#mac

A coalition of over 25 industry leaders, led by NightDragon and non-profit NextGen Cyber Talent, partner to raise $1 million for collegiate cybersecurity education

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source.

FortiRecon combines machine learning, automation, and human intelligence to continually monitor an organization’s external attack surface.

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source.

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year.  May 6th, 2022 is a recent example. The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January. Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been responsible for

A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. "The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up. SVCReady is said to be in its early stage of development, with the

Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update. "macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid Security Response that works in between normal updates to easily keep security up to date without a

Prometheus ransomware contained a weak random number generator that inspired researchers to try and build a one-size-fits-all decryptor. The post RSA 2022: Prometheus ransomware’s flaws inspired researchers to try to build a near-universal decryption tool appeared first on Malwarebytes Labs.

# Background CILogon is a federated auth provider that allows users to authenticate themselves via a number of Identity Providers (IdP), focused primarily on educational and research institutions (such as Universities). More traditional and open IdPs such as GitHub, ORCID, Google, Microsoft, etc are also supported. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps configuration trait of CILogonOAuthenticator is documented to be a list of domains that indicate the institutions whose users are authorized to access this JupyterHub. This authorization is validated by ensuring that the *email* field provided to us by CILogon has a *domain* that matches one of the domains listed in `allowed_idps`. # Impact If `allowed_idps` contains `berkeley.edu`, you might expect only users with valid current credentials provided by Unive...