Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2024-07-05 12:30:00 |
Un guide de Ciso \\ pour éviter la prison après une violation A CISO\\'s Guide to Avoiding Jail After a Breach (lien direct) |
Yahoo, Uber, Solarwinds - de plus en plus, le gouvernement incite une meilleure sécurité des entreprises en punissant les individus qui le dirigent.est-ce une bonne idée?Et comment les pros de la sécurité peuvent-ils éviter de se retrouver sur le bout d'un procès?
Yahoo, Uber, SolarWinds - increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit? |
|
Yahoo
Uber
|
★★★
|
|
2023-11-29 23:00:00 |
XM Cyber lance la gestion de l'exposition de Kubernetes pour protéger intelligemment les environnements de conteneurs critiques XM Cyber Launches Kubernetes Exposure Management to Intelligently Protect Critical Container Environments (lien direct) |
Pas de details / No more details |
|
Uber
|
★★
|
|
2023-11-28 19:57:00 |
L'ancien Uber Ciso s'exprime, après 6 ans, sur la violation de données, Solarwinds Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (lien direct) |
Joe Sullivan, épargné de prison, pèse sur les leçons tirées de la violation Uber 2016 et de l'importation de l'affaire Ciso de Solarwinds.
Joe Sullivan, spared prison time, weighs in on the lessons learned from the 2016 Uber breach and the import of the SolarWinds CISO case. |
Data Breach
Legislation
|
Uber
Uber
|
★★★
|
|
2023-11-22 16:15:25 |
Rootkit transforme les kubernetes de l'orchestration à la subversion Rootkit Turns Kubernetes from Orchestration to Subversion (lien direct) |
Les compromis Kubernetes ont généralement conduit les attaquants à créer des conteneurs de cryptomiminage, mais les résultats pourraient être bien pires, disent les chercheurs se présentant à la conférence Black Hat Europe.
Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference. |
Conference
|
Uber
|
★★
|
|
2023-11-22 16:15:25 |
Rootkit transforme les kubernetes de l'orchestration à la subversion Rootkit Turns Kubernetes From Orchestration to Subversion (lien direct) |
Les compromis Kubernetes ont généralement conduit les attaquants à créer des conteneurs de cryptomiminage, mais les résultats pourraient être bien pires, disent les chercheurs se présentant à la conférence Black Hat Europe.
Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference. |
Conference
|
Uber
|
★★
|
|
2023-11-06 19:59:00 |
Aqua Security présente l'industrie d'abord de la vulnérabilité de Kubernetes Scanning avec Trivy Kbom Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning With Trivy KBOM (lien direct) |
Pas de details / No more details |
Vulnerability
|
Uber
|
★★
|
|
2023-10-12 13:00:00 |
La condamnation d'appel d'appel d'Uber \\ est une violation de données 2016 Uber\\'s Ex-CISO Appeals Conviction Over 2016 Data Breach (lien direct) |
Les avocats de Joe Sullivan \\ ont affirmé que sa condamnation pour deux accusations de crime est basée sur des théories ténuelles et criminalise l'utilisation des programmes de primes de bogues.
Joe Sullivan\'s lawyers have claimed his conviction on two felony charges is based on tenuous theories and criminalizes the use of bug bounty programs. |
Data Breach
|
Uber
|
★★★
|
|
2023-10-11 19:25:11 |
Microsoft: Chinois s'approche des attaques de confluence Atlassian;POCS apparaît Microsoft: Chinese APT Behind Atlassian Confluence Attacks; PoCs Appear (lien direct) |
Les organisations devraient se préparer pour l'exploitation de masse du CVE-2023-22515, un bogue de sécurité ultra critique qui ouvre la porte à des attaques de chaîne d'approvisionnement paralysantes contre des victimes en aval.
Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims. |
|
Uber
|
★★★
|
|
2023-09-13 20:34:00 |
Les administrateurs de Kubernetes ont mis en garde Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns (lien direct) |
Tous les points de terminaison Windows dans un cluster vulnérable de Kubernetes sont ouverts aux attaques d'injection de commande, selon de nouvelles recherches.
All Windows endpoints within a vulnerable Kubernetes cluster are open to command injection attacks, new research finds. |
|
Uber
|
★★
|
|
2023-07-26 14:00:00 |
Kubernetes et la chaîne d'approvisionnement du logiciel Kubernetes and the Software Supply Chain (lien direct) |
Le contenu de confiance est primordial dans la sécurisation de la chaîne d'approvisionnement.
Trusted content is paramount in securing the supply chain. |
|
Uber
|
★★
|
|
2023-05-25 13:00:00 |
Ciso Criminalisation, Vague Cyber Ruse Rules Créez une angoisse pour les équipes de sécurité CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (lien direct) |
À la suite du verdict de Ciso ex-Uber, les CISO demandent des règles plus claires et moins d'incertitude dans la gestion des divulgations, au milieu des craintes de prison.
in the wake of the ex-Uber CISO verdict, CISOs ask for clearer rules and less uncertainty in managing disclosures, amid jail-time fears. |
|
Uber
|
★★
|
|
2023-05-05 18:53:00 |
Le juge épargne l'ancienne peine d'emprisonnement de l'Uber Ciso au cours des accusations de violation de données 2016 Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges (lien direct) |
Dites à d'autres «vous avez une pause» de Ciso \\ », dit le juge en exerçant une peine de probation de trois ans à Joseph Sullivan.
Tell other CISO\'s "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan. |
Data Breach
|
Uber
Uber
|
★★
|
|
2023-04-27 14:00:00 |
Combation de Kubernetes - Le plus récent défi IAM Combating Kubernetes - the Newest IAM Challenge (lien direct) |
Les dirigeants informatiques doivent s'assurer que les grappes de Kubernetes ne deviennent pas une passerelle pour les cybercriminels.
IT leaders need to ensure Kubernetes clusters don\'t become a gateway for cybercriminals. |
|
Uber
|
★★
|
|
2023-04-04 21:50:00 |
Le cabinet d'avocats pour Uber perd les données des conducteurs à des pirates dans une autre violation Law Firm for Uber Loses Drivers\\' Data to Hackers in Yet Another Breach (lien direct) |
Uber a donné des données sensibles sur les conducteurs à un cabinet d'avocats représentant l'entreprise dans des actions en justice, mais les données ne semblent pas avoir eu des protections de sécurité adéquates.
Uber gave sensitive data on drivers to a law firm representing the company in legal actions, but the data appears to not have had adequate security protections. |
|
Uber
Uber
|
★★★
|
|
2023-03-01 23:50:00 |
Ermetic Adds Kubernetes Security to CNAPP (lien direct) |
The automated capabilities can discover misconfigurations, compliance violations, and risk or excessive privileges in Kubernetes clusters. |
|
Uber
|
★★★
|
|
2023-02-28 17:43:44 |
Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist (lien direct) |
The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system. |
Cloud
|
Uber
|
★★
|
|
2023-02-15 01:00:00 |
Expel Tackles Cloud Threats With MDR for Kubernetes (lien direct) |
The new managed detection and response platform simplifies cloud security for Kubernetes applications. |
|
Uber
|
★★
|
|
2023-02-07 17:05:00 |
ARMO Integrates ChatGPT to Help Users Secure Kubernetes (lien direct) |
Pas de details / No more details |
|
Uber
ChatGPT
|
★★
|
|
2023-01-12 15:00:00 |
Kubernetes-Related Security Projects to Watch in 2023 (lien direct) |
Organizations must be vigilant about balancing performance gains with security, governance, and compliance as they expand their use of Kubernetes. |
|
Uber
|
★★
|
|
2023-01-10 17:00:00 |
Microsoft: Kinsing Targets Kubernetes via Containers, PostgreSQL (lien direct) |
The cryptomining malware, which typically targets Linux, is exploiting weaknesses in an open source container tool for initial access to cloud environments. |
Tool
|
Uber
|
★★
|
|
2022-12-29 15:00:00 |
After the Uber Breach: 3 Questions All CISOs Should Ask Themselves (lien direct) |
How CISOs handle the ethical issues around data breaches can make or break their careers. Don't wait until a breach happens to plot the course forward. |
|
Uber
Uber
|
★★
|
|
2022-12-23 18:18:27 |
Container Verification Bug Allows Malicious Images to Cloud Up Kubernetes (lien direct) |
A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware. |
|
Uber
|
★★
|
|
2022-12-21 15:51:51 |
Understanding the 3 Classes of Kubernetes Risk (lien direct) |
The first step toward securing Kubernetes environments is understanding the risks they pose and identifying the ways in which those risks can be mitigated. |
|
Uber
|
★★
|
|
2022-12-21 15:51:30 |
How to Run Kubernetes More Securely (lien direct) |
The open source container tool is quite popular among developers - and threat actors. Here are a few ways DevOps teams can take control. |
Tool
Threat
|
Uber
|
★★
|
|
2022-09-26 14:00:00 |
How Quantum Physics Leads to Decrypting Common Algorithms (lien direct) |
YouTuber minutephysics explains how Shor's algorithm builds on existing formulae like Euclid's algorithm and Fourier transforms to leverage quantum superpositioning and break encryption. |
|
Uber
|
|
|
2022-09-23 20:19:01 |
App Developers Increasingly Targeted via Slack, DevOps Tools (lien direct) |
Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks. |
|
Uber
|
|
|
2022-09-20 18:20:52 |
Cast AI Introduces Cloud Security Insights for Kubernetes (lien direct) |
The release augments the company's Kubernetes management platform with free, user-friendly insight on security postures, along with cost monitoring and observability. |
|
Uber
|
|
|
2022-09-19 21:24:55 |
Uber: Lapsus$ Targeted External Contractor With MFA Bombing Attack (lien direct) |
The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways. |
|
Uber
|
|
|
2022-09-16 20:37:57 |
Attacker Apparently Didn\'t Have to Breach a Single System to Pwn Uber (lien direct) |
Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments. |
|
Uber
Uber
|
|
|
2022-09-16 14:21:55 |
Hacker Pwns Uber Via Compromised Slack Account (lien direct) |
A teen hacker reportedly social-engineered an Uber employee to hand over a Slack password, before burrowing deep into Uber's cloud and code repositories. |
|
Uber
Uber
|
|
|
2022-07-19 14:00:00 |
Protecting Against Kubernetes-Borne Ransomware (lien direct) |
The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended. |
Ransomware
Malware
|
Uber
|
|
|
2020-09-02 10:00:00 |
Why Kubernetes Clusters Are Intrinsically Insecure (& What to Do About Them) (lien direct) |
By following best practices and prioritizing critical issues, you can reduce the chances of a security breach and constrain the blast radius of an attempted attack. Here's how. |
|
Uber
|
|
|
2020-08-20 16:30:00 |
Former Uber CSO Charged in Hack Cover-up (lien direct) |
The charges stem from a 2016 attack in which 57 million records were breached. |
Hack
|
Uber
|
|
|
2018-06-28 10:45:00 |
Ticketmaster UK Warns Thousands of Data Breach (lien direct) |
Customers who bought tickets through the site are advised to check for fraudulent transactions with Uber, Netflix, and Xendpay. |
Data Breach
|
Uber
|
|
|
2018-04-12 13:20:00 |
Uber Agrees to New FTC Settlement Over 2016 Breach Disclosure (lien direct) |
Uber has agreed to an updated settlement with the FTC after news of its massive 2016 data breach. |
|
Uber
|
|
|
2018-02-06 19:23:00 |
Uber\'s Response to 2016 Data Breach Was \'Legally Reprehensible,\' Lawmaker Says (lien direct) |
In Senate hearing, Uber CISO admits company messed up in not quickly disclosing breach that exposed data on 57 million people. |
|
Uber
|
|
|
2017-11-27 16:40:00 |
Uber\'s Security Slip-ups: What Went Wrong (lien direct) |
The ride-sharing company's decisions leading to a 2016 data breach and its handling of the incident should serve as a cautionary tale for enterprises facing a breach. |
Guideline
|
Uber
|
|
|
2017-11-22 15:00:00 |
Time to Pull an Uber and Disclose your Data Breach Now (lien direct) |
There is never a good time to reveal a cyber attack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
|
|
Uber
|
|
|
2017-11-22 13:20:00 |
Uber Paid Hackers $100K to Conceal 2016 Data Breach (lien direct) |
The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts. |
|
Uber
|
|
|
2016-09-16 11:30:00 |
Uber, Dropbox, Other Tech Leaders Team Up To Boost Vendor Security (lien direct) |
Tech companies - including Uber, Dropbox, Twitter, and Docker - have joined forces to create the Vendor Security Alliance, which aims to vet vendor security practices. |
|
Uber
|
|