• Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions
Flyy Tech
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
Flyy Tech
No Result
View All Result

Uber Claims No Sensitive Data Exposed in Latest Breach… But There’s More to This

flyytech by flyytech
September 17, 2022
Home Security
Share on FacebookShare on Twitter


Uber Hack

Uber, in an update, said there is “no evidence” that users’ private information was compromised in a breach of its internal computer systems that was discovered late Thursday.

“We have no evidence that the incident involved access to sensitive user data (like trip history),” the company said. “All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational.”

The ride-hailing company also said it’s brought back online all the internal software tools it took down previously as a precaution, reiterating it’s notified law enforcement of the matter.

It’s not immediately clear if the incident resulted in the theft of any other information or how long the intruder was inside Uber’s network.

Uber has not provided more specifics of how the incident played out beyond saying its investigation and response efforts are ongoing. But independent security researcher Bill Demirkapi characterized Uber’s “no evidence” stance as “sketchy.”

“‘No evidence’ could mean the attacker did have access, Uber just hasn’t found evidence that the attacker *used* that access for ‘sensitive’ user data,” Demirkapi said. “Explicitly saying “sensitive” user data rather than user data overall is also weird.”

CyberSecurity

The breach allegedly involved a lone hacker, an 18-year-old teenager, tricking an Uber employee into providing account access by social engineering the victim into accepting a multi-factor authentication (MFA) prompt that allowed the attacker to register their own device.

Upon gaining an initial foothold, the attacker found an internal network share that contained PowerShell scripts with privileged admin credentials, granting carte blanche access to other critical systems, including AWS, Google Cloud Platform, OneLogin, SentinelOne incident response portal, and Slack.

Worryingly, as revealed by security researcher Sam Curry, the teen hacker is also said to have gotten hold of privately disclosed vulnerability reports submitted via HackerOne as part of Uber’s bug bounty program.

HackerOne has since moved to disable Uber’s account, but the unauthorized access to unpatched security flaws in the platform could pose a huge security risk to the San Francisco-based firm should the hacker opt to sell the information to other threat actors for a quick profit.

Uber Hack
Uber Hack
Uber Hack
Uber Hack

So far, the attacker’s motivations behind the breach are unclear, although a message posted by the hacker announcing the breach on Slack included a call for higher pay for Uber’s drivers.

A separate report from The Washington Post noted that the attacker broke into the company’s networks for fun and might leak the company’s source code in a matter of months, while describing Uber’s security as “awful.”

“Many times we only talk about APTs, like nation states, and we forget about other threat actors including disgruntled employees, insiders, and like in this case, hacktivists,” Ismael Valenzuela Espejo, vice president of threat research and intelligence at BlackBerry, said.

“Organizations should include these as part of their threat modeling exercises to determine who may have a motivation to attack the company, their skill level and capabilities, and what the impact could be according to that analysis.”

The attack targeting Uber, as well as the recent string of incidents against Twilio, Cloudflare, Cisco, and LastPass, illustrates how social engineering continues to be a persistent thorn in the flesh for organizations.

CyberSecurity

It also shows that all it takes for a breach to take place is an employee to share their login credentials, proving that password-based authentication is a weak link in account security.

“Once again, we see that a company’s security is only as good as their most vulnerable employees,” Masha Sedova, co-founder and president of Elevate Security, said in a statement.

“We need to think beyond generic training, instead let’s pair our riskiest employees with more specific protective controls. As long as we continue to address cybersecurity as solely a technical challenge, we will continue to lose this battle,” Sedova added.

Incidents like these are also proof that Time-based One Time Password (TOTP) codes – typically generated via authenticator apps or sent as SMS messages – are inadequate at securing 2FA roadblocks.

One way to counter such threats is the use of phishing-resistant FIDO2-compliant physical security keys, which drops passwords in favor of an external hardware device that handles the authentication.

“MFA providers should *by default* automatically lock accounts out temporarily when too many prompts are sent in a short period of time,” Demirkapi said, urging organizations to limit privileged access.





Source_link

flyytech

flyytech

Next Post
AGM M7 phone review

AGM M7 phone review

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

ASUS ROG Phone 7 series to launch on April 13

ASUS ROG Phone 7 series to launch on April 13

March 25, 2023
Today’s Wordle Answer (#578) – January 18, 2023

Today’s Wordle Answer (#578) – January 18, 2023

January 18, 2023

Trending.

Review: Zoom ZPC-1

Review: Zoom ZPC-1

January 28, 2023
Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

October 23, 2022
Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

January 14, 2023
Allen Parr’s false teaching examined. Why you should unfollow him.

Allen Parr’s false teaching examined. Why you should unfollow him.

September 24, 2022
How to View Ring Doorbell on a Roku TV

How to View Ring Doorbell on a Roku TV

December 20, 2022

Flyy Tech

Welcome to Flyy Tech The goal of Flyy Tech is to give you the absolute best news sources for any topic! Our topics are carefully curated and constantly updated as we know the web moves fast so we try to as well.

Follow Us

Categories

  • Apple
  • Applications
  • Audio
  • Camera
  • Computers
  • Cooking
  • Entertainment
  • Fitness
  • Gaming
  • Laptop
  • lifestyle
  • Literature
  • Microsoft
  • Music
  • Podcasts
  • Review
  • Security
  • Smartphone
  • Travel
  • Uncategorized
  • Vlogs

Site Links

  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions

Recent News

CP+ 2023: Canon interview – ‘It’s our mission to make any camera system easier operate’: Digital Photography Review

CP+ 2023: Canon interview – ‘It’s our mission to make any camera system easier operate’: Digital Photography Review

March 26, 2023
Apple’s 2022 10th generation iPad is now available for just $399

Apple’s 2022 10th generation iPad is now available for just $399

March 26, 2023

Copyright © 2022 Flyytech.com | All Rights Reserved.

No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs

Copyright © 2022 Flyytech.com | All Rights Reserved.

What Are Cookies
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT