Security News
DUCK. Yes, Uber has come out with a follow up report, and it seems that they're suggesting that a hacking group like LAPSUS$ was responsible. Just because you have those that's a security gate, but it's not the end-all and be-all to keeping someone out.
Uber exposes Lapsus$ extortion group for security breach. Uber has laid the blame for its recent security breach at the feet of Lapsus$, a cybercrime group that uses social engineering to target technology firms and other organizations.
Uber on Monday disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group. As for how the attack unfolded, the ridesharing firm said an "EXT contractor" had their personal device compromised with malware and their corporate account credentials stolen and sold on the dark web, corroborating an earlier report from Group-IB. The Singapore-headquartered company, the previous week, noted that at least two of Uber's employees located in Brazil and Indonesia were infected with Raccoon and Vidar information stealers.
Uber has confirmed that the recent breach of its systems started with a compromised account belonging to a contractor."It is likely that the attacker purchased the contractor's Uber corporate password on the dark web, after the contractor's personal device had been infected with malware, exposing those credentials," the company said.
Uber, four days after suffering a substantial cybersecurity breach, has admitted its attacker accessed "Several internal systems" including the corporation's G Suite account, and downloaded internal Slack messages and a tool used by its finance department to manage "Some" invoices. The investigation is still ongoing, we're told, though according to Uber it also doesn't appear the intruder accessed "The production systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info, or trip history."
Uber believes the hacker behind last week's breach is affiliated with the Lapsus$ extortion group, known for breaching other high-profile tech companies such as Microsoft, Cisco, NVIDIA, Samsung, and Okta. The company added that the attacker used the stolen credentials of an Uber EXT contractor in an MFA fatigue attack where the contractor was flooded with two-factor authentication login requests until one of them was accepted.
Thousands of QNAP NAS devices hit by DeadBolt ransomwareQNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage devices and the vulnerability the attackers are exploiting. 5 Kali Linux books you should read this yearKali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering.
I'm coming to you from Vancouver, I'm downtown, I'm looking out the window, and there's actually an Uber sitting outside the window. At a very high level, the consensus appears to be that there was some social engineering of an Uber employee that allowed someone to get a foothold inside of Uber's network.
Uber, in an update, said there is "No evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational."
As we all know, there are many ways that attackers with time, patience and the gift of the gab can persuade even a well-informed and well-meaning user to help them bypass the security processes that are supposed to keep them out. Typically, attackers will deliberately look for and use known security vulnerabilities internally, even though they couldn't find a way to exploit them from the outside because the defenders had taken the trouble to protect against them at the network perimeter.