#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

macOS update | Breaking Cybersecurity News | The Hacker News

Latest iOS 12.1.4 Update Patches 2 Zero-Day and FaceTime Bugs

Latest iOS 12.1.4 Update Patches 2 Zero-Day and FaceTime Bugs
Feb 08, 2019
Apple has finally released iOS 12.1.4 software update to patch the terrible Group FaceTime privacy bug that could have allowed an Apple user to call you via the FaceTime video chat service and hear or see you before you even pick up the call without your knowledge. The Facetime bug (CVE-2019-6223) was discovered by 14-year-old Grant Thompson of Catalina Foothills High School while he was trying to set up a Group FaceTime session with his friends. Thompson reported the bug to the company a week before it made headlines across the internet, forcing Apple to temporarily disable the group calling feature within FaceTime. In its advisory published Thursday, Apple described the bug as "a logic issue existed in the handling of Group FaceTime calls," that also impacted the group FaceTime calling feature on Apple's macOS Mojave 10.14.2. Along with Thompson, Apple has also credited Daven Morris of Arlington, Texas, in its official advisory for reporting this bug. Acc

Apple macOS High Sierra Bug Exposes Passwords of Encrypted APFS Volumes As Hint

Apple macOS High Sierra Bug Exposes Passwords of Encrypted APFS Volumes As Hint
Oct 06, 2017
A severe programming error has been discovered in Apple's latest macOS High Sierra 10.13 that exposes passwords of encrypted Apple File System (APFS) volumes in plain text. Reported by Matheus Mariano, a Brazilian software developer, the vulnerability affects encrypted volumes using APFS wherein the password hint section is showing the actual password in the plain text. Yes, you got that right—your Mac mistakenly reveals the actual password instead of the password hint. In September, Apple released macOS High Sierra 10.13 with APFS (Apple File System) as the default file system for solid-state drives (SSDs) and other all-flash storage devices, promising strong encryption and better performance. Mariano discovered the security issue while he was using the Disk Utility in macOS High Sierra to add a new encrypted APFS volume to a container. When adding a new volume, he was asked to set a password and, optionally, write a hint for it. So, whenever the new volume is mounted, m

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know
Feb 13, 2024SaaS Security / Data Breach
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and vulnerabilities in third-party app integrations demonstrate the complex security challenges facing IT systems. In the case of Midnight Blizzard, password spraying against a test environment was the initial attack vector. For Cloudflare-Atlassian, threat actors initiated the attack via compromised  OAuth tokens  from a prior breach at Okta, a SaaS identity security provider.  What Exactly Happened? Microsoft Midnight Blizzard Breach Microsoft was targeted by the Russian "Midnight Blizzard" hackers (also known as Nobelium, APT29, or Cozy Bear) who are linked to the SVR, the Kremlin's forei
Cybersecurity Resources