Darkreading.com: Latest Cybersecurity News

Attacker easily penetrates Uber system.

Views expressed in this cybersecurity, cybercrime, and cyberespionage update are those of the reporters and corresponents.  Accessed on 18 September 2022, 1408 UTC.

Content supplied by "Darkreading.com."

Source: https://www.darkreading.com/

Please click link or scroll down to read your selections.

Russ Roberts

https://www.hawaiicybersecurityjournal.net

https://paper.li/RussellRoberts (machine learning, artificial intelligence, IoT, and information security)

Latest News

Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.


Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials

The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign.



DDoS Attack Against Eastern Europe Target Sets New Record

The target has been under relentless DDoS attack, which ultimately set a new packets-per-second record for Europe.


Hacker Pwns Uber Via Compromised VPN Account

A teen hacker reportedly social-engineered an Uber employee to hand over an MFA code to unlock the corporate VPN, before burrowing deep into Uber's cloud and code repositories.


Malware on Pirated Content Sites a Major WFH Risk for Enterprises

Malware-laced ads are hauling in tens of millions of dollars in revenue for operators of pirated-content sites — posing a real risk to enterprises from remote employees.


Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks

Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.


Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government

Authorities are cracking down on persistent cybercriminal attacks from APTs associated with Iran's Islamic Revolutionary Guard Corps.


Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish

Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch.


 

Comments

Popular posts from this blog

SecurityWeek Briefing.

SecurityWeek Briefing.

Cyber War News Wire.