What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-27 08:22:07 | Red Hat annonce une solution Kubernetes peu avide en ressources et destinée à alimenter les prochaines évolutions de l\'open edge computing (lien direct) | Red Hat Device Edge propose une solution de production Kubernetes et Linux flexible pour les appareils en périphérie des réseaux qui disposent de ressources limitées, renforçant ainsi la cohérence des déploiements d'edge computing, quelle que soit l'échelle ou presque Red Hat, Inc., premier éditeur mondial de solutions open source, présente Red Hat Device Edge, une solution qui permet de déployer de manière flexible des workloads traditionnels ou conteneurisés sur de petits appareils, tels que les (...) - Produits | Uber | ||
|
2022-10-25 07:30:58 | Commvault simplifie et automatise la protection du cloud pour les workloads Kubernetes d\'entreprise (lien direct) | Commvault annonce une extension de ses capacités de protection des workloads Kubernetes, avec notamment l'automatisation de la gestion, la réplication, la migration et la sécurité, sur l'ensemble de son portefeuille de solutions. Les nouvelles fonctionnalités, proposées par le logiciel Commvault Complete™ Data Protection et les offres Metallic® en mode SaaS, permettent aux clients de bénéficier d'une gestion simple et d'une protection de classe entreprise pour les environnements hybrides multi-cloud. (...) - Produits | Uber | ||
 |
2022-10-22 13:00:00 | Android Users Can Finally \'Like\' Messages From iPhones (lien direct) | Plus: Uber wants to serve ads during rides, and popular streaming services start cracking down on shared accounts. | Uber Uber | ||
 |
2022-10-22 00:15:09 | CVE-2022-39272 (lien direct) | Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation. | Uber | ||
 |
2022-10-20 13:01:02 | Announcing GUAC, a great pairing with SLSA (and SBOM)! (lien direct) | Posted by Brandon Lum, Mihai Maruseac, Isaac Hepworth, Google Open Source Security Team Supply chain security is at the fore of the industry's collective consciousness. We've recently seen a significant rise in software supply chain attacks, a Log4j vulnerability of catastrophic severity and breadth, and even an Executive Order on Cybersecurity. It is against this background that Google is seeking contributors to a new open source project called GUAC (pronounced like the dip). GUAC, or Graph for Understanding Artifact Composition, is in the early stages yet is poised to change how the industry understands software supply chains. GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata. True to Google's mission to organize and make the world's information universally accessible and useful, GUAC is meant to democratize the availability of this security information by making it freely accessible and useful for every organization, not just those with enterprise-scale security and IT funding. Thanks to community collaboration in groups such as OpenSSF, SLSA, SPDX, CycloneDX, and others, organizations increasingly have ready access to: Software Bills of Materials (SBOMs) (with SPDX-SBOM-Generator, Syft, kubernetes bom tool) signed attestations about how software was built (e.g. SLSA with SLSA3 Github Actions Builder, Google Cloud Build) vulnerability databases that aggregate information across ecosystems and make vulnerabilities more discoverable and actionable (e.g. OSV.dev, Global Security Database (GSD)). These data are useful on their own, but it's difficult to combine and synthesize the information for a more comprehensive view. The documents are scattered across different databases and producers, are attached to different ecosystem entities, and cannot be easily aggregated to answer higher-level questions about an organization's software assets. To help address this issue we've teamed up with Kusari, Purdue University, and Citi to create GUAC, a free tool to bring together many different sources of software security metadata. We're excited to share the project's proof of concept, which lets you query a small dataset of software metadata including SLSA provenance, SBOMs, and OpenSSF Scorecards. What is GUAC Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database-normalizing entity identities and mapping standard relationships between them. Querying this graph can drive higher-level organizational outcomes such as audit, policy, risk management, and even developer assistance. Conceptually, GUAC occupies the “aggregation and synthesis” layer of the software supply chain transparency logical model: | Tool Vulnerability | Uber | |
 |
2022-10-18 08:41:18 | The benefits of taking an intent-based approach to detecting Business Email Compromise (lien direct) |  By Abhishek Singh.BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets. A policy that checks for authorized email addresses of the sender can prevent BEC attacks. However, scaling the approach for every employee in a large organization is a challenge. Building an executive profile based on email analysis using a machine learning model and scanning emails against that profile will detect BEC. Data collection for building and training machine learning algorithms can take time, though, opening a window of opportunity for threat actors to exploit. Detection of exploitation techniques such as lookalike domains and any differences in the email addresses in the "From" and "Reply-to" fields can also detect BEC messages. However, the final verdict cannot account for the threat actor's intent. The intent-based approach detects BEC and then classifies it into the type of scam. It catches BEC messages, irrespective of whether a threat actor is impersonating a C-level executive or any employee in an organization. Classification based on the type of scam can help identify which segment of an organization was targeted and which employees were being impersonated by the threat actor. The additional information will further assist in better designing preventive features to stop BEC. Business email compromise (BEC) is one of the most financially damaging online crimes. As per the internet crime 221 report, the total loss in 2021 due to BEC is around 2.4 billion dollars. Since 2013, BEC has resulted in a 43 billion dollars loss. The report defines BEC as a scam targeting businesses (not individuals) working with foreign suppliers and companies regularly performing wire transfer payments. Fraudsters carry out these sophisticated scams to conduct the unauthorized transfer of funds. This introduces the challenge of how to detect and block these campaigns as they continue to compromise organizations successfully. There are a variety of approaches to identifying BEC email messages, such as using policy to allow emails from authorized email addresses, detecting exploitation techniques used by threat actors, building profiles by analysis of emails, and validating against the profile to detect BEC. These approaches have a variety of limitations or shortcomings. Cisco Talos is taking a different approach and using an intent-based model to identify and block BEC messages. Before we get too deep into the intent-based model, take a deeper look at the commonly used approaches to block BEC from the simplistic through machine learning (ML) approaches. Policy-based detection The first place to start is with policy-based detection as it is one of the most common and simplistic approaches to blocking BEC campaigns. Let's start by looking at an example of a BEC email. |
Threat Medical Cloud | Yahoo Uber APT 38 APT 37 APT 29 APT 19 APT 15 APT 10 | |
 |
2022-10-14 15:43:11 | AKS lite : Microsoft pousse son Kubernetes un peu plus loin en périphérie (lien direct) | Passage imminent en bêta publique pour AKS lite, version " légère " du Kubernetes managé de Microsoft destinée en priorité à l'IoT. | Uber | ||
|
2022-10-13 23:15:11 | CVE-2022-39278 (lien direct) | Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go. | Uber | ||
 |
2022-10-13 10:05:10 | What the Uber Hack can teach us about navigating IT Security (lien direct) | The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security. [...] | Hack Threat | Uber Uber | |
 |
2022-10-13 10:00:00 | The biggest concerns within the US Financial Sector in 2022 (lien direct) | This blog was written by an independent guest blogger. The value of digital payment transactions is growing as the world's payment environment moves more and more away from cash. Over the past few years, BFSI (Banking, Financial Service, and Insurance) firms have continued to be a top target for hackers. In fact, the Sixth Annual Bank Survey found that more than 70% of fintech companies named information security as their top issue. According to VMware's Modern Bank Heists study, since the COVID-19 epidemic, there have been 238% more cyberattacks on companies in the financial sector. Artificial intelligence (AI) and self-learning malware are making cyberattacks more sophisticated. While ransomware assaults are the most profitable for cybercriminals, phishing attacks prey on unsuspecting and defenseless consumers. Thus, it should come as no surprise that 39% of financial industry executives think that the overall network security threat to BFSI sector companies has increased significantly. Financial and banking firms in the US must put cybersecurity first above all else given the volume of sensitive data that the BFSI sector must manage. Leading analytics company GlobalData predicts that rising demand for cybersecurity would cause worldwide security revenues in the retail banking industry to climb from $7.9 billion in 2019 to $9.8 billion in 2024. What are the biggest concerns facing the financial sector in the United States for 2022? Reimbursing cyber scams As banks are under pressure to compensate their scammed consumers, rising cybercrime rates translate to rising costs for the industry. More than half (58%) of those who conduct their banking online encounter scams via email or SMS at least once per week, and 23% report having fallen victim to a cyberattack. Banks currently reimburse authorized push payment (APP) fraud at an average rate of 46%. Although many banking institutions are refusing reimbursements for online fraud, this is due to change soon, or else the situation will backfire. For example, measures supported by the UK government will require banks to reimburse everyone. This is only one illustration of the fact that if banks are to secure their consumers and their business line in 2022, they must prioritize cybersecurity more highly. To exchange efficient strategies, banks will need to collaborate with governments and industry organizations. The public must continue to get education on preventative measures, but ultimately it is the banks' responsibility to establish security models that will give them and their clients the greatest level of safety. Maintain compliance with strict privacy regulations The use of social engineering and account takeover fraud will increase over the next years. Financial institutions must not only conduct comprehensive data checks beyond document verification at account opening to fight this but also keep track of customer identities throughout the customer lifecycle. Banks must decide how to manage sensitive personal data like biometrics as | Ransomware Malware Vulnerability Threat Guideline | Uber | |
 |
2022-10-13 02:00:00 | What the Uber verdict means to CISOs: You\'re (probably) not going to jail (lien direct) | There seem to be two reactions to the verdict in the Sullivan case. One reaction, often from CISOs already stressed by being outside the room where it happens, is to decide that being a CISO isn't worth the risk – it already wasn't worth the stress. If the title is really Chief Scapegoat Officer, it's one thing to lose your job, but your freedom? That's across the line. The second reaction seems to be nonchalant. What's the big deal, after all? It's just one person, and there was some shady stuff going on over at Uber.To read this article in full, please click here | Uber Uber | ||
|
2022-10-12 09:10:41 | On vous cyber-attaque ? Réjouissez-vous ! (lien direct) | Acceptons une bonne fois pour toutes que nos systèmes informatiques soient faillibles, et construisons à partir de là, une défense basée sur la sanction des mouvements inappropriés. La technologie le permet. Peut-on réellement échapper aux cyber-attaques ? Deux affaires récentes viennent encore une fois de démontrer le contraire. Victime d'un piratage massif au début du mois de septembre, la société mondiale de VTC Uber a dû mettre hors ligne une bonne partie de ses systèmes informatiques. Quant au (...) - Points de Vue | Uber Uber | ||
|
2022-10-11 19:15:12 | CVE-2022-37968 (lien direct) | Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability. | Uber | ★★★★★ | |
 |
2022-10-11 15:47:09 | 57 Million Users Compromised in Uber Leak: Protect Your Digital Privacy and Identity (lien direct) | >
“I'll just Uber home.” Who hails a taxi anymore? These days, city streets are full of double-parked sedans with their...
|
Uber Uber | ||
|
2022-10-11 14:11:23 | Microsoft Patch Tuesday for October 2022 - Snort rules and prominent vulnerabilities (lien direct) |  By Jon Munshaw and Vanja Svajcer.Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company's hardware and software line, including seven critical issues in Windows' point-to-point tunneling protocol. October's security update features 11 critical vulnerabilities, with the remainder being “important.” One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month's Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited. An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server. CVE-2022-37968, an elevation of privilege vulnerability in Azure Arc Connect, has the highest severity score out of all the vulnerabilities Microsoft fixed this month - a maximum 10 out of 10. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, could allow an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster. CVE-2022-37976 and CVE-2022-37979 are also critical elevation of privilege vulnerabilities in Windows Active Directory and Hyper-V, respectively. The Windows' point-to-point tunneling protocol, which is a network protocol used to create VPN tunnels between public networks, contains eight vulnerabilities that Microsoft disclosed Tuesday, seven of which are rated “critical” severity: CVE-2022-22035CVE-2022-24504 CVE-2022-30198 CVE-2022-33634 CVE-2022-38000 CVE-2022-38047 CVE-2022-41081 CVE-2022-38000 is the most serious among the group wit |
Vulnerability | Uber | |
|
2022-10-11 13:59:11 | Venafi présente un Plan de Contrôle pour la Gestion de l\'Identité Machine (lien direct) | La nouvelle solution Venafi permet d'unifier la gestion de l'identité machine entre tous les types d'identité. Elle est disponible sous la forme d'un service, sur site et intégrée dans les clusters Kubernetes qui fonctionne à la périphérie dans des micro-services conteneurisés Venafi®, inventeur et le principal fournisseur en matière de gestion de l'identité machine, a déployé ce jour le Plan de Contrôle Venafi pour les Identités Machines. Le Plan de Contrôle Venafi unifie la gestion de l'identité machine à (...) - Produits | Uber | ||
|
2022-10-07 19:20:30 | The Uber Data Breach Conviction Shows Security Execs What Not to Do (lien direct) | Former Uber security chief Joe Sullivan's conviction is a rare criminal consequence for an executive's handling of a hack. | Data Breach | Uber Uber | |
 |
2022-10-07 11:16:52 | Industry Reactions to Conviction of Former Uber CSO Joe Sullivan: Feedback Friday (lien direct) | Former Uber security chief Joe Sullivan has been found guilty by a jury over his role in covering up a massive data breach suffered by the ride sharing giant in 2016. | Data Breach | Uber Uber | |
 |
2022-10-06 21:39:45 | Former Uber CSO found guilty of obstruction in attempted data breach cover-up (lien direct) | Joe Sullivan schemed to hide a 2016 breach of 57 million users' information shortly after he was hired. | Data Breach | Uber Uber | |
 |
2022-10-06 15:11:37 | Ex-Uber security chief convicted of hiding hack from federal regulators (lien direct) | Former security chief may be first exec found guilty of hiding a data breach. | Hack | Uber | |
 |
2022-10-06 15:00:00 | (Déjà vu) Uber\'s Former Security Chief Convicted of 2016 Data Breach Cover-Up (lien direct) | Joe Sullivan was charged two years ago with obstruction of justice and misprision | Data Breach | Uber | |
|
2022-10-06 13:16:00 | Guilty verdict in the Uber breach case makes personal liability real for CISOs (lien direct) | Yesterday, a federal jury handed down a guilty verdict to Joe Sullivan, the former CSO on charges of “obstruction of the proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of a 2016 hack at Uber” according to a notice published by the Department of Justice (DOJ).US Attorney Stephanie Hinds, upon learning of the verdict, admonished companies that are storing data as to their responsibility to also “protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being caught. We will not tolerate the concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users. Where such conduct violates the federal law, it will be prosecuted.”To read this article in full, please click here | Data Breach Hack | Uber Uber | |
 |
2022-10-06 12:27:00 | Former Uber Security Chief Found Guilty of Data Breach Coverup (lien direct) | A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan has been convicted on two counts: One for obstructing justice by not reporting the incident and another for misprision. He faces a maximum of five years in prison for the | Data Breach | Uber Uber | |
 |
2022-10-06 00:33:21 | Former Uber CSO convicted of covering up massive 2016 data theft (lien direct) | Passing off a ransom payment as a bug bounty? That's obstruction of justice Joe Sullivan, Uber's former chief security officer, has been found guilty of illegally covering up the theft of Uber drivers and customers' personal information.… | Uber Uber | ||
|
2022-10-05 21:49:24 | Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover-Up (lien direct) | 
A San Francisco jury on Wednesday found former Uber security chief Joe Sullivan guilty of covering up a 2016 data breach and concealing information on a felony from law enforcement.
|
Data Breach | Uber Uber | |
|
2022-10-05 12:31:28 | NEC et Red Hat étendent leur collaboration mondiale pour favoriser la modernisation informatique et la transformation numérique (lien direct) | Les solutions de NEC sont créées et déployées sur Red Hat Openshift, la principale plateforme d'entreprise Kubernetes du secteur pour les applications critiques NEC Corporation (siège social : arrondissement de Minato, Tokyo ; Président et CEO : Takayuki Morita ; ci-après dénommé "NEC") et Red Hat, Inc. (siège social : Raleigh, N.C. ; Président et CEO : Matt Hicks ; ci-après dénommée "Red Hat"), premier éditeur mondial de solutions open source, annoncent le développement de leur collaboration mondiale (...) - Business | Uber | ||
 |
2022-10-03 17:00:00 | Uber Data Breach: What To Know About the 2022 Cybersecurity Attack (lien direct) |
No matter how robust network security is, even the biggest companies fall victim to cyber attacks. These malicious attacks can be costly - to the tune of 4.3 million on average - but they also disrupt operations and hurt a company's reputation. |
Data Breach | Uber | ★★★ |
 |
2022-10-03 05:00:59 | Méfiance : l\'authentification multifacteur ne vous protège pas totalement des pirates (lien direct) | 
Le hack récent d'Uber a montré une fois de plus que les systèmes d'authentification à plusieurs facteurs ne sont pas toujours efficaces pour contrer les cybercriminels, qui usent de nouvelles techniques pour tenter de vous piéger.
L'article Méfiance : l'authentification multifacteur ne vous protège pas totalement des pirates est à retrouver sur 01net.com. |
Hack | Uber | |
|
2022-09-30 09:56:02 | Quels enseignements tirer de la compromission d\'Uber ? (lien direct) | Il est important pour les entreprises d'analyser cette attaque, afin de comprendre comment des niveaux de défense peuvent se combiner pour faire obstacles à ces attaques connexes. | Uber | ||
|
2022-09-29 08:07:37 | Architecture sans serveur : Quoi, où et pourquoi ? (lien direct) | Malgré son nom, l'architecture sans serveur n'est pas vraiment sans serveur. Cette appellation impropre est source de confusion quant à la définition exacte d'une architecture sans serveur. Après tout, les applications ont besoin d'un serveur quelconque pour fonctionner. Une architecture sans serveur implique qu'un prestataire de services cloud, tel que Google, Amazon Web Services® (AWS) ou Microsoft® Azure® fournit une infrastructure dorsale pour votre application. Sa popularité est partiellement due aux services comme Kubernetes qui a soudainement suscité une vague d'intérêt parmi les entreprises pour l'hébergement payant de leurs applications sur d'autres services. Toutefois, même si cette approche présente plusieurs avantages, ce processus n'est pas si simple. - Points de Vue | Uber | ||
|
2022-09-26 17:01:02 | Leaks de GTA VI, piratage d\'Uber : un jeune hacker de 17 ans un peu trop vantard arrêté (lien direct) | 
Le pirate d'Uber et de Rockstar a-t-il été déjà arrêté ? La police de Londres indique en tout cas qu'un jeune hacker a été appréhendé ce week-end. Son profil concorde avec celui d'un adolescent déjà impliqué dans les précédents hacks menés par le groupe Lapsus$.
L'article Leaks de GTA VI, piratage d’Uber : un jeune hacker de 17 ans un peu trop vantard arrêté est à retrouver sur 01net.com. |
Uber | ||
 |
2022-09-26 14:00:00 | How Quantum Physics Leads to Decrypting Common Algorithms (lien direct) | YouTuber minutephysics explains how Shor's algorithm builds on existing formulae like Euclid's algorithm and Fourier transforms to leverage quantum superpositioning and break encryption. | Uber | ||
 |
2022-09-24 13:58:18 | London Police arrested a teen suspected to be behind Uber, Rockstar Games breaches (lien direct) | >The City of London Police this week announced the arrest of a 17-year-old teenager on suspicion of hacking. Is he the Uber hacker? The City of London Police on Friday announced to have arrested a 17-year-old teenager on suspicion of hacking, however, experts believe the arrest could be linked to the recent security breaches suffered […] | Uber Uber | ||
|
2022-09-24 12:07:00 | London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches (lien direct) | The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "he remains in police custody." The department said the arrest was made as part of an investigation in | Uber Uber | ||
|
2022-09-23 20:19:01 | App Developers Increasingly Targeted via Slack, DevOps Tools (lien direct) | Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks. | Uber | ||
 |
2022-09-23 16:23:12 | Oxford teen arrested in UK on suspicion of hacking (lien direct) | The boy, who has not been named, was arrested as part of an investigation by the National Crime Agency (NCA). He remains in police custody. Although at the time of writing no more details have been shared, there is speculation online that the arrest is in relation to the recent hacks of Uber and Rockstar Games. | Uber Uber | ||
 |
2022-09-23 15:51:25 | British teen arrested in hacking case (lien direct) | >The arrest comes just more than a week after the Uber and Rockstar Games hacks, which Uber blamed on a group linked to British teens. | Uber Uber | ||
|
2022-09-22 13:44:39 | Tech news you may have missed: Sept 15 – 21 (lien direct) | >Learn how to grant access to Excel workbook ranges, get the latest updates on the Windows 11 22H2 release and learn about the Uber hack in this week's roundup of the news. | Hack | Uber Uber | |
|
2022-09-22 02:00:00 | D&O insurance not yet a priority despite criminal trial of Uber\'s former CISO (lien direct) | The trial of former Uber CISO Joe Sullivan marks the first time a cybersecurity chief has faced potential criminal liability. Sullivan is charged with trying to conceal from federal investigators the details of a 2016 hack at Uber that exposed the email addresses and phone numbers of 57 million drivers and passengers. The two charges against Sullivan, obstruction of justice and failure to report a crime, carry potential jail time of five and three years, respectively, in a watershed case that has drawn the attention of security professionals.To read this article in full, please click here | Hack | Uber Uber | |
|
2022-09-22 02:00:00 | Multi-factor authentication fatigue attacks are on the rise: How to defend against them (lien direct) | Credential compromise has been one of the top causes for network security breaches for a long time, which has prompted more organizations to adopt multi-factor authentication (MFA) as a defense. While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it.One of the most popular ways is spamming an employee whose credentials have been compromised with MFA authorization requests until they become annoyed and approve the request through their authenticators app. It's a simple yet effective technique that has become known as MFA fatigue and was also used in the recent Uber breach.To read this article in full, please click here | Uber Uber | ||
|
2022-09-20 20:17:02 | Uber exposes Lapsus$ extortion group for security breach (lien direct) | >In last week's security breach against Uber, the attackers downloaded internal messages from Slack as well as information from a tool used to manage invoices. | Tool | Uber | |
 |
2022-09-20 20:06:38 | Unpacking the Uber Breach (lien direct) | In the days following the September 15 Uber breach disclosure, much has been written about how one, allegedly 18-year-old attacker was able to successfully infiltrate the ridesharing giant's IT infrastructure and gain access to sensitive... | Uber Uber | ||
|
2022-09-20 18:20:52 | Cast AI Introduces Cloud Security Insights for Kubernetes (lien direct) | The release augments the company's Kubernetes management platform with free, user-friendly insight on security postures, along with cost monitoring and observability. | Uber | ||
|
2022-09-20 15:30:00 | Grand Theft Auto Publisher Rockstar Games Hacked (lien direct) | The threat actor 'teapotuberhacker' could be linked to the Lapsus$ hacking group | Threat | Uber | |
 |
2022-09-20 15:00:00 | Anomali Cyber Watch: Uber and GTA 6 Were Breached, RedLine Bundle File Advertises Itself on YouTube, Supply-Chain Attack via eCommerce Fishpig Extensions, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, Cyberespionage, Iran, Ransomware, Stealers, and Supply chain. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Hacker Pwns Uber Via Compromised VPN Account
(published: September 16, 2022)
On September 15, 2022, ride-sharing giant Uber started an incident response after discovering a data breach. According to Group-IB researchers, download file name artifacts point to the attacker getting access to fresh keylogger logs affecting two Uber employees from Indonesia and Brazil that have been infected with Racoon and Vidar stealers. The attacker allegedly used a compromised VPN account credentials and performed multifactor authentication fatigue attack by requesting the MFA push notification many times and then making a social-engineering call to the affected employee. Once inside, the attacker allegedly found valid credentials for privilege escalation: a PowerShell script containing hardcoded credentials for a Thycotic privileged access management admin account. On September 18, 2022, Rockstar Games’ Grand Theft Auto 6 suffered a confirmed data leak, likely caused by the same attacker.
Analyst Comment: Network defenders can consider setting up alerts for signs of an MFA fatigue attack such as a large number of MFA requests in a relatively short period of time. Review your source code for embedded credentials, especially those with administrative privileges.
MITRE ATT&CK: [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Credentials from Password Stores - T1555
Tags: MFA fatigue, Social engineering, Data breach, Uber, GTA 6, GTA VI, detection:Racoon, detection:Vidar, malware-type:Keylogger, malware-type:Stealer
Self-Spreading Stealer Attacks Gamers via YouTube
(published: September 15, 2022)
Kaspersky researchers discovered a new campaign spreading the RedLine commodity stealer. This campaign utilizes a malicious bundle: a single self-extracting archive. The bundle delivers RedLine and additional malware, which enables spreading the malicious archive by publishing promotional videos on victim’s Youtube channel. These videos target gamers with promises of “cheats” and “cracks.”
Analyst Comment: Kids and other online gamers should be reminded to avoid illegal software. It might be better to use different machines for your gaming and banking activities.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Resource Hijacking - T1496
Tags: detection:RedLine, malware-type:Stealer, Bundle, Self-spreading, Telegraph, Youtub |
Ransomware Malware Tool Vulnerability Threat Guideline | Uber Uber APT 41 APT 15 | |
|
2022-09-20 14:51:00 | Uber Blames LAPSUS$ Hacking Group for Recent Security Breach (lien direct) | Uber on Monday disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group. "This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, NVIDIA, and Okta, among others," the San Francisco-based | Threat | Uber Uber | |
 |
2022-09-20 13:30:00 | (Déjà vu) CyberheistNews Vol 12 #38 [HEADS UP] New Uber Security Breach \'Looks Bad\', Caused by Social Engineering (lien direct) |
|
Uber Uber | ||
|
2022-09-20 13:17:36 | Uber believes that the LAPSUS$ gang is behind the recent attack (lien direct) | >Uber disclosed additional details about the security breach, the company blames a threat actor allegedly affiliated with the LAPSUS$ hacking group. Uber revealed additional details about the recent security breach, the company believes that the threat actor behind the intrusion is affiliated with the LAPSUS$ hacking group. Over the last months, the Lapsus$ gang compromised […] | Threat | Uber Uber | |
|
2022-09-20 08:40:00 | Uber Blames Lapsus$ for Breach (lien direct) | Threat actor bombarded Uber contractor with 2FA requests | Threat | Uber Uber | |
|
2022-09-20 04:03:00 | Uber links cyberattack to LAPSUS$, says sensitive user data remains protected (lien direct) | Uber has linked its recent cyberattack to an actor (or actors) affiliated with the notorious LAPSUS$ threat group, responsible for breaching the likes of Microsoft, Cisco, Samsung, Nvidia and Okta this year. The announcement came as the ride-hailing giant continues to investigate a network data breach that occurred on Thursday, September 15.Attacker gained elevated permissions to tools including G-Suite and Slack In a security update published on Monday, September 19, Uber wrote, “An Uber EXT contractor had their account compromised by an attacker. It is likely that the attacker purchased the contractor's Uber corporate password on the dark web, after the contractor's personal device had been infected with malware, exposing those credentials. The attacker then repeatedly tried to log in to the contractor's Uber account.” Each time, the contractor received a two-factor login approval request, which initially blocked access, it added.To read this article in full, please click here | Threat | Uber Uber |
To see everything:
Our RSS (filtrered)
