#mac

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs. The exact distribution vector is currently unclear, although there are

By Uzair Amir Remember Minesweeper? It's not just a game - it's a hidden training ground for work skills! Sharpen your decision-making, focus, and strategic thinking with every click. This is a post from HackRead.com Read the original post: A Mind at Play: Rediscovering Minesweeper in the Professional Arena

Plus: An assassination plot, an AI security bill, a Project Nimbus revelation, and more of the week’s top security news.

By Waqas A new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. pen_spark This is a post from HackRead.com Read the original post: New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw

Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a feature flag while vodozemac disabled the default feature set. ### Impact The degraded zeroization capabilities could result in the production of more memory copies of encryption secrets and secrets could linger in memory longer than necessary. This marginally increases the risk of sensitive data exposure. Overall, we consider the impact of this issue to be low. Although cryptographic best practices recommend the clearing of sensitive information from memory once it's no longer needed, the inherent limitations of Rust regarding absolute zeroization reduce the practical severity of this lapse. ### Patches The patch is in commit https://github.com/matrix-org/vodozemac/pull/130/commits/297548cad4016ce448c4b5007c54db7ee39489d9. ### Workarounds None. ### For more information...

Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.

Organizations can go a long way toward preventing spoofing attacks by changing one basic parameter in their DNS settings.

There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.”

Outabox, an Australian firm that scanned faces for bars and clubs, suffered a breach that shows the problems with giving companies your biometric data.

Ukraine needs small drones to combat Russian forces—and is bootstrapping its own industry at home.