SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2023-11-22 16:48:24	Les chercheurs découvrent une exposition dangereuse des secrets sensibles de Kubernetes Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets (lien direct)	> Les chercheurs d'Aqua attirent une attention urgente sur l'exposition publique des secrets de configuration de Kubernetes, avertissant que des centaines d'organisations sont vulnérables à cette «bombe d'attaque de la chaîne d'approvisionnement». >Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.”		Uber	★★
	2023-10-13 12:23:49	Dans d'autres nouvelles: Ex-Uber Security Chief Appeal, nouvelles offres des géants de la technologie, Crypto Bounty In Other News: Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty (lien direct)	dans d'autres In Other		Uber	★★
	2023-05-05 00:35:45	L'ancien Uber CSO Joe Sullivan évite la peine de prison sur la dissimulation de la violation des données Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up (lien direct)	> L'ancien chef de la sécurité d'Uber, Joe Sullivan, a été condamné à la probation et au service communautaire pour couvrir la violation des données subie par le géant du covoiturage en 2016. >Former Uber security chief Joe Sullivan was sentenced to probation and community service for covering up the data breach suffered by the ride-sharing giant in 2016.	Data Breach	Uber Uber	★★
	2022-12-13 10:35:25	Uber Data Leaked Following Breach at Third-Party Vendor (lien direct)	Information apparently belonging to ride-hailing giant Uber has been leaked online and the source of the data is likely a third-party IT vendor. Over the weekend, a user with the moniker 'UberLeak' made public on a hacker forum a 600 Mb archive file allegedly containing 20 million records of data coming from Uber systems.		Uber Uber	★★★
	2022-10-07 11:16:52	Industry Reactions to Conviction of Former Uber CSO Joe Sullivan: Feedback Friday (lien direct)	Former Uber security chief Joe Sullivan has been found guilty by a jury over his role in covering up a massive data breach suffered by the ride sharing giant in 2016.	Data Breach	Uber Uber
	2022-10-05 21:49:24	Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover-Up (lien direct)	A San Francisco jury on Wednesday found former Uber security chief Joe Sullivan guilty of covering up a 2016 data breach and concealing information on a felony from law enforcement.	Data Breach	Uber Uber
	2022-09-19 19:02:09	Uber Confirms Hacker Accessed Internal Tools, Bug Bounty Dashboard (lien direct)	Ride-hailing giant Uber is moving quickly to downplay the impact from a devastating security breach that included the theft of employee credentials, access to the HackerOne bug bounty dashboard and data from an internal invoicing tool.		Uber Uber
	2022-09-19 10:24:11	GTA 6 Videos and Source Code Stolen in Rockstar Games Hack (lien direct)	The Rockstar Games hacker also claims to be behind the recent Uber breach	Hack	Uber Uber
	2022-09-17 16:14:00	Serious Breach at Uber Spotlights Hacker Social Deception (lien direct)	The ride-hailing service Uber said Friday that all its services were operational following what security professionals are calling a major data breach, claiming there was no evidence the hacker got access to sensitive user data.		Uber Uber
	2022-09-16 09:22:19	Uber Investigating Data Breach After Hacker Claims of Extensive Compromise (lien direct)	Uber “responding to a cybersecurity incident” after hacker claims to have breached several systems	Data Breach	Uber
	2022-08-15 11:48:00	Google Boosts Bug Bounty Rewards for Linux Kernel Vulnerabilities (lien direct)	Google is once again boosting the maximum bounty payouts for Linux vulnerabilities reported as part of its open-source Kubernetes-based capture-the-flag (CTF) vulnerability rewards program (VRP).	Vulnerability	Uber
	2022-07-25 13:20:58	Uber Settles With Federal Investigators Over 2016 Data Breach Coverup (lien direct)	Uber has entered a non-prosecution agreement to resolve a criminal investigation into the manner in which the company handled a 2016 data breach that impacted 57 million users and drivers.	Data Breach	Uber
	2022-05-18 12:09:53	Over 380,000 Kubernetes API Servers Exposed to Internet: Shadowserver (lien direct)	The Shadowserver Foundation has started scanning the internet for Kubernetes API servers and found roughly 380,000 that allow some form of access. ShadowServer is conducting daily scans of the IPv4 space on ports 443 and 6443, looking for IP addresses that respond with an HTTP 200 OK status, which indicates that the request has succeeded.		Uber
	2022-04-27 11:52:01	ARMO Raises $30 Million for Open Source Kubernetes Security Platform (lien direct)	ARMO, an Israel-based company that specializes in Kubernetes security, on Wednesday announced raising $30 million in a Series A funding round. The latest investment, which brings ARMO's total funding to date to $34.5 million, was led by Tiger Global and Hyperwise Ventures, with participation from existing investors Pitango First and Peled Ventures.		Uber
	2022-03-16 12:41:17	Severe Vulnerability Patched in CRI-O Container Engine for Kubernetes (lien direct)	A severe vulnerability affecting the CRI-O container engine for Kubernetes could be exploited to escape the container and gain root access to the host, CrowdStrike reports. CRI-O is a lightweight container runtime for Kubernetes with support for OCI (Open Container Initiative) compatible runtimes.	Vulnerability	Uber
	2022-02-15 19:09:27	Google Offering $91,000 Rewards for Linux Kernel, GKE Zero-Days (lien direct)	Technology giant Google is offering bigger cash awards for hackers reporting critical security flaws affecting the Linux Kernel, GKE, Kubernetes, and kCTF.		Uber
	2021-08-04 13:56:11	New CISA and NSA Guidance Details Steps to Harden Kubernetes Systems (lien direct)	New guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments.		Uber
	2021-07-23 16:00:21	Threat Actors Target Kubernetes Clusters via Argo Workflows (lien direct)	Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer.		Uber
	2021-06-07 17:06:15	\'Siloscape\' Malware Targets Windows Server Containers (lien direct)	A newly identified piece of malware that targets Windows Server containers can execute code on the underlying node and then spread in the Kubernetes cluster, according to a warning from security researchers at Palo Alto Networks.	Malware	Uber
	2021-05-05 13:41:32	Red Hat Open-Sourcing StackRox Security Technology (lien direct)	Red Hat this week announced that it's taking the first steps towards open-sourcing the StackRox container security product for Kubernetes.		Uber
	2021-03-03 19:21:06	New CISO Hires at Uber, Square, SailPoint (lien direct)	Ride-sharing giant Uber has quietly snapped up veteran security leader Latha Maripuri to be its Chief Information Security Officer (CISO). A formal announcement has not yet been made but Maripuri, a security leader with stints at IBM and NewsCorp, has shared the news on her LinkedIn profile.	Guideline	Uber Uber	★★★★★
	2021-02-04 16:07:37	New \'Hildegard\' Malware Targets Kubernetes Systems (lien direct)	The hacking group referred to as TeamTNT has been employing a new piece of malware in a recently started campaign targeting Kubernetes environments, security researchers with Palo Alto Networks' Unit 42 reveal.	Malware	Uber
	2021-01-07 23:37:05	Red Hat Buys Container Security Firm StackRox (lien direct)	Red Hat on Thursday snapped up container and Kubernetes security startup StackRox, a deal that speeds up its ambitions in the enterprise cloud market. Financial terms of the deal were not announced.		Uber
	2019-08-23 17:48:05	Kubernetes Patches Recent HTTP/2 Vulnerabilities (lien direct)	Software updates released by Kubernetes this week address HTTP/2 implementation vulnerabilities that were disclosed earlier this month.		Uber
	2019-07-30 12:09:05	Security a Top Concern as Containerization Gathers Pace (lien direct)	Within the increasing adoption of container technology, two things stand out: hybrid on-prem and cloud configurations are growing, and Kubernetes dominates. At the same time, concern over investment in security remains high.		Uber
	2019-06-20 11:00:04	MongoDB Introduces Client-Side Field Level Encryption to Aid Compliance (lien direct)	MongoDB Inc, developer of the NoSQL MongoDB document-based database management product, has announced the latest version, 4.2. The primary new features are distributed transactions, an updated Kubernetes Operator, and client-side field level encryption.		Uber
	2018-12-21 14:51:01	France Fines Uber 400,000 Euros Over Huge Data Breach (lien direct)	France's data protection agency said Thursday that it had fined the US ride-hailing group Uber 400,000 euros ($460,000) over a 2016 data breach that exposed the personal data of some 57 million clients and drivers worldwide.	Data Breach	Uber
	2018-12-13 17:00:02	Kubernetes Security Firm Tigera Raises $30 Million (lien direct)	Tigera, a San Francisco-based company that provides security and compliance solutions for Kubernetes platforms, announced on Wednesday that it raised $30 million in a Series B funding round.		Uber	★★★★
	2018-12-04 09:03:03	Critical Privilege Escalation Flaw Patched in Kubernetes (lien direct)	A critical privilege escalation vulnerability has been found in Kubernetes, the popular open-source container orchestration system that allows users to automate deployment, scaling and management of containerized applications.	Vulnerability	Uber
	2018-11-27 13:01:02	Uber Fined Nearly $1.2 Million by Dutch, UK Over Data Breach (lien direct)	The ride-hailing service Uber has been fined the equivalent of nearly $1.2 million by British and Dutch authorities for failing to protect customers' data during a cyberattack in 2016.	Data Breach	Uber
	2018-11-05 02:20:03	Kemp Cites Voter Database Hacking Attempt, Gives No Evidence (lien direct)	The office of Secretary of State Brian Kemp, who is also the Republican gubernatorial nominee, said Sunday it is investigating the state Democratic Party in connection with an alleged attempt to hack Georgia's online voter database, which is used to check in voters at polling places in the midterm elections.	Hack	Uber
	2018-09-05 18:35:05	Uber Announces Ramped Up Passenger Security (lien direct)	Uber chief Dara Khosrowshahi said on Wednesday the smartphone-summoned ride service is reinforcing safeguards for passengers and their personal information. Features to be added to the app in the coming months include "Ride Check," which uses location tracking already built into the service to detect when cars have stopped unexpectedly.		Uber
	2018-04-30 06:33:01	Uber Updates Bug Bounty Program (lien direct)			Uber
	2018-04-13 13:09:00	25 Million U.S. Individuals Impacted by 2016 Uber Hack (lien direct)	The 2016 data breach that Uber made public in November 2017 impacted over 25 million riders and drivers in the United States, the Federal Trade Commission (FTC) reveals.		Uber
	2018-04-05 13:32:05	(Déjà vu) Mitigating Digital Risk from the Android PC in Your Pocket (lien direct)	>Security Teams Must Prioritize Risk Mitigation Against Android Malware Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users' computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing desktops and are the preferred method for accessing the Internet. The most popular operating system worldwide? Android. Threat actors watch these trends too. They're opportunistic and will focus their efforts where they believe their success rate will be the highest. So naturally, many are targeting Android devices and taking advantage of malware to launch attacks. As an open-source tool, Android provides the benefits of collaborative applications (apps) and innovation; however, its accessibility inherently exposes it to exploitation by malicious actors. In the past year, while some users fell victim to targeted social engineering campaigns that infect their devices, most malware was embedded in malicious apps users inadvertently downloaded from official and unofficial sources. With the greatest number of users, Android's official app store Google Play has been the largest single source of infection. However, most of the sources of infection were other third-party stores. Users are duped by apps that pose as legitimate resources or services, or that are advertised fraudulently by displaying branding associated with credible organizations. Apps have been found that impersonate Uber, any number of financial institutions, gaming apps and perhaps most galling, security apps. Mobile malware is generally delivered and deployed via a multi-step process requiring some user interaction. This presents threat actors with many opportunities to infiltrate a device. For example, once installed, many malicious apps request users to approve unnecessary privileges, such as administration access, to execute processes. Overlays (superimposing phishing screens on a legitimate app) are also used to prompt users to provide sensitive information, such as credentials or financial data. So, what's the ultimate endgame for cyber criminals? The most prevalent objective is espionage – gathering information through profiling device data or recording phone calls and messages. Mobile banking malware, such as Marcher and BankBot, uses sophisticated techniques to harvest user banking data, including overlays specific to target banks, and intercepts SMS messages to obtain multi-factor authentication codes. Recently, mobile devices have also been targeted for cryptocurrency mining. While less powerful than desktops and servers used for this purpose, more Android devices exist, and they are often less protected and, thus, more easily accessible. You can expect t		Uber
	2018-03-28 15:31:02	Risky Business: The Fifth Element (lien direct)	Last month, I talked about the elegant beauty in offloading parts of your risk portfolio in four distinct ways. The logic is to streamline the company's mitigation efforts and allow you to focus more time and investment where it matters most-on the unique risks inherent to the business. But there is a fifth element, and it is going to be in your future. While security-as-a-service for functions like WAF and DDoS protection are well-established, they are just the beginning of a new industry that is emerging around consumption-based security models. To a certain extent, security in the future is going to be Uberized, and for some situations, you may be able to get rid of your car entirely. No insurance. No maintenance. No hassles with parking. And you won't even have to wash it or vacuum crumbs out of the seat cracks. That is to say, you won't hire a company just for DDoS and WAF. You'll hire a company for IDaaS, IPS, encryption/decryption, SSL orchestration, governance, risk and compliance (GRC). And over time, you'll dial in your use of these services. Spin them up when they're needed most. Ratchet them back when they're not in demand. Pay only for what you use. This is a strategic way to contain costs as you may only fully use your GRC service when it's time for an audit, enabling the company to increase its capacity without having a consulting service on site. All of this will dramatically change how CISOs function and how their teams are structured. Instead of hiring dozens of people to build and maintain multiple systems, CISOs will shift to focus on the data that powers the business and how it flows through and interacts with these outsourced relationships. And yes, I am going so far as to say this shift is inevitable, because it's being driven by some pretty clear economic pressures: Talent scarcity It's well-known that there are a lot of open job reqs in cybersecurity. I mean a lot-more than a million today. And according to Center for Cyber Safety and Education's 2017 Global Information Security Workforce Study, there may be as many as 1.8 million open jobs in the field by 2022. In this market, finding the right person can take months. You either have to poach them from another company or develop them yourself. Development means trial by fire. I don't know about you, but I don't want trial by fire. And if you do steal a great hire from another company, the cost-benefit analysis is such that you're basically being driven to a vendor anyway, simply because the salary pressure makes it more cost-effective. There are also specific areas of		Uber
	2018-03-21 18:20:04	Growing Mistrust Threatens Facebook After Data Mining Scandal (lien direct)	As Facebook reels from the scandal over hijacked personal data, a movement to quit the social network gathered momentum Wednesday, portending threats to one of the most powerful internet firms. In a sign of the mood, one of those calling it quits was a high-profile co-founder of the WhatsApp messaging service acquired by Facebook in 2014 for $19 billion. "It is time. #deletefacebook," Brian Acton said in a tweet, using the hashtag protesting the handling of the crisis by the world's biggest social network. The WhatsApp co-founder, who now works at the rival messaging application Signal, posted the comment amid a growing uproar over revelations that Facebook data was harvested by a British political consulting firm linked to Donald Trump's presidential campaign. "Delete and forget. It's time to care about privacy," he said. The huge social network also faces investigations on both sides of the Atlantic over its data practices, and a handful of lawsuits which could turn into class actions that may prove a costly distraction for Facebook. It remains to be seen whether the uproar would lead to any significant departures, but the topic was active on social media, including on Facebook itself. Donella Cohen, a Weather Channel product manager, posted on her Facebook page that she would be off the network by midnight. "The latest revelations are showing just how corrupt and detrimental to society this particular platform is," she wrote. "I hope that a new social network emerges. One that isn't so greedy as to corrupt the political process in the name of the almighty dollar." - Fabric of internet - Yet analysts noted Facebook is unlikely to fade quickly because of how it is woven into the fabric of the internet, with "like" buttons on websites, comments sections for news articles and an ad network that delivers messages to those who are not Facebook members. The #deleteFacebook movement "is a social media feedback loop from the public -- we saw the same thing with #deleteUber," said Jennifer Grygiel, a communications professor at Syracuse University. "Sure, some people will delete Facebook, but to truly delete Facebook would mean that users would need to delete Facebook, Instagram, WhatsApp, and Messenger. This is not realistic for most people given how social media has been integrated into everyday life." Sandra Proske, head of communications for the Finla	Guideline	Uber
	2018-03-20 07:03:01	Coverity Scan Hacked, Abused for Cryptocurrency Mining (lien direct)	Coverity Scan, a free service used by tens of thousands of developers to find and fix bugs in their open source projects, was suspended in February after hackers breached some of its servers and abused them for cryptocurrency mining. Synopsys, which acquired Coverity in 2014, started notifying Coverity Scan users about the breach on Friday. The company said malicious actors gained access to Coverity Scan systems sometime in February. “We suspect that the access was to utilize our computing power for cryptocurrency mining,” Synopsys told users. “We have not found evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed. We retained a well-known computer forensics company to assist us in our investigation.” Synopsys says the service is now back online and it believes the point of access leveraged by the attackers has been closed. In order to regain access to Coverity Scan, users will need to reset their passwords. “Please note that the servers in question were not connected to any other Synopsys computer networks. This should have no impact on customers of our commercial products, and this event did not put any Synopsys corporate data or intellectual property at risk,” users were told. Cybercriminals have become increasingly interested in making a profit by hacking PCs and servers and abusing them to mine cryptocurrencies. Cryptocurrency mining malware can target a wide range of devices, including industrial systems. One recent high-profile victim was the carmaker Tesla, whose Kubernetes pods were compromised and used for cryptocurrency mining. According to RedLock, which discovered the breach, hackers gained access to Tesla's Kubernetes console due to the lack of password protection. Related: Avoid Becoming a Crypto-Mining Bot - Where to Look for Mining Malware and How to Respond Related: Linux Malware Targets Raspberry Pi for Cryptocurrency Mining		Uber Tesla
	2018-02-07 10:22:11	Hackers From Florida, Canada Behind 2016 Uber Breach (lien direct)			Uber
	2017-12-14 03:11:10	U.S. Prosecutors Confirm Uber Target of Criminal Probe (lien direct)	A letter made public Wednesday in Waymo's civil suit against Uber over swiped self-driving car secrets confirmed the ride-share service is the target of a US criminal investigation.		Uber
	2017-12-01 18:42:44	Senators Propose New Breach Notification Law (lien direct)	Senators Propose New Data Protection Bill Following Equifax and Uber Breaches		Equifax Uber
	2017-11-30 03:37:38	Court Investigating Whether Uber Connived to Cover its Tracks (lien direct)	Uber, the ride-sharing giant hit with a number of scandals in recent months, is now suspected of operating a program to hide nefarious tactics.		Uber
	2017-11-28 15:34:46	Majority of Android Apps Contain Embedded User-Tracking: Report (lien direct)	Seventy-five percent of 300 Android apps tested by Exodus Privacy and analyzed by the Yale Privacy Lab contain embedded trackers, including Uber, Tinder, Skype, Twitter, Spotify and Snapchat. The trackers are primarily used for targeted advertising, behavioral analytics and location tracking. They come as part of the app, and their presence and operation is likely unknown to the user at the time of installation.		Uber
	2017-11-22 18:52:34	Uber in Legal Crosshairs Over Hack Cover-up (lien direct)	Two US states on Wednesday confirmed they are investigating Uber's cover-up of a hack at the ride-sharing giant that compromised the personal information of 57 million users and drivers.		Uber
	2017-11-22 15:52:08	Should Uber Users be Worried About Data Hack? (lien direct)			Uber
	2017-11-22 00:46:15	Uber Hacked: Information of 57 Million Users Accessed in Covered-Up Breach (lien direct)	Uber Covered Up Massive Hack in 2016 for More Than a Year		Uber
	2017-08-15 15:11:28	Uber Settles Complaint Over Data Protection for Riders, Drivers (lien direct)	Uber agreed to implement new data protection measures to settle complaints that it failed to prevent improper snooping on driver and customer information, officials said Tuesday.		Uber
	2017-08-10 14:22:31	A Pragmatic Approach to Your Digital Transformation Journey (lien direct)	From the Amazon juggernaut to the now legendary story of Uber, examples of digital disruption reshaping markets and industries abound. In fact, in their 2017 State of Digital Disruption study, the Global Center for Digital Business Transformation (DBT Center) says that in just two years digital disruption has gone from a peripheral concern to top-of-mind.		Uber
	2017-03-07 15:07:18	Bug Allowed Free Uber Rides (lien direct)	A bug in Uber could have been used by users to ride for free anywhere where the service is available, a researcher has discovered.		Uber
	2016-11-25 17:48:07	Flaws in Uber\'s UberCENTRAL Tool Exposed User Data (lien direct)	Several vulnerabilities have been identified in Uber's recently launched UberCENTRAL service. The ride-sharing company patched the flaws and rewarded the expert who found them.		Uber

Last update at: 2024-04-29 06:07:51
See our sources.

To see everything: Our RSS (filtrered)