CyberheistNews Vol 12 #38 | September 20th, 2022
The article continues: ” A hacker on Thursday was believed to have breached multiple internal systems, with administrative access to Uber’s cloud services including on Amazon Web Services (AWS) and Google Cloud (GCP).
“The attacker is claiming to have completely compromised Uber, showing screenshots where they’re full admin on AWS and GCP,” Sam Curry wrote in a tweet. The security engineer at Yuga Labs, who corresponded with the hacker, added: “This is a total compromise from what it looks like.”
Uber since had shut down online access to its internal communications and engineering systems, while it investigated the breach, according a report by The New York Times (NYT), which broke the news. The company’s internal messaging platform, Slack, also was taken offline.
The hacker, who claimed to be 18 years old, told NYT he had sent a text message to an Uber employee and was able to persuade the staff member to reveal a password after claiming to be a corporate information technology personnel. The social engineering hack allowed him to breach Uber’s systems, with the hacker describing the company’s security posture as weak.
With the employee’s password, the hacker was able to get into the internal VPN, said Acronis’ CISO Kevin Reed in a LinkedIn post. The hacker then gained access to the corporate network, found highly privileged credentials on network file shares, and used these to access everything, including production systems, corporate EDR (endpoint detection and response) console, and Uber’s Slack management interface.”
Quote from WIRED: “One independent security engineer described the OneLogin account access the Uber hacker seems to have had access to as “the golden ticket jackpot.”
Photolok vs Recaptcha for AI Attacks
Cyber attacks are becoming more advanced and frequent as machine learning and artificial intelligenc[...more]
Understanding the Impact on MFA and SSO Implementations
Multi-factor authentication (MFA) and Single Sign-On (SSO) can often act as a vital bulwark against [...more]
Passkeys vs. Traditional Passwords in Cybersecurity
Passwords have long been the bedrock of digital security, but their limitations are increasingly evi[...more]
Understanding the Difference Between Physical and Behavioral Biometrics in Authentication
In our digital age, data security has become absolutely essential. We have more online accounts than[...more]
Human-Centered Design in Cybersecurity
Today, effective cybersecurity is more critical than ever. Organizations and individuals everywhere [...more]
How Photolok Defends Against Deepfakes: Innovative Security for the AI Era
Imagine receiving an urgent video call from your CEO. On the call, your CEO appears panicked and ask[...more]
OpenID Connect: The Ultimate Guide to Secure Authentication for Modern Web and Mobile Apps
Published 08-19-24 For many online users, managing digital identities securely and efficiently has b[...more]
Social Engineering and Its Impact on Cybersecurity
According to tech giant IBM, social engineering includes “attacks [that] manipulate people in[...more]
Enhanced User Experience: Netlok’s Passwordless Authentication vs. reCAPTCHA
Unlock the secrets of ReCaptcha's limitations and alternatives. Explore the evolution of online veri[...more]