iIt was all around the information, however ZDNet’s Eileen Yu was one of many first. — “Hacker is believed to have breached Uber’s whole community in a social engineering assault, which one safety vendor says is extra intensive than the corporate’s 2016 world knowledge breach and entry logs probably altered.”
The article continues: ” A hacker on Thursday was believed to have breached a number of inner methods, with administrative entry to Uber’s cloud providers together with on Amazon Net Providers (AWS) and Google Cloud (GCP).
“The attacker is claiming to have fully compromised Uber, exhibiting screenshots the place they’re full admin on AWS and GCP,” Sam Curry wrote in a tweet. The safety engineer at Yuga Labs, who corresponded with the hacker, added: “This can be a whole compromise from what it seems to be like.”
Uber since had shut down on-line entry to its inner communications and engineering methods, whereas it investigated the breach, in accordance a report by The New York Instances (NYT), which broke the information. The corporate’s inner messaging platform, Slack, additionally was taken offline.
The hacker, who claimed to be 18 years outdated, advised NYT he had despatched a textual content message to an Uber worker and was in a position to persuade the workers member to disclose a password after claiming to be a company info expertise personnel. The social engineering hack allowed him to breach Uber’s methods, with the hacker describing the corporate’s safety posture as weak.
With the worker’s password, the hacker was in a position to get into the interior VPN, stated Acronis’ CISO Kevin Reed in a LinkedIn submit. The hacker then gained entry to the company community, discovered extremely privileged credentials on community file shares, and used these to entry every little thing, together with manufacturing methods, company EDR (endpoint detection and response) console, and Uber’s Slack administration interface.”
Do not let this occur to you. Practice your customers.
The complete article is at ZDNet:
https://www.zdnet.com/article/uber-security-breach-looks-bad-potentially-compromising-all-systems/