SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Researchers analyze satellite security
Researchers in Germany have analyzed several satellites and discovered various types of vulnerabilities, as well as the lack of protection mechanisms such as encryption and authentication. They showed how an attacker could disrupt communications with ground control, and take control of a satellite’s systems.
However, satellite hacking is not easy and manufacturers are counting on security through obscurity in hopes of preventing hacker attacks. The researchers worked with the European Space Agency, universities involved in the development of satellites, and a commercial company to conduct their work.
Microsoft expands Security Service Edge (SSE), renames Azure AD
Microsoft has added two new identity-centric capabilities to its Security Service Edge (SSE) solution. The new Entra Internet Access and Entra Private Access will secure access to internet, SaaS and Microsoft 365 applications, and private apps and resources. In addition, to simplify naming, the tech giant is renaming Azure AD to Entra ID, without changing APIs, capabilities, licensing, or sign-in URLs.
Introducing passwordless authentication on GitHub.com
GitHub this week announced the public beta availability of passkey authentication on GitHub.com, allowing users to sign in with biometric credentials, without having to enter their password. Users can enable passkeys authentication from the Settings menu, by navigating to the ‘feature preview’ tab.
Two-factor authentication vulnerability patched in Drupal
A vulnerability affecting a two-factor authentication…