Security News

American Airlines has notified customers of a recent data breach after attackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information. American Airlines discovered the breach on July 5th, immediately secured the impacted email accounts, and hired a cybersecurity forensic firm to investigate the security incident.

The big story from last month was the LastPass breach, in which an attacker apparently got access to just one part of the LastPass network, but was able to make off with the company's proprietary source code. LastPass has now published an official follow-up report on the incident, based on what it has been able to figure out about the attack and the attackers in the aftermath of the intrusion.

Uber believes the hacker behind last week's breach is affiliated with the Lapsus$ extortion group, known for breaching other high-profile tech companies such as Microsoft, Cisco, NVIDIA, Samsung, and Okta. The company added that the attacker used the stolen credentials of an Uber EXT contractor in an MFA fatigue attack where the contractor was flooded with two-factor authentication login requests until one of them was accepted.

I'm coming to you from Vancouver, I'm downtown, I'm looking out the window, and there's actually an Uber sitting outside the window. At a very high level, the consensus appears to be that there was some social engineering of an Uber employee that allowed someone to get a foothold inside of Uber's network.

Empress EMS, a New York-based emergency response and ambulance service provider, has disclosed a data breach that exposed customer information. According to the notification, the company suffered a ransomware attack on July 14, 2022.

Uber, in an update, said there is "No evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational."

Ride-sharing company Uber suffered a security breach Thursday, Aug. 15, that forced the company to shut down several internal communications and engineering systems. Prior to Slack being taken offline Thursday afternoon, Uber employees received a message that said, "I announce I am a hacker and Uber has suffered a data breach." The message also detailed several internal databases the hacker claimed had been compromised, according to the Times.

The breach appeared to have compromised many of Uber's internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. "They pretty much have full access to Uber," said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach.

Ride hailing giant Uber disclosed Thursday it's responding to a cybersecurity incident involving a breach of its network and that it's in touch with law enforcement authorities.The hack is said to have forced the company to take its internal communications and engineering systems offline as it investigated the extent of the breach.

The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. Lorenz, like many other ransomware groups, is known for double extortion by exfiltrating data prior to encrypting systems, with the actor targeting small and medium businesses located in the U.S., and to a lesser extent in China and Mexico, since at least February 2021.