sb-nz logo
Story image

MacOS High Sierra zero-day shows Keychain passwords in plain text

27 Sep 2017
Sara Barker
Share:

MacOS users who are starting the upgrade to High Sierra – and  those who are using El Capitan – are vulnerable to a proof-of-concept attack that shows their online passwords in plain text, according to Synack security researcher Patrick Wardle.

He discovered that Mac Keychain, a native password management tool, can store online account usernames and passwords in plain text, allowing malicious applications direct access to the account details. However, the Keychain is generally protected by a master password.

Wardle revealed the details in a video that showed a demonstration of the attack.

Related stories:
Months on, many organisations still don't have secure remote access - report
FireEye revamps its flagship anti-malware solution
Trend Micro: COVID-19 related malware and spam on the rise
New report reveals key concerns of threat management pros in 2020
Bitdefender reveals new botnet which 'puts others to shame'
Data is more valuable to cyber attackers than cash - report
Dig deeper:
Story image
ExtraHop brings SaaS network detection and response solution to market
"Reveal(x) 360 is the culmination of a multi-year R&D investment to secure data centre, remote sites, and cloud workloads with frictionless deployment and actionable insights that can be securely accessed from anywhere.”More
Story image
New detection tool aims to catch Twitter bots in real time
Twitter recognises that it’s hard to tell just how much misinformation is out there on social media.More
Link image
Webcast Series: Best security practices for a mobile workforce
Join an exclusive monthly webcast series to learn how to better secure your mobile workforce in the evolving threat landscape.More
Link image
Proper authentication is the key to security. Now it's free
Usually if a cyber attacker gains access to your credentials, it's game over. Stand a fighting chance at no cost with this cutting edge authentication tool.More
Story image
Swann releases two new smart security cameras
The solutions include tracking, night vision, and other features, supported by a connected application.More
Story image
Cost-effective security key demand for MSPs
A new survey conducted by Omida and commissioned by Acronis shows that there is an “overwhelming” demand for security services among MSPs.More
Story image
ExtraHop brings SaaS network detection and response solution to market
"Reveal(x) 360 is the culmination of a multi-year R&D investment to secure data centre, remote sites, and cloud workloads with frictionless deployment and actionable insights that can be securely accessed from anywhere.”More
Story image
New detection tool aims to catch Twitter bots in real time
Twitter recognises that it’s hard to tell just how much misinformation is out there on social media.More
Link image
Webcast Series: Best security practices for a mobile workforce
Join an exclusive monthly webcast series to learn how to better secure your mobile workforce in the evolving threat landscape.More
Link image
Proper authentication is the key to security. Now it's free
Usually if a cyber attacker gains access to your credentials, it's game over. Stand a fighting chance at no cost with this cutting edge authentication tool.More
Story image
Swann releases two new smart security cameras
The solutions include tracking, night vision, and other features, supported by a connected application.More
Story image
Cost-effective security key demand for MSPs
A new survey conducted by Omida and commissioned by Acronis shows that there is an “overwhelming” demand for security services among MSPs.More
Download image
Cloud, VPNs & digital workspaces: 3 focus areas for enterprise security
Authentication can bring three things to the table: Choice, appropriate risk analysis, and ease of use for everyone.More
Story image
Thycotic launches DevOps Secrets Vault solution for greater cloud security
“DevOps Secrets Vault is a cloud-based vault that balances the security and velocity that DevOps teams require for this growing part of the enterprise attack surface."More
Story image
Cybercriminals exploiting virus fears to gain access to corporate IT systems
COVID-19 may have changed the way many people work, but this doesn’t have to mean companies must accept lower levels of security. More
Story image
Channel guru brings Bufferzone to A/NZ
Previously, Wyman brought Backup Exec/Veritas, Brocade and StorageCraft to the region.More
Story image
Cybercriminals seeking greater anonymity online, Trend Micro states
Cybercriminals have switched to ecommerce platforms and communication using Discord for greater anonymity, according to new research from Trend Micro. More
Download image
The juggling act: Managing dynamic workforces and the risk that goes with them
Mitigate and continuously manage dynamic workforce risks, and continuously improve and maintain the maturity of your dynamic workforce risk program.More
Story image
CrowdStrike expands Linux protection, adds machine learning prevention
CrowdStrike says its solution delivers proven breach prevention and visibility from its cloud-delivered platform via a single lightweight agent.More
Story image
Five wine-tasting tips that should be applied to network security
What does network visibility really mean? Much like a blind wine tasting, we need to keep an open mind and trust what data is telling us without being biased by previous results.More
Story image
Chinks in the armour: Why the post COVID-19 cloud is easy game for cybercriminals
Now’s the time for CIOs to pause and make sure their digital transformation projects are fit for today, and the future.More
Download image
Dialing in from home: Why VPNs are essential for your corporate network
Right now, how many employees, partners, or contractors are working from home and logging into your network?More
Story image
DigiCert receives top award from Frost & Sullivan thanks to agile approach
DigiCert has received the 2020 Global Company of the Year Award by Frost & Sullivan, with specific focus on its global transport layer security (TLS) certificate market. More
Story image
Exabeam targets APJ with ‘significant investment’
Triples its team across the region and forms an exclusive partnership with Orca Tech in A/NZ as SIEM demand rises.More
Story image
Dark web packed with offers to hack corporate networks
"The larger the hacked company is, and the higher the obtained privileges, the more profitable the attack becomes."More
Story image
Acronis teams up with A.S. Roma to advance AI in sport
Acronis has officially announced its artificial intelligence (AI) partnership with Associazione Sportiva Roma, an Italian professional football club also known as A.S Roma.More
Story image
Demand for VPNs soars in Hong Kong amid fears over Beijing crackdown
VPN provider Surfshark revealed it has seen a week’s worth of sales in just one hour within the city, indicating that locals feel their internet freedom is under attack.More
Story image
40% of APAC consumers have dealt with personal data breaches
The Kaspersky report released today also found out that more than 20% of respondents in APAC are willing to sacrifice their privacy to gain a product or a service for free. More
Story image
Kaspersky launches security assessment training program
Kaspersky says the program is designed give organisations the tools to ensure the security and of third-party applications that are integrated into their IT infrastructures.More
Story image
Former AWS executive joins Ping Identity
"Candace has deep expertise in enterprise security strategy and an acute understanding of the innovations that businesses require."More
Story image
HackerOne hits $100M milestone with bug bounties
“We have arrived at the point in history where you are ignorant and negligent if you do not have a way to receive useful input from ethical hackers."More
Story image
Interview: Thriving in lockdown - how a coding school in Vietnam beat the odds
It's March 10 2020, and CoderSchool in Ho Chi Minh just went entirely online. A success story followed - here's how a lockdown helped a school thrive.More
Story image
D-Link brings thermal scan/facial recognition camera to A/NZ
The device can scan a large crowd and automatically raise an alert if a person with an elevated temperature is found.More
IDC names Accenture APAC Leader in pro security services
Accenture was recognised as having one of the most comprehensive security advisory and security assessment offerings.More
Cisco buys ThousandEyes, strengthening network portfolio
Cisco is eyeing up network intelligence company ThousandEyes for its latest acquisition, building on Cisco’s cloud-based network and application performance portfolio.More
Sophos and Arcserve bolster alliance with two new solutions
The new solutions combine anti-ransomware and other threat-protection tech with immutable backup and disaster recovery capabilities.More
SolarWinds Niche Player in app monitoring Magic Quadrant
Simplicity, visibility and solution synergy have put SolarWinds into the 2020 Gartner Magic Quadrant for Application Performance Monitoring.More
Internet filtering not the answer - InternetNZ
The proposed law change is part of the New Zealand government response to the Christchurch terror attacks that occurred in March last year.More
Report: Tech industry most attacked sector
"The current global crisis has shown us that cyber criminals will always take advantage of any situation and organisations must be ready for anything."More
Current security practices 'grossly inadequate' for protecting cloud infrastructures - report
"As cloud stacks become increasingly complex, with new technologies regularly added to the mix, what's needed is a holistic approach with consistent protection across the full cloud stack."More
NZ's tech news sails in the slipstream of healthy tech sector
Techday's managing editor explains how New Zealand's tech media flies under the radar, but it doesn't mean we're dead.More
FireEye revamps its flagship anti-malware solution
The Endpoint Security solution has received several enhancements, including the availability of several new modules for protection, investigation and response.More
Microsoft warns of huge email phishing scam
The phishing campaign installs NetSupport Manager remote admin tool to take over and execute commands. More
FireEye unveils Cloudvisory: A multicloud security control centre
FireEye has announced the availability of FireEye Cloudvisory - a control centre for cloud security management across any private, public or hybrid security environment.More
Zscaler buys Edgewise, with its sight set on zero-trust
The acquisition indicates Zscaler's path towards improving the security of east-west communication, as well as its quest to achieve a zero-trust environment.More
A definitive guide to cloud access security brokers
CASBs offer IT administrators granular access control and deep visibility over corporate data – critical functionality for organisations moving from internal, premises-based apps to the cloud.More
Why people must form the backbone of your security decisions
In a recent survey 74% Asia Pacific IT and business leaders surveyed declare that security culture is essential to a successful business.  More
Interview: Mimecast channel director on new partner programme and consolidation in the channel
Craig McGregor explains Mimecast's new partner programme, the importance of consolidation in the security space, and the effect of COVID-19 on the local channel.More
How to work from home securely
Here’s what you need to do to make your home working environment and systems secure, and protect yourself and your employer.More
New tech startup looks to help lawyers and finance pros
StructureFlow has launched to market, dubbing itself as a tech startup with the mission of helping lawyers and finance professionals visualise complex legal structures and transactions. More
Managed services more popular than ever
However, a new Business Report indicates that MSPs could lose vital business if they don’t balance their portfolio services accordingly.More
More stories