1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Uber confirms it was hit by major cyberattack

    From TechnologyDaily@1337:1/100 to All on Fri Sep 16 13:45:04 2022
    Uber confirms it was hit by major cyberattack

    Date:
    Fri, 16 Sep 2022 12:27:53 +0000

    Description:
    Teenage hacker reportedly gains access through Slack and hits critical Uber
    IT systems.

    FULL STORY ======================================================================

    Taxi giant Uber has suffered a major cyberattack in which threat actors accessed many of the companys critical IT systems, applications, endpoints , and sensitive data.

    The attack, which has since been confirmed by Uber, appears to be the work of a threat actor managed to steal login credentials from a company employee.

    The New York Times , which broke the news, said it had spoken to the alleged hacker, who claimed to have breached Uber after performing a social engineering attack on an employee and stealing passwords . Stealing vulnerability reports

    "We are currently responding to a cybersecurity incident. We are in touch
    with law enforcement and will post additional updates here as they become available," Uber confirmed via its support Twitter account .

    It's not known if any viruses or malware were used, but using the stolen credentials, the attackers were able to gain access to a treasure trove of sensitive data, including internal systems, email dashboard, Slack server, security software, Windows domain, Amazon Web Services console, VMware ESXi virtual machines, and the Google Workspace email admin dashboard.

    While all of this data is valuable, the attackers may have hit the jackpot with vulnerability reports.

    A source told BleepingComputer the threat actor downloaded all vulnerability reports before losing access to Ubers bug bounty program. In other words, the hackers obtained all of the information regarding bugs and flaws that Uber might be having/fixing at the moment. Read more

    Hackers are reviving a long-forgotten malware to help evade detection



    Nearly all firms have suffered a cloud security issue this year


    Here are the best malware removal tools out there

    Uber runs a bug bounty program via HackerOne, allowing security researchers
    to share their findings on Ubers software bugs and vulnerabilities, in private, and get paid for it. This program has since been disabled by HackerOne, but it might just be a little too late.

    This is not the first time Uber has faced a major data incident. Earlier in 2022, the company admitted to covering up a major data breach that took place in 2016 . That data breach resulted in user data making its way online, and with a couple of executives trying to cover the whole thing up.

    Ubers confession came as part of a settlement that saw it avoid criminal prosecution from the U.S. Department of Justice. Check out the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/uber-confirms-it-was-hit-by-major-cyberattack/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)