Month: August 2024
Top US Oilfield Firm Halliburton Hit By Cyberattack, Source Says
An anonymous reader quotes a report from Reuters: U.S. oilfield services firm Halliburton on Wednesday was hit by a cyberattack, according to a person familiar with the matter. Halliburton said it was aware of an issue affecting certain systems at the company and was working to determine the cause and impact of the problem. The company was also working with “leading external experts” to fix the issue, a spokesperson said in an emailed statement.
The attack appeared to impact business operations at the company’s north Houston campus, as well as some global connectivity networks, the person said, who declined to be identified because they were not authorized to speak on the record. The company has asked some staff not to connect to internal networks, the person said. Houston, Texas-based Halliburton is one of the largest oilfield services firms in the world, providing drilling services and equipment to major energy producers around the globe. It had nearly 48,000 employees and operated in more than 70 countries at the end of last year.
Read more of this story at Slashdot.
An anonymous reader quotes a report from Reuters: U.S. oilfield services firm Halliburton on Wednesday was hit by a cyberattack, according to a person familiar with the matter. Halliburton said it was aware of an issue affecting certain systems at the company and was working to determine the cause and impact of the problem. The company was also working with “leading external experts” to fix the issue, a spokesperson said in an emailed statement.
The attack appeared to impact business operations at the company’s north Houston campus, as well as some global connectivity networks, the person said, who declined to be identified because they were not authorized to speak on the record. The company has asked some staff not to connect to internal networks, the person said. Houston, Texas-based Halliburton is one of the largest oilfield services firms in the world, providing drilling services and equipment to major energy producers around the globe. It had nearly 48,000 employees and operated in more than 70 countries at the end of last year.
Read more of this story at Slashdot.
Windows Recall Feature for Copilot+ PCs Will Return, in Beta, in October
Microsoft:
With a commitment to delivering a trustworthy and secure Recall
(preview) experience on Copilot+ PCs for customers, we’re sharing
an update that Recall will be available to Windows Insiders
starting in October. As previously shared on June 13, we have
adjusted our release approach to leverage the valuable expertise
of our Windows Insider community prior to making Recall available
for all Copilot+ PCs. Security continues to be our top priority
and when Recall is available for Windows Insiders in October we
will publish a blog with more details.
For years I stubbornly held onto the full word weblog, but eventually blog won out. But that’s talking about a blog as a publication, a site. It will never sound anything but idiotic to me to call a blog post a “blog”. It makes no sense. You write blogs on a blog?
Anyway, would be scary to consider what this Recall feature would have been like if security were not, as Microsoft repeats ad nauseum, the company’s top priority. The initial version was such privacy Swiss cheese that it’s enough to make you think Microsoft is full of shit that security is their top priority.
★
Microsoft:
With a commitment to delivering a trustworthy and secure Recall
(preview) experience on Copilot+ PCs for customers, we’re sharing
an update that Recall will be available to Windows Insiders
starting in October. As previously shared on June 13, we have
adjusted our release approach to leverage the valuable expertise
of our Windows Insider community prior to making Recall available
for all Copilot+ PCs. Security continues to be our top priority
and when Recall is available for Windows Insiders in October we
will publish a blog with more details.
For years I stubbornly held onto the full word weblog, but eventually blog won out. But that’s talking about a blog as a publication, a site. It will never sound anything but idiotic to me to call a blog post a “blog”. It makes no sense. You write blogs on a blog?
Anyway, would be scary to consider what this Recall feature would have been like if security were not, as Microsoft repeats ad nauseum, the company’s top priority. The initial version was such privacy Swiss cheese that it’s enough to make you think Microsoft is full of shit that security is their top priority.
Today’s NYT Strands Hints, Answers and Help for Aug. 22, #172
Here are some hints, and the answers, for the Aug. 22 Strands puzzle, No. 172.
Here are some hints, and the answers, for the Aug. 22 Strands puzzle, No. 172.
Today’s NYT Connections Hints, Answers and Help for Aug. 22 #438
Here are some hints — and the answers — for Connections No. 438, for Aug. 22
Here are some hints — and the answers — for Connections No. 438, for Aug. 22
Today’s Wordle Hints, Answer and Help for Aug. 22, #1160
Here are some hints and the answer for Wordle No. 1160 for Aug. 22.
Here are some hints and the answer for Wordle No. 1160 for Aug. 22.
Google Joins $250 Million Deal to Support Newsrooms in California
The agreement includes $70 million from the state, which needs legislative approval. Some lawmakers objected, calling for a more comprehensive solution with tech companies.
The agreement includes $70 million from the state, which needs legislative approval. Some lawmakers objected, calling for a more comprehensive solution with tech companies.
110K Domains Targeted in ‘Sophisticated’ AWS Cloud Extortion Campaign
A sophisticated extortion campaign has targeted 110,000 domains by exploiting misconfigured AWS environment files, security firm Cyble reports. The attackers scanned for exposed .env files containing cloud access keys and other sensitive data. Organizations that failed to secure their AWS environments found their S3-stored data replaced with ransom notes.
The attackers used a series of API calls to verify data, enumerate IAM users, and locate S3 buckets. Though initial access lacked admin privileges, they created new IAM roles to escalate permissions. Cyble researchers noted the attackers’ use of AWS Lambda functions for automated scanning operations.
Read more of this story at Slashdot.
A sophisticated extortion campaign has targeted 110,000 domains by exploiting misconfigured AWS environment files, security firm Cyble reports. The attackers scanned for exposed .env files containing cloud access keys and other sensitive data. Organizations that failed to secure their AWS environments found their S3-stored data replaced with ransom notes.
The attackers used a series of API calls to verify data, enumerate IAM users, and locate S3 buckets. Though initial access lacked admin privileges, they created new IAM roles to escalate permissions. Cyble researchers noted the attackers’ use of AWS Lambda functions for automated scanning operations.
Read more of this story at Slashdot.