Insider threats vs. insider attacks

I understand that a threat is a possible security violation that might exploit the vulnerability of a system, and a attack is an action on a system that harms the organisation in some way. Therefore, we should detect attacks and prevent or mitigate threats.

However, when I look on multiple cybersecurity sources focused on insider issues, the most of them talk only about the insider threats and do not talk about the insider attacks at all. In addition, they multiple times use the term insider threat even for actions that should be considered as attacks. You can see it, for example, in:

  • https://www.researchgate.net/publication/332216404_Insight_Into_Insiders_and_IT_A_Survey_of_Insider_Threat_Taxonomies_Analysis_Modeling_and_Countermeasures
  • https://link.springer.com/article/10.1186/s41044-016-0006-0
  • https://ieeexplore.ieee.org/abstract/document/8278157

Can, please, someone explain me, what is the difference between insider attack and insider threat? Why it seems that it has a different meaning regarding insiders than in general usage? Why is mostly used term just insider threat?

What specific threats could a haunted house contain?

I‘m currently working on an haunted house scenario and need some threats to the characters to heighten the tension.

The setting:

  • It is a Hunter the Vigil Game
  • Set in 2020 in Germany (no Corona)

The House:

  • It is a three storied building with about 15 rooms.
  • In this story, the house itself is the antagonist/monster
  • The house contains a mysterious machine that is no longer working. The purpose of the machine is not important to the story (I don’t even know it myself). But the house wants the 2 characters to fix it. The problem with that is, that some parts for the repair would need to be made, out of one of the characters bones.
  • The characters are not able to leave the house. But I don’t know how the house could try to force them to do want it wants.

Ideally each room room should have some sort of physical thread to the characters, that is not lethal but threatening. Threads I already have:

  • The gas stove will leek some gas that the house can ignite when the characters enter the kitchen. Not enough for a huge explosion but definitively threatening. Causing some burns.
  • A chandelier will swing down from the ceiling trying to hit a character.
  • Some parts of the floor a made of metal and can give the characters electric shocks.
  • Doors can suddenly slam shut hitting someone who walks through. (I don’t really like this one because it disincentivizes moving through the house to find a method of escape.)

What other threats could I use?

How to protect my code from “insider” threats when hiring my first employee?

I quit my job to start my own SaaS product. I’m now looking to hire my first employee (another developer).

I will be taking appropriate legal precautions to protect my IP, but I’m wondering what other reasonable actions that I can take to further protect my code / data. The last thing that I want happen is what happened to Tesla where someone dumped the source code onto iCloud and ran off with it to a competitor.

I know that it is practically impossible to prevent this 100% from happening and that I need to make sure that I hire quality people and offer meaningful pay and have the appropriate legal documents signed. Apart from this, what else can I do to protect myself from inside threats? I am pouring in my entire life’s savings into this and I will be devastated to lose what I spent the better part of 2 years coding.

Here’s what I’ve thought of so far:

  • Buy a work laptop for them
  • Encrypt the hard drive (like with Bitlocker)
  • Disable all USB ports
  • Create a non-admin / limited user account with no install permissions and just the IDEs (e.g. Visual Studio) installed. I use Windows 10 for most development with the exception of a Mac for the iOS portion of the app development.
  • Install some kind of employee logging software.
  • Disable access to file hosting websites.
  • Somehow detect and stop when a certain folder is being uploaded or copied somewhere?
  • Somehow make the git repository only accessible from that machine.
  • Install some kind of remote admin management system? Azure Active Directory or something?

This must be a common problem for businesses but I must be searching for the wrong thing because I can’t seem to find a guide anywhere on this issue.

What threats Android pose to anonymity when internet is accessed by a laptop through USB tethering but over Tor?

I use USB tethering on an Android 10 mobile to access internet on my laptop. I use Tor browser (TB) on laptop and keep my OS (a Linux distro) on laptop patched for security vulnerabilities. At times I need to consume certain content from websites which I don’t want any intermediary to know about.

Can my mobile device see what data I am requesting and receiving other than that I am connected to a Tor entry node and passing data to it back and forth?

Here’s what I have in mind:

  1. I enter security.stackexchange.com in TB’s URL bar in laptop
  2. TB establishes a secure connection and sends my request to Tor network.
  3. My telecom provider, the first potentially hostile intermediary I usually think of can see only that I am connected to Tor network. For scope reduction of this question, let us become ignorant and assume that my ISP or any intermediary further down does not have the capability to either see my original request or link it back to me.

So far, reasonably good. But, the first intermediary seems to be the Android 10 device itself. How can I be sure that my Android 10 device cannot know what data I am requesting and receiving other than that I am connected to Tor?

I am concerned because my mobile device is potentially hostile in my eyes. I do not know the capabilities of the baseband OS (which some state sponsored entities may exploit), don’t know the vulnerabilities of my Android 10 device which has vanilla Android fused with proprietary code. My mobile device is also at the mercy of its OEM which may not provide security updates for it in future.

Hardware vulnerabilities vs software threats

What are the key differences between them?

I find both of them would also be able to retrieve data from the host system and both also could cause harm. I do not understand why there are people who say hardware vulnerabilities post the greatest threat in the cybersecurity and vice versa.

For software, the threat would be ransomware. For hardware would be Meltdown and Spectre.

What are the security threats to clients from a rogue Windows kms server?

Consider a Windows KMS server is controlled by a rogue person. What are the capabilities of the Windows KMS system, beyond activation and licensing? Is there any threat to the client PCs or does KMS solely certify the proper activation of Windows?

(For example: Is it possible for the rogue KMS server to access client PCs or deliver malware or tamper with the DNS resolver of the clients?)

Virustotal detecting threats in Suricata rule set

Virustotal scans are detecting threats from the Suricata default rule pack located https://rules.emergingthreats.net/open/suricata-4.0/

Is this a false positive? https://www.virustotal.com/#/file/c20b744a3ca4d8fef3fa23633db7e94edd064d5ea149be0a4ce063a85046b76f/detection https://www.virustotal.com/#/url/bad1ab778b89d4f8a0a42d0df8b09e37d9ba0e2cffb6169b423e63f9a9fdcafa/detection

What’s a good place to buy laptops that run Ubuntu 18.04 and what are some suggestions for protecting against threats on Ubuntu?

I’m fairly new to GNU/Linux and I’ve recently migrated to Ubuntu because I’ve heard and read it’s one of the best distros to try when you’re learning Linux. However, I’m looking for a new laptop in the next couple of weeks that supports Linux software.

I need something that can handle a lot of programming applications since I’m a computer science student. I also would like to do some gaming but it’s not a necessity. I know that almost all hardware will run Linux but I want something that will help it to perform its best as I will only be booting my machine via Linux. I’ve come across a site called ThinkPenguin in the past for GNU/Linux laptops, does anyone know if they are good? I wanted to get some other opinions in the Linux community before I make a final decision on a laptop and some plans for fighting against potential threats on Linux.

Any tips are appreciated. Thanks.