Happy Friday! It’s August 23 and we hope you’re wrapping up another productive week. It’s been a busy week at OneLogin as we inch closer to September and our annual customer conference, OneLogin Connect! Speaking of customers—we’re excited to announce that Virgin Hyperloop One selected the OneLogin platform to secure access to its enterprise applications with adaptive authentication.
This week’s industry news covers a lot! We read stories about vulnerable local governments, bluetooth’s inherent cybersecurity risks, the MoviePass breach, and more. While some of this week’s news is downright concerning, we hope you find it encouraging. Multi-factor is gaining momentum and is a smart and simple measure to defend against password attacks. The growing popularity of WebAuthn is also encouraging. You might ask yourself, “how can I secure my business data in today’s threat landscape?” If so, you’re in luck. OneLogin provides readers like you with several resources to help position your organization for a more secure future. You can find them here! Happy reading and have a great weekend!
See Something, Say Something!
Twenty-two Texas Towns were hit with ransomware attacks earlier this week. Ransomware attacks targeting local governments have been on the rise and often stem from employees clicking malicious links. Educating employees on cybersecurity best practices is critical to preventing malicious attacks. If an email or site seems odd or unsafe, it probably is! Read more on the New York Times
Time to Disconnect Those AirPods?
If you attended this year’s DEF CON, there’s a chance you’re already in the know. Good for you! If not, hang tight for a second. We use bluetooth for everything from pairing wireless headphones to car audio and AirDropping files. Turns out, leaving bluetooth enabled on your smartphone may expose you to hacking, privacy violations, or flat-out abuse. Word to the wise: Disable Bluetooth when you’re not using it or don’t use it at all! Read more on Mashable
You Can Lead a Horse to Water…
If your password is breached you should change it immediately. That goes without saying. Even still, Google reported this week that only ¼ of users who downloaded its Password Check-up Chrome extension actually update their password when they’re notified of a breach. Weak passwords are stolen every day—and if you reuse passwords, you’re only steps away from a malicious actor testing a stolen password against a host of other sites. Until passwords are obsolete, be sure to update your credentials if you know they’ve been exposed. Read more on Naked Security
GitHub to Support WebAuthn
GitHub announced this week that it would enable users to authenticate using Web Authentication (WebAuthn). WebAuthn was approved by the World Wide Web Consortium in March 2019 and has gained popularity over the past few months. WebAuthn is supported by all major platforms and browsers and provides a simple authentication method that safeguards users from phishing attacks. While WebAuthn typically uses a physical key, GitHub will also support users who prefer to register and use their laptop or phone as a security key. Read more on Security Boulevard
MoviePass Breach Exposes Customers’ Personal Data
A MoviePass database was discovered unprotected with no password, exposing the personal data and customer card numbers of tens of thousands of customers. Solutions Review takes a look at what the MoviePass breach says about customer identity and access management (CIAM). Read more on Solutions Review