What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-14 03:34:00 | Expel announces MDR for Kubernetes with MITRE ATT&CK framework alignment (lien direct) | Security operations provider Expel has announced the general availability of Expel managed detection and response (MDR) for Kubernetes. The firm said the product enables customers to secure their business across their Kubernetes environment and adopt new technologies at scale without being hindered by security concerns. It has also been designed to align with the MITRE ATT&CK framework to help teams remediate threats and improve resilience, Expel added.Kubernetes is an open-source orchestration system that relies on containers to automate the deployment, scaling, and management of applications, usually in a cloud environment. Over time, it has become the de facto operating system of the cloud, but can also pose significant security risks and challenges for businesses.To read this article in full, please click here | Uber | ★ | |
|
2022-12-12 02:00:00 | 14 lessons CISOs learned in 2022 (lien direct) | We're about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach.These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters. "With the shifts in the cybersecurity landscape, 2022 has been a milestone year we will look back on when studying the history of when and why cybersecurity and digital trust were fused together," says Kory Daniels, CISO at Trustwave.To read this article in full, please click here | Uber | ★★ | |
|
2022-10-13 02:00:00 | What the Uber verdict means to CISOs: You\'re (probably) not going to jail (lien direct) | There seem to be two reactions to the verdict in the Sullivan case. One reaction, often from CISOs already stressed by being outside the room where it happens, is to decide that being a CISO isn't worth the risk – it already wasn't worth the stress. If the title is really Chief Scapegoat Officer, it's one thing to lose your job, but your freedom? That's across the line. The second reaction seems to be nonchalant. What's the big deal, after all? It's just one person, and there was some shady stuff going on over at Uber.To read this article in full, please click here | Uber Uber | ||
|
2022-10-06 13:16:00 | Guilty verdict in the Uber breach case makes personal liability real for CISOs (lien direct) | Yesterday, a federal jury handed down a guilty verdict to Joe Sullivan, the former CSO on charges of “obstruction of the proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of a 2016 hack at Uber” according to a notice published by the Department of Justice (DOJ).US Attorney Stephanie Hinds, upon learning of the verdict, admonished companies that are storing data as to their responsibility to also “protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being caught. We will not tolerate the concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users. Where such conduct violates the federal law, it will be prosecuted.”To read this article in full, please click here | Data Breach Hack | Uber Uber | |
|
2022-09-22 02:00:00 | Multi-factor authentication fatigue attacks are on the rise: How to defend against them (lien direct) | Credential compromise has been one of the top causes for network security breaches for a long time, which has prompted more organizations to adopt multi-factor authentication (MFA) as a defense. While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it.One of the most popular ways is spamming an employee whose credentials have been compromised with MFA authorization requests until they become annoyed and approve the request through their authenticators app. It's a simple yet effective technique that has become known as MFA fatigue and was also used in the recent Uber breach.To read this article in full, please click here | Uber Uber | ||
|
2022-09-22 02:00:00 | D&O insurance not yet a priority despite criminal trial of Uber\'s former CISO (lien direct) | The trial of former Uber CISO Joe Sullivan marks the first time a cybersecurity chief has faced potential criminal liability. Sullivan is charged with trying to conceal from federal investigators the details of a 2016 hack at Uber that exposed the email addresses and phone numbers of 57 million drivers and passengers. The two charges against Sullivan, obstruction of justice and failure to report a crime, carry potential jail time of five and three years, respectively, in a watershed case that has drawn the attention of security professionals.To read this article in full, please click here | Hack | Uber Uber | |
|
2022-09-20 04:03:00 | Uber links cyberattack to LAPSUS$, says sensitive user data remains protected (lien direct) | Uber has linked its recent cyberattack to an actor (or actors) affiliated with the notorious LAPSUS$ threat group, responsible for breaching the likes of Microsoft, Cisco, Samsung, Nvidia and Okta this year. The announcement came as the ride-hailing giant continues to investigate a network data breach that occurred on Thursday, September 15.Attacker gained elevated permissions to tools including G-Suite and Slack In a security update published on Monday, September 19, Uber wrote, “An Uber EXT contractor had their account compromised by an attacker. It is likely that the attacker purchased the contractor's Uber corporate password on the dark web, after the contractor's personal device had been infected with malware, exposing those credentials. The attacker then repeatedly tried to log in to the contractor's Uber account.” Each time, the contractor received a two-factor login approval request, which initially blocked access, it added.To read this article in full, please click here | Threat | Uber Uber | |
|
2022-09-16 03:46:00 | Uber responding to “cybersecurity incident” following reports of significant data breach (lien direct) | Ride-hailing giant Uber has confirmed that it is responding to a cybersecurity incident as reports emerge that the firm has suffered a significant network data breach forcing it to shut down several internal communications and engineering systems.Attacker announces Uber breach through compromised Slack account In a statement on Twitter, Uber wrote “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.” While details from the company are currently sparse, a report by the New York Times on Thursday claimed that a hacker was able to compromise an employee's Slack account and used it to send a message to Uber employees announcing that the company had suffered a data breach.To read this article in full, please click here | Data Breach | Uber Uber | |
|
2022-07-27 06:09:00 | Teleport features passwordless access with new access plane update (lien direct) | Teleport, an open source platform designed to provide zero trust access management applications, has announced the latest version of its unified access plane, Teleport 10, which features passwordless access as a single sign-on (SSO) infrastructure access solution.Teleport's unified access plane is an open source identity-based infrastructure access platform that unifies secure access to servers, Kubernetes clusters, applications and databases.To read this article in full, please click here | Uber | ||
|
2022-05-19 02:00:00 | Uber CISO\'s trial underscores the importance of truth, transparency, and trust (lien direct) | Truth, transparency and trust are the three T's that all CISOs and CSOs should embrace as they march through their daily grind of keeping their enterprise and the data safe and secure. Failure to adhere to the three T's can have serious consequences.Case in point: A federal judge recently ordered Uber Technologies to work with its former CSO, Joseph Sullivan (who held the position from April 2015 to November 2017), and review a plethora of Uber documents that Sullivan has requested in unredacted form for use in his defense in the upcoming criminal trial.The case against Uber's former CSO By way of background, Uber's former CSO faces a five-felony count superseding indictment associated with his handling of the company's 2016 data breach. The court document, filed in December 2021, alleges Sullivan “engaged in a scheme designed to ensure that the data breach did not become public knowledge, was concealed, and was not disclosed to the FTC and to impacted users and drivers.” Furthermore, the two individuals, who are believed to have affected the hack and subsequently requested payment for non-disclosure ultimately received $100,000 from Uber's bug bounty program. These individuals were identified in media as, Vasile Mereacre, a Canadian citizen living in Toronto, and Brandon Glover, a Florida resident, both of whom were later indicted for their breach of Lynda (a company acquired by Linkedin).To read this article in full, please click here | Data Breach Hack | Uber Uber | |
|
2020-10-05 03:00:00 | Uber breach case a \'watershed moment\' for CISOs\' liability risk (lien direct) | Since former Uber CSO Joe Sullivan was charged in August with two felonies for failing to report a 2016 breach that exposed 607,000 personal records, CISOs are scrambling to determine their own personal liability for breaches in their organizations. The charges - obstruction of justice and misprision of a felony (failure to report a crime) - carry with them the potential of jail time of up to five years and three years, respectively. | Uber | ||
|
2018-12-27 03:00:00 | The most interesting and important hacks of 2018 (lien direct) | Each year a few hackers do something new that begs further examination. The general public and Hollywood paints most hackers as these uber-smart people who can take control of entire city's infrastructure and crack any password in seconds. The reality is that most hackers are fairly average people with average intelligence. Most don't do anything new. They just repeat the same things that have worked for years, if not decades, using someone else's tool based on someone else's hack from many years ago. | Hack Tool | Uber | |
|
2018-10-30 03:00:00 | Biggest data breach penalties for 2018 (lien direct) | Uber: $148 million Image by Getty/UberIn 2016 ride-hailing app Uber had 600,000 driver and 57 million user accounts were breached. Instead of reporting the incident the company paid the perpetrator $100,000 to keep the hack under wraps. Those actions, however, cost the company dearly. The company was fined $148 million -- the biggest data-breach payout in history – for violation of state data breach notification laws. |
Data Breach Hack | Uber |
1
We have: 13 articles.
We have: 13 articles.
To see everything:
Our RSS (filtrered)
