Tag Archives: GitHub

Uber Is Having a Really, Really Bad Day

Uber is already struggling to maintain a positive consumer image after a series of PR disasters over the last year.

Wait, what happened?
Yesterday was a tough day for Uber. Everyone’s favorite ride-hailing service was outed for attempting to hide the details of a massive hacking incident that occurred in 2016. This left the personal data of drivers and users exposed, including the names and drivers license numbers of nearly 600,000 Uber drivers in the US, along with the sensitive information of over 57 million Uber users globally.

But wait, there’s more!
So the company had an inept security system, what’s the big deal? Surely we’ve seen this story play out before? Whereas usually, a company would have a few bad days and a PR nightmare before journalists and bloggers slowly move on to the next story, this one is going to sting for a bit. Along with the data breach, the firms CTO was also shown to have paid off the two hackers who had accessed the data to the tune of $100,000 in order to keep the situation quiet. Ouch. We hope Uber’s PR team is ready to deal with the media.

Dig Deeper: BadRabbit is Crippling Networks, 10Fold Clients Have Answers

The Experts Weigh In
In the midst of this catastrophe there are experts cutting through the noise, and giving organizations the information they need in order for their company to not be the next big security breach story. Several 10Fold clients talked to Fox News about the event and how security failures like these are affecting the tech industry and beyond, as well as how firms can avoid or protect themselves from attacks in the future.

Stephan Chenette, CEO of enterprise security firm AttackIQ, gave Fox News a statement alongside several other 10Fold clients, saying that; “What makes this breach particularly damning is the failure of Uber to ethically disclose the breach to its customers.”

Manoj Asnani, vice president of product and design at network security firm Balbix, told Fox News that password security is an ongoing challenge for businesses. “Stolen passwords are one of the most common ways adversaries propagate through the enterprise to steal critical data.”

Zohar Alon, co-founder and CEO of cloud security specialist Dome9, added his comments as well, claiming; “This is yet another case of user error trumping the best security measures readily available today. For an organization as large as Uber, this is inexplicable. This is something that Uber, and any organization that is developing code, can and should implement whenever a software engineer checks in code to GitHub,” he added. “Relying on a developer or administrator to follow best practices is foolhardy at scale and the errors seem to be more egregious each and every time a breach makes the headlines.”

Looking for more great insights? Check out some of our other content here.

By Tyler Trainer

Looking for more great insights? Check out some of our other content here, and subscribe to our email list below:

Security Never Sleeps- Uber Breach, LA Cybersecurity

FTC: Uber Failed To Protect 100,000 Drivers In 2014 Hack

“Uber lacking security in several areas”

The Federal Trade Commission had ruled that Uber must upgrade its security systems after reviewing its current programs and finding them lacking. The review revealed evidence that a 2014 data theft had been twice as large as originally reported,where details of 100,000 drivers leaked to an intruder. The leak was made possible when the cybercriminal  was able to view driver data on an Amazon Web Services store in plain text.

Los Angeles plans to launch a cybersecurity threat-sharing group with city businesses

“Expected to lead as part of larger trend between state and business”

The city of Los Angeles has now officially announced a collaboration of cybersecurity threats with businesses that operate in the city. Industry organizations and federal agencies have made certain agreements that threat-share with each other in the past, however none have reached the scope and incorporation of SME’s that Los Angeles is orchestrating. Initial partners include video game production firm Riot Games, law firm O’Melveny and Myers and mall operator Westfield.

Automating cloud compliance

“Headchange needed for quality security”

Security systems are often viewed by individuals and firms as point-in-time activities. Standards and regulations are often based on this model, especially in cloud computing where customers are generally more in flux and rarely static. But in reality, constant compliance, auditing, and assurance programs are the only real way to ensure the viability of your protection.

Greed drives malevolent insider to steal former employer’s IP

“Remote IP theft”

Design and engineering firm Allen & Hoshall has fallen victim to a growing trend in IP crime. Remote theft of company data and ideas is growing, and Jason Needham, after founding the competing firm HNA-Engineering, helped himself to their ideas and research remotely via hacking.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 139

Windows SMB Zero-Day Exploit On The Loose

“As of now, no patch available”

US-CERT and many other organizations have been warning since Friday of a zero-day vulnerability in several versions of Microsoft Windows. The corruption bug is capable of giving hackers the ability to remotely crash and reboot a users system. The PoC code that allows for the exploitation is publicly available for any cybercriminal to use has been released on GitHub.

InterContinental Confirms Breach at 12 Hotels

“Credit card vulnerabilities acknowledged”

The parent company for thousands of different hotel has announced that at least 12 of its properties were affected by a breach of its servers, possible allowing credit card information to be stolen from its customers. KrebsOnSecurity first reported the story over a month ago, however InterContinental Hotels Group have only recently publicly acknowledged the incident.

29,000 taxpayers affected by W-2 scams

“IRS issues new warning amidst reports of compromised W-2 increases”

The newest warning advisory from the IRS coincides with additional plans that the agency has recently announced, including delays on refunds for early filings among others in an effort to combat identity theft and fraudulent activities. Employers have also been informed that the W-2 scam has moved to schools, nonprofits and tribal ogranizations.

Hacker hijacks thousands of publicly exposed printers to warn owners

“Rogue messages sent to prove a point about vulnerability of internet connected devices”

Recent research has has shown that many connected printer models are vulnerable to attack, a point that a hacker known under the alias as Stackoverflowin made reality to thousands of exposed devices. Messages were sent via the printer by Stackoverflowin, that depicted the dangers of unsecured devices.

Polish Banks Hacked via Malware Coming from Financial Regulator

“Largest hack in nations history”

Malware has been discovered on the servers pf many Polish banks, seemingly installed by the Polish Financial Supervision Authority (KNF). The banking sector considers this n attack on the financial sector.