At a glance.
- Uber suffers a data breach.
- Fraud in the C2C market.
- Social media executives testify before Congress.
- Large DDoS attack stopped in Eastern Europe.
- FBI observes increased cyberattacks against healthcare payment processors.
- CISA issues eleven ICS advisories.
- CISA adds six entries to its Known Exploited Vulnerabilities Catalog.
- Policy makers consider new OT security incentives.
- Decryptor for LockerGoga released.
Uber suffers a data breach.
Uber is investigating a breach of its systems, the New York Times reports. Yesterday, the company said in a tweet from its @/Uber_Comms account, “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”
The Times reports that the breach looks to have compromised a multitude of Uber’s systems, with the hacker sending the Times images of “email, cloud storage and code repositories.” Sam Curry, a security engineer at Yuga Labs who was in contact with the hacker, says “They pretty much have full access to Uber. This is a total compromise, from what it looks like.” The threat actor reportedly compromised a worker’s account on the company’s internal messaging service, Slack, saying, “I announce I am a hacker and Uber has suffered a data breach.” Two employees who weren’t authorized to speak on the situation publicly have said that they were told not to use Slack, and that other internal systems were inaccessible. The breach utilized phishing and social engineering, through sending a text to a worker convincing them to send a password that would gain the hacker access. An Uber spokesperson says that the breach is under investigation by the company and that law enforcement officials are being contacted.