Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication?
Follow Dark Reading:
 June 01, 2023
LATEST SECURITY NEWS & COMMENTARY
Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model
Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication?
Salesforce 'Ghost Sites' Expose Sensitive Corporate Data
Some companies have moved on from using Salesforce. But without remembering to fully deactivate their clouds, Salesforce won't move on from them.
9M Dental Patients Affected by LockBit Attack on MCNA
The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group.
MacOS 'Migraine' Bug: Big Headache for Device System Integrity
Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware.
'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns
This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say.
'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs
According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea.
Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints
Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.
Google Cloud Bug Allows Server Takeover From CloudSQL Service
Researchers could access sensitive data and steal secrets by exploiting a vulnerability in GCP's security layer, eventually running rampant in the environment.
CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams
In the wake of the ex-Uber CISO verdict, CISOs ask for clearer rules and less uncertainty in managing disclosures, amid jail-time fears.
Lazarus Group Striking Vulnerable Windows IIS Web Servers
The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers.
Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.
Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers
The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
Investment May Be Down, but Cybersecurity Remains a Hot Sector
There's still a great deal of capital available for innovative companies helping businesses secure their IT environments.
Focus Security Efforts on Choke Points, Not Visibility
By finding the places where attack paths converge, you can slash multiple exposures in one fix for more efficient remediation.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Pentagon Leaks Emphasize the Need for a Trusted Workforce
Tightening access controls and security clearance alone won't prevent insider threat risks motivated by lack of trust or loyalty.

How Safe Is Your Wearable Device?
To mitigate risk, both developers and users must include security principles and technologies as core foundations in new devices.

Dangerous Regions: Isolating Branch Offices in High-Risk Countries
Organizations must be cautious about how they interact with other regions around the world in order to operate safely in an at-times adversarial landscape.

MORE
EDITORS' CHOICE
Top macOS Malware Threats Proliferate: Here Are 6 to Watch
Apple's growing market share — in a shrinking PC market — and the growing use of Golang for malware development is pushing a gradual increase in malicious tools targeting macOS environments.
LATEST FROM DR GLOBAL

Malicious Chatbots Target Casinos in Southeast Asia
Dubbed "ChattyGoblin," the China-backed actors use chatbots to scam Southeast Asian gambling companies.
LATEST FROM THE EDGE

Ways to Help Cybersecurity's Essential Workers Avoid Burnout
To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment.
LATEST FROM DR TECHNOLOGY

Meet Charlotte, CrowdStrike's New Generative AI Assistant
Charlotte AI is the latest security-based generative AI assistant to hit the market.
WEBINARS
  • Secrets to a Successful Managed Security Service Provider Relationship

    Sometimes, the security team you have just isn't enough. To help keep up with security threats 24/7 - and to bolster skills the team may not have -- many enterprises are working with managed security service providers (MSSPs) and security providers ...

  • Next-Generation Supply Chain Security

    Supply chain attacks are on the rise. Attackers are injecting malicious code into software and hardware components to create backdoors into the organization. As the Kaseya attack demonstrated, compromising a widely used product gives attackers privileged access into corporate networks. ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
SolarWinds Transforms Brand to Signify Ongoing Evolution, Portfolio Expansion, and Customer Empowerment
New eID Scheme Gives EU Citizens Easy Access to Public Services Online
130K+ Patients' Social Security Numbers Leaked in UHS of Delaware Data Breach
Harvard Pilgrim Health Care Notifies Individuals of Privacy Incident
Honeywell Releases Cyber Insights to Better Identify Cybersecurity Threats and Vulnerabilities
Technology Veterans James Wickett and Ken Johnson Launch DryRun Security to Bring Security to Developers
Perception Point Report Finds That Advanced Phishing Attacks Grew by 356% in 2022
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us