Cybersecurity

It seems i have the option but i have a vague memory of someone telling me not to bother with it unless i had a good reason

I could really use the extra storage right now but I know it's not best practice to just plug it into my PC. I'm tempted to risk it but I'm wondering if a virtual machine would provide any benefit? Unless I find any cool music I intend to wipe it (assuming it hasn't been already). Is virtualbox still the go to? I understand Linux would be a better option but I've given up trying to get my laptop to boot from a USB stick and the DVD drive seems to only read CDs. Haven't tried writing one but if that does work is there a good small distro I could try just for this purpose? Thank you.

cross-posted from: https://infosec.pub/post/16642151

(I have just learned you can cross-post!)

As someone who has read plenty of discussions about email security (some of them in this very community), including all kind of stuff (from the company groupie to tinfoil-hat conspiracy theories), I have decided to put ~~too many hours~~ some time to discuss the different threat models for email setups, including the basic most people have, the "secure email provider" one (e.g., Protonmail) and the "I use ~~arch~~ PGP manually BTW".

Jokes aside, I hope that it provides an overview comprehensive and - I don't want to say objective, but at least rational - enough so that everyone can draw their own conclusion, while also showing how certain "radical" arguments that I have seen in the past are relatively shortsighted.

The tl;dr is that email is generally not a great solution when talking about security. Depending on your risk profile, using a secure email provider may be the best compromise between realistic security and usability, while if you really have serious security needs, you probably shouldn't use emails, but if you do then a custom setup is your best choice.

Cheers

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem.

HOUSTON, Aug 21 (Reuters) - U.S. oilfield services firm Halliburton (HAL.N), opens new tab on Wednesday was hit by a cyberattack, according to a person familiar with the matter. Halliburton said it was aware of an issue affecting certain systems at the company and was working to determine the cause and impact of the problem. The company was also working with "leading external experts" to fix the issue, a spokesperson said in an emailed statement. The attack appeared to impact business operations at the company's north Houston campus, as well as some global connectivity networks, the person said, who declined to be identified because they were not authorized to speak on the record. The company has asked some staff not to connect to internal networks, the person said. Houston, Texas-based Halliburton is one of the largest oilfield services firms in the world, providing drilling services and equipment to major energy producers around the globe. It had nearly 48,000 employees and operated in more than 70 countries at the end of last year.

Cyberattacks have been a major headache for the energy industry. In 2021, hackers attacked the Colonial Pipeline with ransomware, causing a days-long shutdown to the major fuel supply line. That breach, which the FBI attributed to a gang called DarkSide, led to a spike in gasoline prices, panic buying and localized fuel shortages. Several major U.S. companies have suffered ransomware attacks in recent years, including UnitedHealth Group (UNH.N), opens new tab, gambling giants MGM Resorts International (MGM.N), opens new tab, Caesars Entertainment CZR.O and consumer good maker Clorox (CLX.N), opens new tab.

While its unclear what exactly is happening at Halliburton, ransom software works by encrypting victims' data. Typically, hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. If the victim resists, hackers sometimes threaten to leak confidential data in a bid to pile on the pressure. The ransomware group DarkSide, suspected by U.S. authorities of the Colonial Pipeline attack, for example, said it wanted to make money. Colonial Pipeline's CEO said his company paid a $4.4 million ransom as executives were unsure how badly its systems were breached or how long it would take to restore the pipeline.

Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances.

"Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords," Aqua security researcher Assaf Morag said in a technical report.

"Once accessed, attackers can leverage the COPY ... FROM PROGRAM SQL command to execute arbitrary shell commands on the host, allowing them to perform malicious activities such as data theft or deploying malware."

The attack chain observed by the cloud security firm entails targeting misconfigured PostgreSQL databases to create an administrator role in Postgres and exploiting a feature called PROGRAM to run shell commands.