Tag: attacker

Password-theft 0day imperils users of High Sierra and earlier macOS versions

(credit: Koichi Taniguchi ) There’s a vulnerability in High Sierra and earlier versions of macOS that allows rogue applications to steal plaintext passwords stored in the Mac keychain, a security researcher said Monday. That’s the same day the widely anticipated update was released. The Mac keychain is a digital vault of sorts that stores passwords and cryptographic keys. Apple engineers have designed it so that installed applications can’t access its contents without the user entering a master password. A weakness in the keychain, however, allows rogue apps to steal every plaintext password it stores with no password required. Patrick Wardle, a former National Security Agency hacker who now works for security firm Synack, posted a video demonstration here . The video shows a Mac virtual machine running High Sierra as it installs an app. Once the app is installed, the video shows an attacker on a remote server running the Netcat networking utility . When the attacker clicks “exfil keychain” button, the app surreptitiously exfiltrates all the passwords stored in the keychain and uploads them to the server. The theft requires no user interaction beyond the initial installation of the rogue app, and neither the app nor macOS provides any warning or seeks permission. Read 4 remaining paragraphs | Comments

Link:
Password-theft 0day imperils users of High Sierra and earlier macOS versions

HipChat resets all passwords after hackers break in

Today, Hipchat alerted its users that someone broke into one of its servers through a vulnerability in a third-party library. The chat service saw no evidence that other Atlassian systems or products like Jira or Trello were affected, but they’re forcing every user to reset their HipChat-connected account password as a precaution. According to the service’s blog post , the attacker might have gotten access to user information (including name, email and hashed password) of anyone using HipChat.com. There’s been no sign that over 99 percent of users’ messages or room content was compromised, though the attacker could have accessed that portion’s metadata. A small fraction (.05 percent) of instances might have been wide open to the hacker, who would have been able to see correspondence and content. Fortunately, no evidence has suggested that the attacker has accessed anyone’s financial or credit card information. “While HipChat Server uses the same third-party library, it is typically deployed in a way that minimizes the risk of this type of attack, ” the blog post said, but the service will roll a security update out for Hipchat Server just to be sure. Source: HipChat

View article:
HipChat resets all passwords after hackers break in