Cybersecurity

cross-posted from: https://infosec.pub/post/16642151

(I have just learned you can cross-post!)

As someone who has read plenty of discussions about email security (some of them in this very community), including all kind of stuff (from the company groupie to tinfoil-hat conspiracy theories), I have decided to put ~~too many hours~~ some time to discuss the different threat models for email setups, including the basic most people have, the "secure email provider" one (e.g., Protonmail) and the "I use ~~arch~~ PGP manually BTW".

Jokes aside, I hope that it provides an overview comprehensive and - I don't want to say objective, but at least rational - enough so that everyone can draw their own conclusion, while also showing how certain "radical" arguments that I have seen in the past are relatively shortsighted.

The tl;dr is that email is generally not a great solution when talking about security. Depending on your risk profile, using a secure email provider may be the best compromise between realistic security and usability, while if you really have serious security needs, you probably shouldn't use emails, but if you do then a custom setup is your best choice.

Cheers

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem.

HOUSTON, Aug 21 (Reuters) - U.S. oilfield services firm Halliburton (HAL.N), opens new tab on Wednesday was hit by a cyberattack, according to a person familiar with the matter. Halliburton said it was aware of an issue affecting certain systems at the company and was working to determine the cause and impact of the problem. The company was also working with "leading external experts" to fix the issue, a spokesperson said in an emailed statement. The attack appeared to impact business operations at the company's north Houston campus, as well as some global connectivity networks, the person said, who declined to be identified because they were not authorized to speak on the record. The company has asked some staff not to connect to internal networks, the person said. Houston, Texas-based Halliburton is one of the largest oilfield services firms in the world, providing drilling services and equipment to major energy producers around the globe. It had nearly 48,000 employees and operated in more than 70 countries at the end of last year.

Cyberattacks have been a major headache for the energy industry. In 2021, hackers attacked the Colonial Pipeline with ransomware, causing a days-long shutdown to the major fuel supply line. That breach, which the FBI attributed to a gang called DarkSide, led to a spike in gasoline prices, panic buying and localized fuel shortages. Several major U.S. companies have suffered ransomware attacks in recent years, including UnitedHealth Group (UNH.N), opens new tab, gambling giants MGM Resorts International (MGM.N), opens new tab, Caesars Entertainment CZR.O and consumer good maker Clorox (CLX.N), opens new tab.

While its unclear what exactly is happening at Halliburton, ransom software works by encrypting victims' data. Typically, hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. If the victim resists, hackers sometimes threaten to leak confidential data in a bid to pile on the pressure. The ransomware group DarkSide, suspected by U.S. authorities of the Colonial Pipeline attack, for example, said it wanted to make money. Colonial Pipeline's CEO said his company paid a $4.4 million ransom as executives were unsure how badly its systems were breached or how long it would take to restore the pipeline.

Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances.

"Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords," Aqua security researcher Assaf Morag said in a technical report.

"Once accessed, attackers can leverage the COPY ... FROM PROGRAM SQL command to execute arbitrary shell commands on the host, allowing them to perform malicious activities such as data theft or deploying malware."

The attack chain observed by the cloud security firm entails targeting misconfigured PostgreSQL databases to create an administrator role in Postgres and exploiting a feature called PROGRAM to run shell commands.

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges.

"The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and installed," Patchstack's Rafie Muhammad said in a Wednesday report.

The vulnerability, tracked as CVE-2024-28000 (CVSS score: 9.8), has been patched in version 6.4 of the plugin released on August 13, 2024. It impacts all versions of the plugin, including and prior to 6.3.0.1.

LiteSpeed Cache is one of the most widely used caching plugins in WordPress with over five million active installations.

cross-posted from: https://lemmy.zip/post/21331797

Web-based apps escape iOS "Walled Garden" and Android side-loading protections.

APT42 has combined capabilities from previous malware scripts into a single new trojan written in PowerShell that is likely part of a larger campaign against Israeli and US targets.

Whack yakety-yak app chaps rapped for security crack