Story image

MacOS High Sierra zero-day shows Keychain passwords in plain text

By Sara Barker, Wed 27 Sep 2017
FYI, this story is more than a year old

MacOS users who are starting the upgrade to High Sierra – and those who are using El Capitan – are vulnerable to a proof-of-concept attack that shows their online passwords in plain text, according to Synack security researcher Patrick Wardle.

He discovered that Mac Keychain, a native password management tool, can store online account usernames and passwords in plain text, allowing malicious applications direct access to the account details. However, the Keychain is generally protected by a master password.

Wardle revealed the details in a video that showed a demonstration of the attack.

Video: 10 Minute IT Jams - BeyondTrust CTO discusses common attack vectors in 2021>>

Rackspace highlights top security challenges of today's organisations>>

Google uncovers phishing campaign targeting YouTube creators with cookie theft malware>>

Jamf unveils a range of new features at its 12th annual conference>>

Two of three Australian SMBs became victims of cyber-attacks over the past year>>

Trickbot remains top malware impacting NZ - report>>

Story image

Stolen data spreading even faster on the dark web - report>>

Story image

NZ organisations see cybersecurity boost as TechnologyOne upgrades platform>>

Story image

What exactly is 5G security, and why is it essential?>>

Story image

Productiv redefines employee experience with SaaS Intelligence solution>>

Story image

Security Operations Centre / SOC

AdvantageNZ takes the win at LogRhythm partner awards>>

Story image

CrowdStrike brings 'observability to everyone' with Humio release>>

Story image

LogRhythm announces winners of NZ Partner of the Year Awards>>

Link image

Motorola Solutions

It’s time to reimagine the retail experience>>

Story image

Crypto romance scam targeting iPhone users raking in millions

"Attackers are making millions of dollars with this scam," according to Sophos.>>

Story image

Artificial Intelligence / AI

Fortinet: Artificial intelligence essential to combat fast-moving threats

Cornelius Mare, Fortinet Australia CISO, explains how AI helps manage risk, reduce costs and improve operational efficiency. AI is most effective when deployed across the entire attack surface.>>

Story image

Technology, not training, protects users from phishing

Businesses should prioritise utilisation of readily available authentication technologies to prevent the ongoing phishing threat.>>

Story image

Pluralsight extends Skills offerings for cybersecurity, IT ops and development

With the introduction of these new labs, Pluralsight Skills now offers more than 900 lab-based hands-on learning experiences for technologists looking to close skills gaps and stay ahead of the pace of change.>>

Story image

Mergers and Acquisitions

Forcepoint acquires Bitglass to bolster Security Service Edge

“The acquisition will go a long way to addressing customers’ security needs across web, cloud, and data centre, particularly as hybrid and remote working environments.”>>

Story image

Two of three Australian SMBs became victims of cyber-attacks over the past year

SMBs in Asia Pacific are more worried about cybersecurity threats than before, research finds. >>

Story image

APAC organisations prioritising Zero Trust Security more than other regions

"It is imperative that businesses continue to be vigilant in anticipating new threats that emerge in this new digital landscape.">>

Story image

Cohesity unveils new SaaS solutions to combat ransomware attacks

The security and governance offerings keep customers a step ahead of bad actors launching sophisticated ransomware attacks.>>

Story image

Trickbot remains top malware impacting NZ - report

CPR observed a concerning increase of various malware impacting New Zealanders, with 16 additional malware families tied at tenth place for the month.>>

Story image

Okta releases new Workflows to simplify identity management

"The new availability and accessibility of Okta Workflows enables anyone to simply build identity use cases spanning all digital touchpoints, faster than ever before.">>

Story image

ManageEngine brings endpoint protection capabilities to enterprise customers

ManageEngine has added data loss prevention for endpoints, anti-ransomware and endpoint compliance capabilities to its unified endpoint management solution, Desktop Central.>>

Story image

Cyber Smart Week takes cybersecurity back to basics

Cyber Smart Week is a timely reminder that even small changes can make a big difference.>>

Story image

Businesses losing the war against bad bots - report

Kasada has announced the findings of its 2021 State of Bot Mitigation Survey report. >>

Story image

Rackspace highlights top security challenges of today's organisations

Half of global IT leaders say they are not fully confident in their ability to respond to data, malware phishing, supply chain, ransomware, cloud, IoT and application attacks, according to Rackspace's global survey.>>

Story image

Lacework and Snowflake partner, bring data into the security conversation

The partnership sees Lacework data available in the Snowflake Data Cloud, enabling organisations to analyse and report on risk and threats across their cloud and container environments.>>

Story image

SonicWall 'returns choice' to customers by securing different network environments>>

Story image

Artificial Intelligence / AI

Gartner identifies the top strategic technology trends for 2022>>

Story image

How retailers can keep staff and customers safe with Motorola solutions>>

Story image

Unified Communications / UC

Sietec sells to Fastcom, says 'business as usual' for customers>>

Story image

ESET and Chillisoft launch MDR solution in A/NZ>>

Story image

DNS attacks on the rise, organisations remain unprepared>>

Story image

Vodafone hits Microsoft Gold Security milestone>>

Story image

Google uncovers phishing campaign targeting YouTube creators with cookie theft malware>>

Story image

Avast announces three new appointments to leadership team>>

Story image

Disaster Recovery

Cohesity adds disaster recovery to Data Management as a Service portfolio>>

Story image

Disaster Recovery

Cohesity expands portfolio with Disaster Recovery as a Service, partners with AWS>>

Story image

Remote work leaving businesses exposed to cyber attack>>

Story image

Jamf unveils a range of new features at its 12th annual conference>>

Story image

10 Minute IT Jams

Video: 10 Minute IT Jams - BeyondTrust CTO discusses common attack vectors in 2021>>

Story image

Organisations struggling to defend attack surface in hybrid work>>

Story image

vFunction makes 'critical breakthrough' in modernisation with latest release>>

Story image

Payment innovation

COVID-19 drives up digital payments throughout APAC region>>

Story image

Secureworks expands EDR portfolio with two new solutions>>