Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Expert publicly disclosed the existence of 0day flaw in macOS Mojave

Macos-mojave
A zero-day vulnerability in macOS Mojave can be exploited by malware to steal plaintext passwords from the Keychain.

The security expert Linus Henze has disclosed the existence of a zero-day vulnerability in macOS Mojave that can be exploited by malware to steal plaintext passwords from the Keychain. According to Henze, the flaw affects macOS Mojave and earlier versions.

The researcher did not report the vulnerability to Apple, it publicly disclosed the existence of the flaw without making public its details.

Henzehas published a video PoC for the flaw that shows how to use malware to extract passwords from the local Keychain password management system. The attack works on a system running the latest macOS Mojave OS version (10.14.3)

The attack is sneaky because it doesn’t require admin privileges for both the malicious app and the user account. The expert pointed out that the malicious code could exploit the flaw to steal passwords only from that user’s Keychain...(continued)

View All Trending Stories