MacOS 'Migraine' Bug: Big Headache for Device System Integrity

Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware. [TechWeb]( Follow Dark Reading: [RSS]( June 01, 2023 LATEST SECURITY NEWS & COMMENTARY [MacOS 'Migraine' Bug: Big Headache for Device System Integrity]( Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware. [Salesforce 'Ghost Sites' Expose Sensitive Corporate Data]( Some companies have moved on from using Salesforce. But without remembering to fully deactivate their clouds, Salesforce won't move on from them. [Dark Reading Launches Inaugural CISO Advisory Board]( Ten chief information security officers from a variety of verticals will provide valuable insights to Dark Reading on what they see as the industry's most pressing issues. [Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model]( Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication? [Mirai Variant Opens Tenda, Zyxel Gear to RCE, DDoS]( Researchers have observed several cyberattacks leveraging a botnet called IZ1H9, which exploits vulnerabilities in exposed devices and servers running on Linux. [Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers]( The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light. [Focus Security Efforts on Choke Points, Not Visibility]( By finding the places where attack paths converge, you can slash multiple exposures in one fix for more efficient remediation. [Investment May Be Down, but Cybersecurity Remains a Hot Sector]( There's still a great deal of capital available for innovative companies helping businesses secure their IT environments. [(Sponsored Article) Top Cyberattacks Revealed in New Threat Intelligence Report]( New report provides actionable intelligence about attacks, threat actors, and campaigns. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [9M Dental Patients Affected by LockBit Attack on MCNA]( The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group. [Pentagon Leaks Emphasize the Need for a Trusted Workforce]( Tightening access controls and security clearance alone won't prevent insider threat risks motivated by lack of trust or loyalty. ['Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs]( According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea. [MORE]( EDITORS' CHOICE [Top macOS Malware Threats Proliferate: Here Are 6 to Watch]( Apple's growing market share — in a shrinking PC market — and the growing use of Golang for malware development is pushing a gradual increase in malicious tools targeting macOS environments. LATEST FROM DR GLOBAL [Malicious Chatbots Target Casinos in Southeast Asia]( Dubbed "ChattyGoblin," the China-backed actors use chatbots to scam Southeast Asian gambling companies. LATEST FROM THE EDGE [Ways to Help Cybersecurity's Essential Workers Avoid Burnout]( To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment. LATEST FROM DR TECHNOLOGY [Meet Charlotte, CrowdStrike's New Generative AI Assistant]( Charlotte AI is the latest security-based generative AI assistant to hit the market. WEBINARS - [Mastering Endpoint Security: The Power of Least Privilege]( Join us at one of our upcoming live and interactive events we will explore the critical role of least privilege in endpoint security, how it helps to systematically strengthen organization's security posture, and provides a solid foundation for endpoint security ... - [Here's What Zero Trust Really Means]( Credential theft, lateral movement and other cyberattack tricks have foiled perimeter security again and again. We know that the old philosophy of trusting everything and everyone inside a network is no longer sound. The zero-trust model - trust nothing, verify ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Proof-Based Scanning: No noise, just facts]( - [Large Insurer goes beyond Breach and Attack Simulation (BAS) with Cymulate]( - [Understanding Vulnerability Prioritization Technologies - From Generic VM to VPT]( - [The 3 Approaches to Breach & Attack Simulation Technologies]( - [What Are the Top and Niche Use Cases for Breach and Attack Simulation Technology?]( - [2023 Cloud Threat Report]( - [Rediscovering Your Identity]( [View More White Papers >>]( FEATURED REPORTS - [Everything You Need to Know About DNS Attacks]( - [Successfully Managing Identity in Modern Cloud and Hybrid Environments]( Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ... - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Checkmarx Announces GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster]( [New eID Scheme Gives EU Citizens Easy Access to Public Services Online]( [130K+ Patients' Social Security Numbers Leaked in UHS of Delaware Data Breach]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)