
MacOS High Sierra zero-day shows Keychain passwords in plain text
MacOS users who are starting the upgrade to High Sierra – and those who are using El Capitan – are vulnerable to a proof-of-concept attack that shows their online passwords in plain text, according to Synack security researcher Patrick Wardle.
He discovered that Mac Keychain, a native password management tool, can store online account usernames and passwords in plain text, allowing malicious applications direct access to the account details. However, the Keychain is generally protected by a master password.
Wardle revealed the details in a video that showed a demonstration of the attack.
COVID-19-themed threats, Powershell malware continue surge
97% of organisations experienced a mobile threat in 2020 — report
New wormable Android malware discovered through auto-replies in WhatsApp
Financial malware activity dropped in 2020 as creators honed their wares
Almost a third of malware threats previously unknown - HP report
Jamf acquires tools from cmdSecurity to secure macOS enterprise offerings

Claroty and Yokogawa Engineering Asia extend partnership for SEA and A/NZ
Claroty and Yokogawa Engineering Asia have partnered to better serve organisations in Southeast Asia, Australia and New Zealand.

NVIDIA takes AI into the heart of cybersecurity with Morpheus
The Morpheus application framework will provide security partners with AI-enhanced tools that can detect and prevent security threats.

Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.

rhipe acquires emt Distribution, with aim to expand into enterprise market
The acquisition will enable rhipe to deliver a comprehensive portfolio of end-to-end security capabilities to its partners, the company says.

Remote work continues, and endpoint security cited as a must
Nearly half of workers will stay remote after the pandemic ends, and two out of three IT professionals are concerned with endpoint misuse, according to Prey Software's new study.

Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."