Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-05-20 11:11:36 |
380K Kubernetes API Servers Exposed to Public Internet (lien direct) |
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access. |
|
Uber
|
|
|
2022-02-10 16:39:04 |
SAP to Give Threat Briefing on Uber-Severe \'ICMAD\' Bugs (lien direct) |
SAP's Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more.
|
Threat
|
Uber
|
|
|
2022-02-04 18:26:07 |
Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers (lien direct) |
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another. |
|
Uber
|
|
|
2022-01-05 20:49:37 |
Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails (lien direct) |
A simple-to-exploit bug that allows bad actors to send emails from Uber's official system -- skating past email security -- went unaddressed despite multiple flagging by researchers. |
|
Uber
Uber
|
|
|
2021-09-09 16:39:13 |
\'Azurescape\' Kubernetes Attack Allows Cross-Container Cloud Compromise (lien direct) |
A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering. |
|
Uber
|
|
|
2021-07-21 15:19:56 |
Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows (lien direct) |
Misconfigured permissions for Argo's web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers. |
|
Uber
|
|
|
2021-06-10 16:26:28 |
Microsoft: Big Cryptomining Attacks Hit Kubeflow (lien direct) |
Misconfigured dashboards are yet again at the heart of a widespread, ongoing cryptocurrency campaign squeezing Monero and Ethereum from Kubernetes clusters. |
|
Uber
|
|
|
2021-06-07 17:18:48 |
Windows Container Malware Targets Kubernetes Clusters (lien direct) |
“Siloscape”, the first malware to target Windows containers, breaks out of Kubernetes clusters to plant backdoors and raid nodes for credentials.
|
Malware
|
Uber
|
|
|
2021-05-19 20:24:50 |
Can Nanotech Secure IoT Devices From the Inside-Out? (lien direct) |
Work's being done with uber-lightweight nanoagents on every IoT device to stop malicious behavior, such as a scourge of botnet attacks, among other threats. |
|
Uber
|
|
|
2021-04-14 20:56:27 |
Security Bug Allows Attackers to Brick Kubernetes Clusters (lien direct) |
The vulnerability is triggered when a cloud container pulls a malicious image from a registry. |
Vulnerability
|
Uber
|
|
|
2021-02-03 20:50:54 |
New Malware Hijacks Kubernetes Clusters to Mine Monero (lien direct) |
Researchers warn that the Hildegard malware is part of 'one of the most complicated attacks targeting Kubernetes.' |
Malware
|
Uber
|
|
|
2021-01-19 20:20:03 |
Rob Joyce to Take Over as NSA Cybersecurity Director (lien direct) |
Joyce will replace Anne Neuberger, who is now deputy national security advisor for the incoming Biden administration. |
|
Uber
|
|
|
2021-01-07 22:21:27 |
Biden to Appoint Cybersecurity Advisor to NSC – Report (lien direct) |
Anne Neuberger will join the National Security Council, according to sources. |
|
Uber
|
|
|
2019-03-20 15:05:01 |
Uber Deployed \'Surfcam Spyware\' in Australia to Crush the Competition – Report (lien direct) |
Until a report this week, Uber's Surfcam's use was thought to be limited to incidents uncovered in Singapore in 2017. For its part, Uber denies that it's a "spyware." |
|
Uber
|
|
|
2019-02-12 18:28:04 |
Major Container Security Flaw Threatens Cascading Attacks (lien direct) |
A fundamental component of container technologies like Docker, cri-o, containerd and Kubernetes contains an important vulnerability that could cause cascading attacks. |
Vulnerability
|
Uber
|
|
|
2018-12-05 15:47:05 |
Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments (lien direct) |
Hackers can steal data, sabotage cloud deployments and more. |
|
Uber
|
★★★
|
|
2018-12-03 14:53:04 |
YouTuber PewDiePie Promoted Via 50K Hacked Printers (lien direct) |
The incident sheds light on just how insecure printers are. |
|
Uber
|
|
|
2018-04-27 17:16:02 |
Uber Tightens Bug Bounty Extortion Policies (lien direct) |
Uber is tightening policies around its bug bounty program after a 2016 data breach exposed deep flaws in its policies around handling extortion. |
|
Uber
|
★★★★★
|
|
2017-11-22 05:40:13 |
Uber Reveals 2016 Breach of 57 Million User Accounts (lien direct) |
Uber CEO said a 2016 data breach that exposed 57 million Uber user accounts and a subsequent payment of $100,000 to a hacker to delete data and keep it a secret is inexcusable. |
|
Uber
|
★★★★
|
|
2017-07-12 16:36:35 |
Uber Patches Authentication Bypass Vulnerability on Custom SSO Solution (lien direct) |
Uber patched an authentication bypass vulnerability in its homegrown SSO solution that allowed attackers to take over subdomains and steal session cookies. |
|
Uber
|
|
|
2017-02-13 14:00:16 |
Threatpost News Wrap, February 13, 2017 (lien direct) |
RSA 2017 is previewed and last week's report on iOS apps being vulnerable to interception attacks, macro malware coming to MacOS, and new Uber open source module are discussed. |
|
Uber
|
|
|
2017-02-08 15:30:56 |
Uber Debuts SSH Key Authentication Module (lien direct) |
Developers at Uber have unveiled a new module to help users enable the continuous re-authentication of SSH keys. |
|
Uber
|
|
|
2017-01-26 16:16:02 |
Uber.com Backup Bug Nets Researcher $9K (lien direct) |
A researcher earned $9K for identifying a XXE vulnerability in third party backup software used by Uber. |
|
Uber
|
|
|
2016-11-23 15:00:16 |
Uber Portal Leaked Names, Phone Numbers, Email Addresses, Unique Identifiers (lien direct) |
Vulnerabilities in UberCENTRAL, a portal used by businesses to facilitate rides, could have leaked the names, phone numbers, email addresses, and unique IDs. |
|
Uber
|
|
|
2016-06-07 16:48:31 |
Uber Pays Researcher $10K for Login Bypass Exploit (lien direct) |
Uber patched a bug in its site recently that could have allowed an attacker to log into some of its sites without a password and further compromise its internal network. |
|
Uber
|
|
|
2016-04-12 14:29:23 |
Inside the Latest Apple iMessage Bug (lien direct) |
Researchers from Bishop Fox and Uber found a frighteningly simple way to spread trouble through Apple iMessage. |
|
Uber
|
|