Story image

MacOS High Sierra zero-day shows Keychain passwords in plain text

MacOS users who are starting the upgrade to High Sierra – and those who are using El Capitan – are vulnerable to a proof-of-concept attack that shows their online passwords in plain text, according to Synack security researcher Patrick Wardle.

He discovered that Mac Keychain, a native password management tool, can store online account usernames and passwords in plain text, allowing malicious applications direct access to the account details. However, the Keychain is generally protected by a master password.

Wardle revealed the details in a video that showed a demonstration of the attack.

New malware strain targeting Mac users for only $49>>

Cyber incidents on the rise as ransomware accounts for two thirds of all malware attacks>>

Data requests to Apple, Google, Facebook and Microsoft triple as surveillance escalates>>

New phishing simulator helps organisations strengthen cybersecurity>>

McAfee reports a surge of malware hidden in COVID-19 vaccine appointments >>

Traditional solutions fail to secure organisations against today's malware>>

Story image

10 Minute IT Jams

Video: 10 Minute IT Jams - Who is Fastly?>>

Story image

Cost of a data breach hits record high during pandemic - IBM>>

Story image

Risky business: Majority of workers take cybersecurity shortcuts despite knowing dangers>>

Story image

Security professionals unprepared for escalating software supply chain attacks>>

Story image

How Microsoft security infrastructure can sink a business>>

Link image

How do you break a hacker’s heart? Find out on 5 August>>

Story image

Cyber attackers will have weaponised operational technology environments to harm or kill humans - Gartner>>

Story image

Tech support scams remain a global threat - Microsoft>>

Link image

Privileged Access Management / PAM

Demo: Showdown between Darkside ransomware and BeyondTrust solution

In this demonstration, BeyondTrust's lead security researcher pits the company's Privilege Management solution against Darkside's ransomware.>>

Story image

CEOs, CISOs doubling down on cloud-based cybersecurity

“Industry leaders are emphatically pointing to a very different future for cybersecurity.">>

Story image

Ready, set, scam: Cybercriminals targeting Olympic Games fans

Olympic-related phishing websites are designed to steal users credentials.>>

Story image

Rise in hacking tool downloads as cybercrime becomes 'more organised than ever'

"The proliferation of pirated hacking tools and underground forums are allowing previously low-level actors to pose serious risks to enterprise security.">>

Story image

Microsoft partners with AustCyber to launch cybersecurity traineeship program

Microsoft is partnering with AustCyber to launch a new cybersecurity traineeship program.>>

Story image

Video: 10 Minute IT Jams - Traditional cybersecurity vs data protection

Forcepoint's channel director discusses the differences between cybersecurity and data protection and how to improve data protection capabilities.>>

Story image

State-affiliated threat actors attribute 57% of all known web app incidents over last five years - Report

According to a multi-source report, state-affiliated threat actors attributed to 57% of all known web application incidents over the last five years.>>

Story image

Verified Mark Certificates

Entrust launches Verified Mark Certificates to support BIMI email authentication standard

“By encouraging the deployment of DMARC and promoting its adoption, BIMI benefits the whole email ecosystem to promote strong sender authentication.”>>

Story image

Avast and RiskIQ announce threat intelligence partnership

Digital security and privacy company Avast, and RiskIQ, an internet security intelligence company, have announced a threat intelligence partnership. >>

Story image

Network Detection and Response / NDR

Sophos to boost adaptive cybersecurity ecosystem with network detection and response

"Businesses of all sizes often miscalculate their assets and attack surface, both on-premises and in the cloud.">>

Story image

Endpoint detection and response / EDR

Fortinet: Extended Detection and Response (XDR) critical for security automation

Jon McGettigan, Fortinet A/NZ Regional Director, explains why more and more enterprises are adopting XDR (extended detection and response) capabilities to reduce MTTD (mean time to detection) and apply AI techniques to fast-track MTTR (mean time to response).>>

Story image

Sysdig eyes up DevOps security capabilities through Apolicy acquisition

“With Apolicy, Sysdig delivers a secure DevOps workflow for infrastructure and workloads and automatically closes the loop from production to source by fixing issues identified at runtime," says Sysdig CEO.>>

Story image

Online dating users doxed as personal data exposed

"You might find the love of your life online but unfortunately, there are also bots and fraudsters looking for prey on dating platforms."online >>

Story image

Fortinet wins Google Cloud Global Technology Partner of the Year award for Security

Fortinet has announced it received the 2020 Google Cloud Global Technology Partner of the Year award for Security. >>

Story image

Google intensifies NZ ops with cloud interconnect location, new hires & Auckland office

The company has launched a Google Cloud Dedicated Interconnect location in Auckland, and a new AUNZ Google Cloud region in Melbourne, Australia.>>

Story image

Colt further secures hybrid working with new SD-WAN feature>>

Story image

Claroty launches research arm dedicated to revealing critical vulnerabilities>>

Story image

Tech support scams among top phishing attacks>>

Story image

$10 million bug bounty fund for projects building on Binance Smart Chain>>

Story image

Privileged Access Management / PAM

Thycotic and Centrify named as Leaders in Gartner MQ for Privileged Access Management>>

Story image

Microsoft tops list for most imitated brands for phishing attempts>>

Story image

Fatigued IT teams losing the war on phishing>>

Story image

How PAM can help to prevent major security disasters like Colonial Pipeline>>

Story image

Solving the problem of privilege with zero trust security>>

Story image

Privileged Access Management / PAM

Why BeyondTrust privileged access management matters on AWS>>

Story image

Microsoft partners with Vectra AI on Zero Trust security framework>>

Story image

Rapid7 acquires IntSights, develops contextualised threat intelligence>>

Story image

What Is TLS 1.2 — and why should we still care?>>

Story image

Cybersecurity roadblocks: 5 things leaders need to act on now>>

Story image

10 Minute IT Jams

Video: 10 Minute IT Jams - BeyondTrust on securing critical infrastructure>>

Story image

Privileged Access Management / PAM

OneLogin solution to enable organisations to adopt Zero Trust principle of least privilege access>>

Story image

Interview: Infosys CISO Vishal Salvi on cybersecurity and Cyber Defence Centres>>

Story image

Application testing

The importance of data masking and testing in an evolving organisational landscape>>