increase following SolarWinds hacking
Hackers breached software provider SolarWinds, directly infecting the company’s Orion software as well as several local, state and federal agencies.More
SOC as a Service market on the up, driven by greater focus on security
The global System On a Chip (SOC) as a Service market is set to reach US$676.8 million by 2026, according to a new study from Valuates Reports. More
Cybersecurity strategies must involve every part of the organisation - study
In the past year, a third of the breaches incorporated social engineering techniques and the cost of a breach caused by a human error averaged to $3.33 million. More
Cyberattacks on healthcare organisations "out of control" - Check Point
There has been a 45% increase in cyberattacks on healthcare organisations worldwide in the last two months, making healthcare the most targeted industry by cyber criminals.More
New research reveals evolving tactics attackers use to trick victims
"Attackers prefer to use COVID-19 in their less targeted scamming attacks that focus on fake cures and donations."More
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
2020 saw a surge in detected malicious files — Kaspersky
Kaspersky detected more trojans, backdoors and worms than last year, representing an overall 5.2% increase in detected malicious files year-on-year.More
A brief history of cyber-threats — from 2000 to 2020
Many significant cybersecurity events have occurred since the year 2000 — not every one of them ‘firsts’, but all of them correlating with a change in security behaviour or protection.More
Online gaming a 'hotbed' for DDoS attacks — report
The latency and availability issues present in online gaming, in particular, presented an attractive target to attackers, in addition to the enduring popularity of gaming in the era of COVID-19.More
McAfee names ThreatQ innovation partner of the year
ThreatQuotient has been named McAfee Global Security Innovation Alliance Partner of the Year for the second consecutive year.More
Emotet remains leading malware in global threat index
The malware has impacted 7% of organisations globally, following a spam campaign which targeted more than 100,000 users per day during the holiday season.More
More stories