Uber Technologies Inc said on Thursday it was investigating a cybersecurity incident, after a report that its network was breached, forcing the company to shut several internal communications and engineering systems. A hacker compromised an employee's account on workplace messaging app Slack and used it to send a message to Uber employees announcing that the company had suffered a data breach , according to a New York Times report https://nyti.ms/3QMveIu on Thursday that cited an Uber spokesperson. Cybersecurity has been an issue for Uber in the past. It suffered a significant hack in 2016 that exposed the personal information of about 57 million of its customers and drivers. Shares of the ride-hailing firm were down 5% on Friday, amid broader U.S. market declines. [.N] It appeared the hacker was able to gain access to other internal systems, posting an explicit photo on an internal information page for employees, the Times report added. "We are in … [Read more...] about uber: Uber is investigating a ‘cybersecurity incident’
Cybersecurity
EU proposes rules targeting cybersecurity risks of smart devices
From laptops to fridges to mobile apps, smart devices connected to the internet will have to be assessed for their cybersecurity risks under draft European Union rules announced, amid concerns about a spate of cyber attacks. Companies face fines of as much as 15 million euros ($15 million) or up to 2.5% of their total global turnover if they fail to comply with the European Commission 's proposed law known as the Cyber Resilience Act, which will require manufacturers to fix any problems that are identified. Companies could save as much as 290 billion euros annually in cyber incidents versus compliance costs of about 29 billion euros, the EU executive said. A series of high-profile incidents of hackers damaging businesses and demanding huge ransoms in recent years have heightened concerns about vulnerabilities in operating systems, network equipment and software. Read Also 75% increase in ransomware attacks targeting Linux systems in 2022 … [Read more...] about EU proposes rules targeting cybersecurity risks of smart devices
smart: Draft EU rules target smart devices with cybersecurity risks
Smart devices connected to the internet such as fridges and TVs will have to comply with tough European Union cybersecurity rules or risk being fined or banned from the bloc, according to a European Commission document seen by Reuters. Concerns about cybersecurity attacks have mounted in recent years following high-profile incidents of hackers damaging businesses and demanding huge ransoms. Read Also This is likely why US banned AI chips to China The EU executive will announce its proposal known as the Cyber Resilience Act on Sept. 13. It is likely to become law following input from EU countries. The rules could cut the cost of cyber incidents to companies by as much as 290 billion euros ($289.8 billion) annually versus compliance costs of about 29 billion euros, the paper said. Manufacturers will have to assess the cybersecurity risks of their products and take appropriate procedures to fix problems, the document said. The companies … [Read more...] about smart: Draft EU rules target smart devices with cybersecurity risks
uber: Uber says responding to ‘cybersecurity incident’ after report of network breach
Uber Technologies Inc said it is responding to a cybersecurity incident, after a media report that its network was breached with the ride-hailing company taking several internal communications and engineering systems offline. A hacker compromised an employee's workplace messaging Slack app and then used it to send a message to Uber employees announcing that it had suffered a data breach, according to a New York Times report, citing an Uber spokesperson. It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees, the report added. "We are in touch with law enforcement and will post additional updates here as they become available," Uber said in a tweet without providing further details. Read Also Uber partners with startup Nuro to promote autonomous food, grocery delivery Uber turns cash flow positive for the first time in bumper … [Read more...] about uber: Uber says responding to ‘cybersecurity incident’ after report of network breach
Uber confirms “cybersecurity incident” after 18-year-old claimed to be behind massive breach
What just happened? Uber is investigating a cybersecurity incident that has compromised many of its internal systems, giving the hacker, who says he is just 18 years old, almost complete access to the company's network. The breach is thought to be as bad as or worse than the 2016 incident that exposed the details of 57 million customers. The New York Times reports that the hacker used a common social engineering technique to access Uber's systems. He sent a text message to one of the ride-hailing giant's employees claiming to be a corporate IT person. The worker was persuaded to hand over their password, granting the perpetrator access to Uber's network. The hacker provided screenshots of Uber's internal systems to the NYT as proof of his successful attack. He told the publication that he is 18 years old and had been working on his cybersecurity skills for several years, adding that Uber's weak security prompted him to compromise its network. Once he had access, the hacker … [Read more...] about Uber confirms “cybersecurity incident” after 18-year-old claimed to be behind massive breach
This fearsome new Linux malware will send a shudder down the spines of IT professionals
Audio player loading… A brand new Linux malware (opens in new tab) strain capable of different kinds of nasties has been detected, capable of abusing legitimate cloud services to stay hidden in plain sight. Cybersecurity researchers from AT&T Alien Labs recently discovered (opens in new tab) the malware and named it Shikitega. It comes with a super tiny dropper (376 bytes), using a polymorphic encoder that gradually drops the payload. That means that the malware will download and execute one module at a time, making sure it stays hidden and persistent. The command & control (C2) server for the malware is hosted on a “known hosting service”, making it stealthier, it was said. Abusing PwnKit The researchers aren’t absolutely certain what the malware’s authors were trying to achieve. Shikitega is quite potent, as it can run on all kinds of Linux (opens in new tab) devices, and allows threat actors to control the webcam on the target … [Read more...] about This fearsome new Linux malware will send a shudder down the spines of IT professionals
One of the biggest new iOS 16 features might not actually be all that helpful
Audio player loading… With Apple set to launch its new iOS 16 operating system imminently, some security experts have warned that the software's headline privacy feature might not be all that it's cracked up to be. The company announced that Lockdown Mode would be available as part of iOS 16, designed for the new iPhone 14 models and more, in a bid to offer users a stronger level of cybersecurity protection than ever before. But exactly how useful the feature will be to the millions of everyday iPhone users had been called into question, with one leading VPN company calling out Apple just in time for the launch. iOS 16 Lockdown Mode "Using Lockdown Mode comes at a cost," explained Marijus Briedis, Chief Technology Officer at NordVPN . "Get behind the wheel of a tank and you’re unlikely to be setting any speed records and, in the same way, employing this security measure will limit your iPhone’s performance and what you can do with it." “Most … [Read more...] about One of the biggest new iOS 16 features might not actually be all that helpful
New password manager does away with master passwords once and for all
Audio player loading… JumpCloud has launched a new decentralized password manager that combines local and cloud storage to provide an additional layer of security to organizations. The company claims this approach minimizes the risk to data by syncing information stored on local devices with its own servers through end-to-end encryption. This is an unusual step for a password manager, which normally rely purely on cloud syncing (without encryption) and are protected by master passwords known only to individual users. Currently available in early access until Q4 2022, JumpCloud Password Manager also lets users share their passwords, two-factor authentication (2FA), and payment methods across their organization in a secure, controlled environment. Password management innovations As a result of JumpCloud acquiring MYKI (opens in new tab) in February 2022, the company’s new password management software will also provide a single ‘Open Directory … [Read more...] about New password manager does away with master passwords once and for all
Watch out – that WeTransfer link could be a phishing scam
Audio player loading… If you get an email from an unknown person, sharing a “Proof of Payment” document from WeTransfer, be careful as it’s most likely malware . Cybersecurity researchers from Cofense have found threat actors are now distributing the Lampion malware this way in greater volume. Lampion is a known trojan, capable of stealing sensitive data, such as banking information, passwords, and similar. It does so by overlaying known login forms with its own, and then sending out the submitted data to its command & control servers. Lampion distribution What makes this campaign more dangerous than other, similar campaigns, is the use of WeTransfer . This is a legitimate file transfer service, making it extremely difficult for email security systems to flag it as malicious. What’s more, this is not the only legitimate service the crooks are abusing - they’re also leveraging Amazon Web Services (AWS), and here’s how. When a victim receives … [Read more...] about Watch out – that WeTransfer link could be a phishing scam
Ransomware gangs using clever new technique to dance past security protections
Audio player loading… Ransomware operators have come up with a new encryption method that makes locking files faster, and less likely to be noticed by antivirus (opens in new tab) and other cybersecurity solutions, researchers have found. According to experts from SentinelLabs, a rising number of ransomware (opens in new tab) operators (including Black Basta, BlackCat, PLAY, and others) have started adopting a process called “intermittent encryption”, encrypting files partially, instead of completely. That way, the files are still rendered useless (unless the owners get a decryption key), but the encryption process takes significantly less time, with researchers adding they expect more groups to adopt the technique in the future. Multiple approaches Different groups approach intermittent encryption differently. Some will only encrypt the first few bytes of a file. Others will offer multiple choices, leaving it up to the ransomware deployers to decide. … [Read more...] about Ransomware gangs using clever new technique to dance past security protections