Can Cloud Services Spur Better Login Security? Netflix's Model | Salesforce Ghost Sites Expose Sensitive Corporate Data

Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication? [TechWeb]( Follow Dark Reading: [RSS]( June 01, 2023 LATEST SECURITY NEWS & COMMENTARY [Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model]( Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication? [Salesforce 'Ghost Sites' Expose Sensitive Corporate Data]( Some companies have moved on from using Salesforce. But without remembering to fully deactivate their clouds, Salesforce won't move on from them. [9M Dental Patients Affected by LockBit Attack on MCNA]( The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group. [MacOS 'Migraine' Bug: Big Headache for Device System Integrity]( Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware. ['Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns]( This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say. ['Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs]( According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea. [Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints]( Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees. [Google Cloud Bug Allows Server Takeover From CloudSQL Service]( Researchers could access sensitive data and steal secrets by exploiting a vulnerability in GCP's security layer, eventually running rampant in the environment. [CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams]( In the wake of the ex-Uber CISO verdict, CISOs ask for clearer rules and less uncertainty in managing disclosures, amid jail-time fears. [Lazarus Group Striking Vulnerable Windows IIS Web Servers]( The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers. [Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool]( Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence. [Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers]( The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light. [Investment May Be Down, but Cybersecurity Remains a Hot Sector]( There's still a great deal of capital available for innovative companies helping businesses secure their IT environments. [Focus Security Efforts on Choke Points, Not Visibility]( By finding the places where attack paths converge, you can slash multiple exposures in one fix for more efficient remediation. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Pentagon Leaks Emphasize the Need for a Trusted Workforce]( Tightening access controls and security clearance alone won't prevent insider threat risks motivated by lack of trust or loyalty. [How Safe Is Your Wearable Device?]( To mitigate risk, both developers and users must include security principles and technologies as core foundations in new devices. [Dangerous Regions: Isolating Branch Offices in High-Risk Countries]( Organizations must be cautious about how they interact with other regions around the world in order to operate safely in an at-times adversarial landscape. [MORE]( EDITORS' CHOICE [Top macOS Malware Threats Proliferate: Here Are 6 to Watch]( Apple's growing market share — in a shrinking PC market — and the growing use of Golang for malware development is pushing a gradual increase in malicious tools targeting macOS environments. LATEST FROM DR GLOBAL [Malicious Chatbots Target Casinos in Southeast Asia]( Dubbed "ChattyGoblin," the China-backed actors use chatbots to scam Southeast Asian gambling companies. LATEST FROM THE EDGE [Ways to Help Cybersecurity's Essential Workers Avoid Burnout]( To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment. LATEST FROM DR TECHNOLOGY [Meet Charlotte, CrowdStrike's New Generative AI Assistant]( Charlotte AI is the latest security-based generative AI assistant to hit the market. WEBINARS - [Secrets to a Successful Managed Security Service Provider Relationship]( Sometimes, the security team you have just isn't enough. To help keep up with security threats 24/7 - and to bolster skills the team may not have -- many enterprises are working with managed security service providers (MSSPs) and security providers ... - [Next-Generation Supply Chain Security]( Supply chain attacks are on the rise. Attackers are injecting malicious code into software and hardware components to create backdoors into the organization. As the Kaseya attack demonstrated, compromising a widely used product gives attackers privileged access into corporate networks. ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Ultimate Guide to the CISSP]( - [Cybersecurity Maturity Model Certification (CMMC) Version 1.02]( - [Cymulate Named Innovation Leader, Frost & Sullivan's - Frost Radar BAS, 2022]( - [The 3 Approaches to Breach & Attack Simulation Technologies]( - [The Cloud Security Workflow Handbook]( - [2023 Cloud Threat Report]( - [Top Ten Tips: Securing Multi-Cloud with Modern CSPM]( [View More White Papers >>]( FEATURED REPORTS - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... - [Successfully Managing Identity in Modern Cloud and Hybrid Environments]( Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [SolarWinds Transforms Brand to Signify Ongoing Evolution, Portfolio Expansion, and Customer Empowerment]( [New eID Scheme Gives EU Citizens Easy Access to Public Services Online]( [130K+ Patients' Social Security Numbers Leaked in UHS of Delaware Data Breach]( [Harvard Pilgrim Health Care Notifies Individuals of Privacy Incident]( [Honeywell Releases Cyber Insights to Better Identify Cybersecurity Threats and Vulnerabilities]( [Technology Veterans James Wickett and Ken Johnson Launch DryRun Security to Bring Security to Developers]( [Perception Point Report Finds That Advanced Phishing Attacks Grew by 356% in 2022]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)