What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-19 21:24:55 | Uber: Lapsus$ Targeted External Contractor With MFA Bombing Attack (lien direct) | The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways. | Uber | ||
 |
2022-09-19 19:02:09 | Uber Confirms Hacker Accessed Internal Tools, Bug Bounty Dashboard (lien direct) | Ride-hailing giant Uber is moving quickly to downplay the impact from a devastating security breach that included the theft of employee credentials, access to the HackerOne bug bounty dashboard and data from an internal invoicing tool. | Uber Uber | ||
 |
2022-09-19 14:26:20 | Uber links breach to Lapsus$ group, blames contractor for hack (lien direct) | Uber believes the hacker behind last week's breach is affiliated with the Lapsus$ extortion group, known for breaching other high-profile tech companies such as Microsoft, Cisco, Nvidia, Samsung, and Okta. [...] | Hack | Uber Uber | |
 |
2022-09-19 14:24:04 | Avast : Uber annonce avoir été la cible d\'une cyberattaque dont l\'ampleur reste encore incertaine (lien direct) | Uber annonce avoir été la cible d'une cyberattaque dont l'ampleur reste encore incertaine. Se faisant passer pour un membre du Service IT d'Uber, un jeune hacker d'à peine 18 ans a incité un employé à lui transmettre ses codes d'accès à la messagerie d'entreprise Slack, utilisée par le géant du VTC. Le jeune pirate aurait alors affirmé avoir pénétré d'autres systèmes internes, et ainsi accédé à des informations sensibles. - Malwares | Uber Uber | ||
|
2022-09-19 13:01:44 | Commentaire de John Shier, Senior Security Advisor, Sophos au sujet de la cyberattaque Uber (lien direct) | Commentaire de John Shier, Senior Security Advisor, Sophos au sujet de la cyberattaque Uber - Malwares | Uber Uber | ||
|
2022-09-19 10:24:11 | GTA 6 Videos and Source Code Stolen in Rockstar Games Hack (lien direct) | The Rockstar Games hacker also claims to be behind the recent Uber breach | Hack | Uber Uber | |
|
2022-09-19 08:13:47 | La Cyberattaque UBER vue par Mickael Walter, Analyste Sécurité au CERT d\'I-TRACING (lien direct) | Mickael Walter, Analyste Sécurité au CERT (Computer Emergency Response Team) d'I-TRACING. Vendredi 16 septembre, Uber a été victime d'une cyberattaque. Un individu est entré via le VPN de l'entreprise grâce à des identifiants obtenus par smishing, une méthode d'attaque semblable au phishing mais qui s'opère par SMS. - Malwares | Uber Uber | ||
 |
2022-09-19 07:11:18 | (Déjà vu) Alleged Grand Theft Auto 6 (GTA6) gameplay videos and source code leaked online (lien direct) | >Threat actors leaked source code and gameplay videos of Grand Theft Auto 6 (GTA6) after they have allegedly breached Rockstar Game. Threat actors allegedly compromised Rockstar Game’s Slack server and Confluence wiki and leaked Grand Theft Auto 6 gameplay videos and source code. On September 18, 2022, threat actors that go on GTAForums as 'teapotuberhacker' […] | Threat | Uber | |
|
2022-09-18 11:58:11 | Uber says there is no evidence that users\' private information was compromised (lien direct) | Uber hack update: There is no evidence that users’ private information was compromised in the data breach. Uber provided an update regarding the recent security breach of its internal computer systems, the company confirmed that there is no evidence that intruders had access to users’ private information. “We have no evidence that the incident involved […] | Hack | Uber Uber | |
 |
2022-09-17 20:57:38 | S3 Ep100.5: Uber breach – an expert speaks [Audio + Text] (lien direct) | Chester Wisniewski on what we can learn from Uber: "Just because a big company didn't have the security they should doesn't mean you can't." | Uber Uber | ||
|
2022-09-17 16:14:00 | Serious Breach at Uber Spotlights Hacker Social Deception (lien direct) | The ride-hailing service Uber said Friday that all its services were operational following what security professionals are calling a major data breach, claiming there was no evidence the hacker got access to sensitive user data. | Uber Uber | ||
 |
2022-09-17 14:23:00 | Uber Claims No Sensitive Data Exposed in Latest Breach… But There\'s More to This (lien direct) | Uber, in an update, said there is "no evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "We have no evidence that the incident involved access to sensitive user data (like trip history)," the company said. "All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational." | Uber Uber | ||
 |
2022-09-16 21:35:11 | The Uber Hack\'s Devastation Is Just Starting to Reveal Itself (lien direct) | An alleged teen hacker claims to have gained deep access to the company's systems, but the full picture of the breach is still coming into focus. | Uber Uber | ||
|
2022-09-16 20:37:57 | Attacker Apparently Didn\'t Have to Breach a Single System to Pwn Uber (lien direct) | Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments. | Uber Uber | ||
 |
2022-09-16 18:41:24 | Uber investigating security breach of several internal systems (lien direct) | >Communications and engineering systems were taken offline after hacker sends images of repositories to cybersecurity researchers and The New York Times. | Uber | ★★ | |
 |
2022-09-16 17:00:29 | Blame game follows Uber hack. Experts say don\'t fault employee. (lien direct) | The Uber hack may be a lesson in poor security design and points to problems with vulnerable multi-factor authentication. | Hack | Uber Uber | |
|
2022-09-16 15:17:47 | Cyberattaques : la gestion des privilèges et des identités est une priorité ! (lien direct) | Pas un jour ne passe sans que l'on parle de nouvelles cyber-attaques. Pas plus tard qu'aujourd'hui, un jeune hacker a attaqué un acteur majeur sur le marché international : Uber. Face à cela, Julien Cassignol, Director of Sales Engineering chez WALLIX commente : “Aujourd'hui, un adolescent est arrivé, grâce au seul social engineering, à perturber l'activité de l'un des géants internationaux : Uber. Aussi talentueux soit-il, le jeune hacker a " simplement " usurpé l'identité du responsable IT, (...) - Malwares | Uber | ★★ | |
|
2022-09-16 15:16:20 | Uber, victime d\'une cyberattaque (lien direct) | Le service de VTC Uber semble avoir été victime d'une importante cyberattaque ayant permis à un pirate informatique d'accéder à des données importantes. La société a donc mis hors services plusieurs de ses systèmes et une enquête est en cours. Mackenzie Jackson, spécialiste de la protection des secrets dans le code chez GitGuardian explique : " Ce qui rend cette attaque si critique, c'est qu'il ne semble pas s'agir de l'attaque d'un seul système. Les attaquants semblent s'être déplacés latéralement entre (...) - Malwares | Uber Uber | ||
|
2022-09-16 14:21:55 | Hacker Pwns Uber Via Compromised Slack Account (lien direct) | A teen hacker reportedly social-engineered an Uber employee to hand over a Slack password, before burrowing deep into Uber's cloud and code repositories. | Uber Uber | ||
 |
2022-09-16 14:07:13 | Massive Data Breach at Uber (lien direct) | It’s big: The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. “They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like.” It looks like a pretty basic phishing attack; someone gave the hacker their login credentials. And because Uber has lousy internal security, lots of people have access to everything. So once a hacker gains a foothold, they have access to everything... | Data Breach Hack | Uber Uber | |
 |
2022-09-16 12:36:02 | Uber security breach \'looks bad\', caused by social engineering (lien direct) |
|
Uber | ||
 |
2022-09-16 12:00:00 | Uber hacked (lien direct) | >Categories: NewsTags: Uber Tags: MFA Tags: push notification Tags: Slack Tags: HackerOne Uber was forced to take several systems offline after reports of a serious breach (Read more...) | Uber | ||
 |
2022-09-16 11:37:48 | Uber\'s hacker *irritated* his way into its network, stole internal documents (lien direct) | Uber has suffered a security breach which allowed a hacker to break into its network, and access the company's internal documents and systems. How did they do it? By bombarding an employee with a spate of multi-factor authentication (MFA) push notifications. | Uber Uber | ||
 |
2022-09-16 10:11:37 | Uber piraté : un hacker aurait entièrement compromis l\'entreprise de VTC (lien direct) | >
Une nouvelle grosse tuile pour Uber ? L'entreprise reconnaît être la victime d'un " incident de sécurité ". D'après plusieurs experts, le pirate aurait eu accès à une somme de données sensibles considérable.
L'article Uber piraté : un hacker aurait entièrement compromis l'entreprise de VTC est à retrouver sur 01net.com. |
Uber | ||
 |
2022-09-16 10:10:38 | Uber investigating hack on its computer systems (lien direct) | A hacker was apparently able to gain access to the company's internal systems. | Hack | Uber | |
|
2022-09-16 09:22:19 | Uber Investigating Data Breach After Hacker Claims of Extensive Compromise (lien direct) | 
Uber “responding to a cybersecurity incident” after hacker claims to have breached several systems
|
Data Breach | Uber | |
 |
2022-09-16 09:00:00 | Uber Hacker May Have Compromised Secret Bug Reports (lien direct) | Attacker looks to have admin access to cloud accounts | Uber | ||
|
2022-09-16 08:38:00 | Uber Says It\'s Investigating a Potential Breach of Its Computer Systems (lien direct) | Ride hailing giant Uber disclosed Thursday it's responding to a cybersecurity incident involving a breach of its network and that it's in touch with law enforcement authorities. The New York Times first reported the incident. The hack is said to have forced the company to take its internal communications and engineering systems offline as it investigated the extent of the breach. | Hack | Uber | |
|
2022-09-16 07:22:27 | Uber hacked, internal systems and confidential documents were allegedly compromised (lien direct) | >Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. According to the New York Times, the threat actors hacked an employee’s Slack account and […] | Vulnerability Threat | Uber Uber | |
 |
2022-09-16 05:52:00 | Uber suffers major cyber attack (lien direct) | >Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. According to the New York Times, the threat actors hacked an employee’s Slack account and […] | Uber | ||
 |
2022-09-16 03:46:00 | Uber responding to “cybersecurity incident” following reports of significant data breach (lien direct) | Ride-hailing giant Uber has confirmed that it is responding to a cybersecurity incident as reports emerge that the firm has suffered a significant network data breach forcing it to shut down several internal communications and engineering systems.Attacker announces Uber breach through compromised Slack account In a statement on Twitter, Uber wrote “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.” While details from the company are currently sparse, a report by the New York Times on Thursday claimed that a hacker was able to compromise an employee's Slack account and used it to send a message to Uber employees announcing that the company had suffered a data breach.To read this article in full, please click here | Data Breach | Uber Uber | |
 |
2022-09-16 03:13:43 | Uber reels from \'security incident\' in which cloud systems seemingly hijacked (lien direct) | AWS and G Suite admin accounts likely popped, HackerOne bug bounty page hit, and more Uber is tonight reeling from what looks like a substantial cybersecurity breach.… | Uber | ||
 |
2022-09-13 17:15:08 | CVE-2022-36103 (lien direct) | Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR (certificate signing request) Talos control plane node might issue Talos API certificate which allows full access to Talos API on a control plane node. Accessing Talos API with full level access on a control plane node might reveal sensitive information which allows full level access to the cluster (Kubernetes and Talos PKI, etc.). Talos API join token is stored in the machine configuration on the worker node. When configured correctly, Kubernetes workloads don't have access to the machine configuration, but due to a misconfiguration workload might access the machine configuration and reveal the join token. This problem has been fixed in Talos 1.2.2. Enabling the Pod Security Standards mitigates the vulnerability by denying hostPath mounts and host networking by default in the baseline policy. Clusters that don't run untrusted workloads are not affected. Clusters with correct Pod Security configurations which don't allow hostPath mounts, and secure access to cloud metadata server (or machine configuration is not supplied via cloud metadata server) are not affected. | Vulnerability | Uber | |
|
2022-09-13 15:46:06 | Exploiter toute la valeur ajoutée de Kubernetes pour optimiser sa stratégie de gestion des données (lien direct) | Exploiter toute la valeur ajoutée de Kubernetes pour optimiser sa stratégie de gestion des données Par Gabriel Ferreira, directeur technique France, Pure Storage Les données constituent l'une des ressources les plus importantes d'une entreprise. Mais si elles ne sont pas gérées et analysées efficacement, elles perdent rapidement toute leur valeur. À l'heure où les exigences en la matière se multiplient, les clients déploient et administrent des applications modernes sur plusieurs systèmes de clouds et clusters – une architecture disparate, qui complexifie la gestion de ces applications, et bien entendu des données qu'elles contiennent. - Points de Vue | Uber | ||
 |
2022-09-09 14:33:20 | Kubernetes : Istio passe lui aussi au régime sans sidecar (lien direct) | Le projet Istio expérimente une option sans sidecar... qui coexistera jusqu'à nouvel ordre avec l'architecture actuelle. | Uber | ||
|
2022-09-08 15:50:02 | Canonical lance Charmed Kubeflow 1.6 (lien direct) | Canonical annonce le lancement de Charmed Kubeflow 1.6 une plateforme MLOps de bout en bout dotée de capacités optimisées d'apprentissage de modèles complexes. Charmed Kubeflow est la distribution de Canonical pour les entreprises de Kubeflow, une boîte à outils de machine learning open source conçue pour être utilisée avec Kubernetes. - Produits | Uber | ||
 |
2022-09-08 14:18:20 | Uber\'s Ex-security Officer Facing Criminal Charges After Data Breach (lien direct) | It has been reported that Uber's former security officer, Joe Sullivan, is standing trial this week in what is believed to be the first case of an executive facing criminal charges in relation to a data breach. The US district court in San Francisco will start hearing arguments on whether Sullivan, the former head of security at the […] | Data Breach | Uber | |
|
2022-09-07 21:15:08 | CVE-2022-36049 (lien direct) | Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0. | Tool Vulnerability | Uber | |
|
2022-09-07 09:15:08 | CVE-2021-36782 (lien direct) | A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7. | Vulnerability | Uber | |
|
2022-09-06 12:00:00 | YouTuber on the run after allegedly swiping $55m from followers (lien direct) | >Categories: NewsTags: YouTube Tags: forex Tags: trading Tags: scam Tags: Instagram Tags: influencer Tags: dance Tags: dancing Tags: fashion Tags: money We take a look at a tale of lost wealth, influencer lifestyles, and a Forex deal which brings everything crashing down. (Read more...) | Uber | ||
|
2022-09-02 08:15:34 | Canonical Kubernetes 1.25 est disponible (lien direct) | Canonical Kubernetes 1.25 est disponible En plus des améliorations de la version upstream de Kubernetes 1.25, Canonical Kubernetes 1.25 intègre plusieurs nouveautés, notamment pour les distributions MicroK8s et Charmed Kubernetes. - Produits | Uber | ||
|
2022-09-01 21:15:09 | CVE-2022-2238 (lien direct) | A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. | Vulnerability Guideline | Uber | |
|
2022-09-01 21:15:09 | CVE-2022-1902 (lien direct) | A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. | Uber | ||
|
2022-09-01 13:15:08 | CVE-2022-36055 (lien direct) | Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `--set`, `--set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions. | Tool | Uber | |
|
2022-09-01 11:56:25 | Over 900K Kubernetes clusters are misconfigured! Is your cluster a target? (lien direct) | Graham Cluley Security News is sponsored this week by the folks at Teleport. Thanks to the great team there for their support! Kubernetes is an amazing platform for managing containers at scale. However, a recent study found that over 900,000 Kubernetes clusters are vulnerable to attack because they are misconfigured! This means that your Kubernetes … Continue reading "Over 900K Kubernetes clusters are misconfigured! Is your cluster a target?" | Uber | ||
|
2022-09-01 08:30:58 | Kubernetes : d\'Airbnb à Skyscanner, ils reviennent sur leurs échecs (lien direct) | Un ingénieur a compilé des témoignages relatifs aux difficultés rencontrées dans le cadre de projets IT impliquant Kubernetes. | Uber | ||
|
2022-08-31 15:15:08 | CVE-2022-36035 (lien direct) | Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the improper handling of user-supplied input, which results in a path traversal that can be controlled by the attacker. Users sharing the same shell between other applications and the Flux CLI commands could be affected by this vulnerability. In some scenarios no errors may be presented, which may cause end users not to realize that something is amiss. A safe workaround is to execute Flux CLI in ephemeral and isolated shell environments, which can ensure no persistent values exist from previous processes. However, upgrading to the latest version of the CLI is still the recommended mitigation strategy. | Tool Vulnerability | Uber | |
|
2022-08-30 19:26:24 | VMware Tanzu® enrichit son portefeuille afin de exécuter et gérer des applications Cloud-natives (lien direct) | VMware Tanzu® enrichit son portefeuille afin de exécuter et gérer des applications Cloud-natives. Grâce aux améliorations apportées au portefeuille d'applications de nouvelle génération VMware Tanzu, VMware offre aux développeurs Kubernetes une expérience de qualité, ainsi que des capacités complètes de gestion - Produits | Uber | ||
|
2022-08-30 08:56:20 | Red Hat lance OpenShift Platform Plus (lien direct) | Red Hat, Inc annonce l'introduction d'une nouvelle itération sur sa solution Red Hat OpenShift Platform Plus. Elle est désormais dotée de nouvelles fonctionnalités et de nouvelles capacités supérieures à celles de la plateforme Kubernetes de base, notamment en ce qui concerne les capacités de stockage et de gestion. Red Hat OpenShift Platform Plus devient une plateforme Kubernetes unique qui couvre l'ensemble des scénarios informatiques des entreprises, qu'il s'agisse d'un centre de données (...) - Produits | Uber | ||
|
2022-08-29 15:15:10 | CVE-2022-31677 (lien direct) | An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. | Uber |
To see everything:
Our RSS (filtrered)
