Newsletter Subject
WARNING: New MacStealer Malware Can Steal Your iCloud Keychain Data and Passwords!
From
nl00.net
Email Address
news@news.nl00.net
Sent On
Mon, Mar 27, 2023 12:21 PM
Email Preheader Text
The Hacker News Daily Updates Don't be a victim of 3rd-Party SaaS App breaches - Learn how to protec
HTML
The Hacker News Daily Updates
[Newsletter]( [cover]( [THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps]( Don't be a victim of 3rd-Party SaaS App breaches - Learn how to protect your business! [Download Now]( Sponsored LATEST NEWS Mar 27, 2023 [Where SSO Falls Short in Protecting SaaS]( Single sign-on (SSO) is an authentication method that allows users to authenticate their identity for multiple applications with just one set of credentials. From a security standpoint, SSO is the gold standard. It ensures access without forcing users to remember multiple passwords and can be further secured with MFA. Furthermore, an estimated 61% of attacks stem from stolen credentials. ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords]( A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs. "MacStealer has ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [Automate compliance, simplify security, build trust]( To close and grow major customers, you have to earn trust. But demonstrating security and compliance can be time-consuming and expensive. Unless you use Vanta. See if Vanta is right for your business with a free trial of our SOC 2 compliance framework and Access Reviews ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools]( Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals]( In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers]( Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident]( OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users' conversations from the chat history sidebar, prompting the company ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data]( A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. It has since been taken down, but not before ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [cover]( [THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps]( Don't be a victim of 3rd-Party SaaS App breaches - Learn how to protect your business! [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com
[Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India
EDM Keywords (68)
week
vulnerability
victim
vanta
upstart
uploaded
trick
tracked
tools
threat
thief
taken
steal
stage
sso
sponsored
since
sights
setting
set
services
sent
secured
right
responsible
released
receiving
read
pypi
protect
passwords
package
opted
offer
newsletter
network
may
manage
m1
light
infiltrate
identity
harvest
glitch
found
far
exposure
exploited
email
deploy
cropped
credentials
created
could
contact
compliance
command
comes
close
catch
case
capabilities
came
business
bug
authenticate
apple
address
accessed