23andMe: 'Negligent' Users at Fault for Breach of 6.9M Records

When it comes to bad passwords, how much responsibility should a service provider share with its customers? [TechWeb]( Follow Dark Reading: [RSS]( January 08, 2024 LATEST SECURITY NEWS & COMMENTARY [23andMe: 'Negligent' Users at Fault for Breach of 6.9M Records]( When it comes to bad passwords, how much responsibility should a service provider share with its customers? [Fire Sale: Zeppelin Ransomware Source Code Sells for $500 on Dark Web]( The buyer could use the code to restart the up to now all-but-defunct Zeppelin ransomware-as-a-service operation. [North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught]( The post-exploitation backdoor is the latest in a string of custom tools aimed at spying on Apple users. [Cyber-Focused FBI Agents Deploy to Embassies Globally]( The bureau is adding six new positions placed in locations that include New Delhi and Rome. [Syrian Threat Group Peddles Destructive SilverRAT]( The Middle Eastern developers claim to be building a new version of the antivirus-bypassing remote access Trojan (RAT) attack tool. [Why Red Teams Can't Answer Defenders' Most Important Questions]( Red-team assessments aren't very good at validating that defenses are working, so defenders don't have a realistic sense of how strong their defenses are. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign]( UNC-0050 is targeting government agencies in Ukraine in what appears to be a politically motivated intelligence-gathering operation. [Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns]( If Ukraine's core telephone network can be taken out, organizations in the West could easily be next, Ukraine's SBU chief says. [Navigating the New Age of Cybersecurity Enforcement]( The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives. [Mandiant's X (Twitter) Account Hacked to Promote Crypto Scam]( The hours-long breach — since resolved — directed users to a suspicious website as attackers posing as crypto-wallet service Phantom took over the feed of the Google subsidiary. [MORE]( PRODUCTS & RELEASES [C3 Complete Acquires Information Security Business Unit of Compliance Solutions Inc.]( [Driven Technologies Expands Expertise With Acquisition of ieMentor]( [Industrial Defender Risk Signal, a Risk-Based Vulnerability Management Solution for OT Security]( [SonicWall Accelerates SASE Offerings; Acquires Proven Cloud Security Provider]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Apache ERP Zero-Day Underscores Dangers of Incomplete Patches]( Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around the patch. LATEST FROM THE EDGE [CISO Planning for 2024 May Struggle When It Comes to AI]( Artificial intelligence (AI) is constantly evolving. How can security executives plan for something so unpredictable? LATEST FROM DR TECHNOLOGY [Localization Mandates, AI Regs to Pose Major Data Challenges in 2024]( With more than three-quarters of countries adopting some form of data localization and, soon, three-quarters of people worldwide protected by privacy rules, companies need to take care. LATEST FROM DR GLOBAL [Dubai-US Deal Aims to Secure Medical, IoT Devices in the Middle East]( IoT surge across the Middle East spawns demand for more secure devices in business, healthcare, and energy. WEBINARS - [Tips for Managing Cloud Security in a Hybrid Environment]( - [Everything You Need to Know About DNS Attacks]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [SANS ICS/OT Cybersecurity Survey: 2023's Challenges and Tomorrow's Defenses]( - [IT Zero Trust vs. OT Zero Trust: It's all about Availability]( - [2023 Snyk AI-Generated Code Security Report]( - [Migrations Playbook for Saving Money with Snyk + AWS]( - [Buyer's Guide: Choosing a True DevSecOps Solution for Your Apps on AWS]( - [Understanding AI Models to Future-Proof Your AppSec Program]( - [The Developers Guide to API Security]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120288&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_01.08.24&sp_cid=51283&utm_content=DR_NL_Dark%20Reading%20Daily_01.08.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#a3 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)