The Hacker News Daily Updates

"New MacStealer macOS Malware steals iCloud keychain data and passwords."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 27 March 2023, 1446 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source:  https://mail.google.com/mail/u/0/#trash/FMfcgzGslklrgrFMHzTmRnXlxclNTxNw ("The Hacker News Daily Updates").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts

https://www.hawaiicybersecurityjournal.net

https://paper.li/RussellRoberts

The Hacker News Daily Updates

THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps Don't be a victim of 3rd-Party SaaS App breaches - Learn how to protect your business! Download Now Sponsored

LATEST NEWS Mar 27, 2023

Where SSO Falls Short in Protecting SaaS Single sign-on (SSO) is an authentication method that allows users to authenticate their identity for multiple applications with just one set of credentials. From a security standpoint, SSO is the gold standard. It ensures access without forcing users to remember multiple passwords and can be further secured with MFA. Furthermore, an estimated 61% of attacks stem from stolen credentials. ... Read More

New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs. "MacStealer has ... Read More

Automate compliance, simplify security, build trust To close and grow major customers, you have to earn trust. But demonstrating security and compliance can be time-consuming and expensive. Unless you use Vanta. See if Vanta is right for your business with a free trial of our SOC 2 compliance framework and Access Reviews ... Read More

Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the ... Read More

U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals ... Read More

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. ... Read More

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users' conversations from the chat history sidebar, prompting the company ... Read More

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. It has since been taken down, but not before ... Read More

THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps Don't be a victim of 3rd-Party SaaS App breaches - Learn how to protect your business! Download Now Sponsored