Security News > 2022 > September > Uber exposes Lapsus$ extortion group for security breach
Uber exposes Lapsus$ extortion group for security breach.
Uber has laid the blame for its recent security breach at the feet of Lapsus$, a cybercrime group that uses social engineering to target technology firms and other organizations.
In an update about the security incident that Uber posted on Monday, the ride-hailing company expressed its belief that the attacker or attackers are affiliated with Lapsus$, which has been active over the past year and has hit such tech giants as Microsoft, Cisco, Samsung, NVIDIA and Okta.
In the security attack against Uber, the culprit took advantage of social engineering to trick an Uber contractor into approving a two-factor login request.
Though the attack could have been more severe, and Uber has taken steps to clean up the damage, the breach points to an unfortunate truth about cybersecurity.
Also See Share: Uber exposes Lapsus$ extortion group for security breach.
News URL
https://www.techrepublic.com/article/uber-exposes-lapsus-breach/
Related news
- Confused by the SEC's IT security breach reporting rules? Read this (source)
- Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up (source)
- Medibank breach: Security failures revealed (lack of MFA among them) (source)
- TeamViewer Detects Security Breach in Corporate IT Environment (source)