Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication?
| LATEST SECURITY NEWS & COMMENTARY | Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication? Salesforce 'Ghost Sites' Expose Sensitive Corporate Data Some companies have moved on from using Salesforce. But without remembering to fully deactivate their clouds, Salesforce won't move on from them. 9M Dental Patients Affected by LockBit Attack on MCNA The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group. MacOS 'Migraine' Bug: Big Headache for Device System Integrity Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware. 'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say. 'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea. Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees. Google Cloud Bug Allows Server Takeover From CloudSQL Service Researchers could access sensitive data and steal secrets by exploiting a vulnerability in GCP's security layer, eventually running rampant in the environment. CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams In the wake of the ex-Uber CISO verdict, CISOs ask for clearer rules and less uncertainty in managing disclosures, amid jail-time fears. Lazarus Group Striking Vulnerable Windows IIS Web Servers The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers. Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence. Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light. Investment May Be Down, but Cybersecurity Remains a Hot Sector There's still a great deal of capital available for innovative companies helping businesses secure their IT environments. Focus Security Efforts on Choke Points, Not Visibility By finding the places where attack paths converge, you can slash multiple exposures in one fix for more efficient remediation. MORE NEWS / MORE COMMENTARY | |
|
Dark Reading Weekly -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | We take your privacy very seriously. Please review our Privacy Statement. |
|
|