Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Cybersecurity Industry Leaders Launch Campaign to Close the Cybersecurity Talent Gap

A coalition of over 25 industry leaders, led by NightDragon and non-profit NextGen Cyber Talent, partner to raise $1 million for collegiate cybersecurity education

DARKReading
#mac#cisco#oracle
A Long-Awaited Defense Against Data Leaks May Have Just Arrived

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source.

Fortinet Unveils New Digital Risk Protection Offering

FortiRecon combines machine learning, automation, and human intelligence to continually monitor an organization’s external attack surface.

A Long-Awaited Defense Against Data Leaks May Have Just Arrived

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source.

Follina Exploited by State-Sponsored Hackers

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

Hacking Scenarios: How Hackers Choose Their Victims

Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year.  May 6th, 2022 is a recent example. The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January. Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been responsible for

Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware

A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. "The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up. SVCReady is said to be in its early stage of development, with the

Apple's New Feature Will Install Security Updates Automatically Without Full OS Update

Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update. "macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid Security Response that works in between normal updates to easily keep security up to date without a

RSA 2022: Prometheus ransomware’s flaws inspired researchers to try to build a near-universal decryption tool

Prometheus ransomware contained a weak random number generator that inspired researchers to try and build a one-size-fits-all decryptor. The post RSA 2022: Prometheus ransomware’s flaws inspired researchers to try to build a near-universal decryption tool appeared first on Malwarebytes Labs.

GHSA-r7v4-jwx9-wx43: Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator

# Background CILogon is a federated auth provider that allows users to authenticate themselves via a number of Identity Providers (IdP), focused primarily on educational and research institutions (such as Universities). More traditional and open IdPs such as GitHub, ORCID, Google, Microsoft, etc are also supported. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps configuration trait of CILogonOAuthenticator is documented to be a list of domains that indicate the institutions whose users are authorized to access this JupyterHub. This authorization is validated by ensuring that the *email* field provided to us by CILogon has a *domain* that matches one of the domains listed in `allowed_idps`. # Impact If `allowed_idps` contains `berkeley.edu`, you might expect only users with valid current credentials provided by Unive...