Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.
Follow Dark Reading:
 May 25, 2023
LATEST SECURITY NEWS & COMMENTARY
Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.
OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps
A cybersecurity vulnerability found in an implementation of the social login functionality opens the door to account takeovers and more.
'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs
According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea.
Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses
Threat actors are circumventing geo-location-based security detections, using a combination of cybercrime-as-a-service platforms and the purchasing of local IP addresses.
Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking
A February 2022 attack knocked the giant tire maker's North American operations offline for several days.
PyPI Shuts Down Over the Weekend, Says Incident Was Overblown
The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.
3 Common Initial Attack Vectors Account for Most Ransomware Campaigns
The data shows how most cyberattacks start, so basic steps can help organizations avoid becoming the latest statistic.
Apple Patches 3 Zero-Days Possibly Already Exploited
In an advisory released by the company, Apple revealed patches for three previously unknown bugs it says may already have been used by attackers.
Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations
The technology conglomerate has until later this year to end its transfer of European user's data across the Atlantic.
3 Ways Hackers Use ChatGPT to Cause Security Headaches
As ChatGPT adoption grows, the industry needs to proceed with caution. Here's why.
Cyber Warfare Lessons From the Russia-Ukraine Conflict
Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.
Keep Your Friends Close and Your Identity Closer
As we share an increasing amount of personal information online, we create more opportunities for threat actors to steal our identities.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Talking Security Strategy: Cybersecurity Has a Seat at the Boardroom Table
Pending new SEC rules reinforce how integral cybersecurity is to modern business operations, and will help close the gap between security teams and those making policy decisions.

Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans
Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.

5 Questions to Ask When Evaluating a New Cybersecurity Technology
Any new cybersecurity technology should be not just a neutral addition to a security stack but a benefit to the other technologies or people managing them.

MORE
EDITORS' CHOICE
Microsoft Azure VMs Hijacked in Cloud Cyberattack
Cybercrime group that often uses smishing for initial access bypassed traditional OS targeting and evasion techniques to directly gain access to the cloud.
LATEST FROM DR GLOBAL

Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks
Researchers say the Iranian nation-state actor known as Tortoiseshell could be behind the attacks.
LATEST FROM THE EDGE

What Security Professionals Need to Know About Aggregate Cyber-Risk
Widespread cyber incidents will happen, but unlike natural disasters, specific security controls can help prevent a catastrophe.
LATEST FROM DR TECHNOLOGY

Google Adds Guardrails to Keep AI in Check
Companies are starting to address the misuse of artificial intelligence (AI). At Google I/O, for example, executives promised its AI has safety measures.
WEBINARS
  • Mastering Endpoint Security: The Power of Least Privilege

    Join us at one of our upcoming live and interactive events we will explore the critical role of least privilege in endpoint security, how it helps to systematically strengthen organization's security posture, and provides a solid foundation for endpoint security ...

  • Here's What Zero Trust Really Means

    Credential theft, lateral movement and other cyberattack tricks have foiled perimeter security again and again. We know that the old philosophy of trusting everything and everyone inside a network is no longer sound. The zero-trust model - trust nothing, verify ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • The 10 Most Impactful Types of Vulnerabilities for Enterprises Today

    The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ...

  • Shoring Up the Software Supply Chain Across Enterprise Applications

    Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ...

  • 10 Hot Talks From Black Hat USA 2022

    Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Netwrix Report: Enterprises Suffer More Ransomware and Other Malware Attacks Than Smaller Organizations
Appdome Launches Build-to-Test, Automated Testing Option for Protected Mobile Apps
Technology Veterans James Wickett and Ken Johnson Launch DryRun Security to Bring Security to Developers
Satori Augments Its Data Security Platform With Posture Management and Data Store Discovery Capabilities
AppSec Teams Stuck in Catch-Up Cycle Due to Massive Cloud-Native Enablement Gap
OX Security Launches OX-GPT, AppSec's First ChatGPT Integration
CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine
Honeywell Releases Cyber Insights to Better Identify Cybersecurity Threats and Vulnerabilities
Harvard Pilgrim Health Care Notifies Individuals of Privacy Incident
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us