Tag Archives: Hacking

Uber Is Having a Really, Really Bad Day

Uber is already struggling to maintain a positive consumer image after a series of PR disasters over the last year.

Wait, what happened?
Yesterday was a tough day for Uber. Everyone’s favorite ride-hailing service was outed for attempting to hide the details of a massive hacking incident that occurred in 2016. This left the personal data of drivers and users exposed, including the names and drivers license numbers of nearly 600,000 Uber drivers in the US, along with the sensitive information of over 57 million Uber users globally.

But wait, there’s more!
So the company had an inept security system, what’s the big deal? Surely we’ve seen this story play out before? Whereas usually, a company would have a few bad days and a PR nightmare before journalists and bloggers slowly move on to the next story, this one is going to sting for a bit. Along with the data breach, the firms CTO was also shown to have paid off the two hackers who had accessed the data to the tune of $100,000 in order to keep the situation quiet. Ouch. We hope Uber’s PR team is ready to deal with the media.

Dig Deeper: BadRabbit is Crippling Networks, 10Fold Clients Have Answers

The Experts Weigh In
In the midst of this catastrophe there are experts cutting through the noise, and giving organizations the information they need in order for their company to not be the next big security breach story. Several 10Fold clients talked to Fox News about the event and how security failures like these are affecting the tech industry and beyond, as well as how firms can avoid or protect themselves from attacks in the future.

Stephan Chenette, CEO of enterprise security firm AttackIQ, gave Fox News a statement alongside several other 10Fold clients, saying that; “What makes this breach particularly damning is the failure of Uber to ethically disclose the breach to its customers.”

Manoj Asnani, vice president of product and design at network security firm Balbix, told Fox News that password security is an ongoing challenge for businesses. “Stolen passwords are one of the most common ways adversaries propagate through the enterprise to steal critical data.”

Zohar Alon, co-founder and CEO of cloud security specialist Dome9, added his comments as well, claiming; “This is yet another case of user error trumping the best security measures readily available today. For an organization as large as Uber, this is inexplicable. This is something that Uber, and any organization that is developing code, can and should implement whenever a software engineer checks in code to GitHub,” he added. “Relying on a developer or administrator to follow best practices is foolhardy at scale and the errors seem to be more egregious each and every time a breach makes the headlines.”

Looking for more great insights? Check out some of our other content here.

By Tyler Trainer

Looking for more great insights? Check out some of our other content here, and subscribe to our email list below:

Security Never Sleeps- Hacking Energy Companies, Endpoint Security

Hacking attack on energy companies raises sabotage fears

“Two dozen energy companies affected”

More than two dozen energy companies and utility providers in the US and Europe have been attacked as a part of a cyber hacking campaign which looks to infiltrate the control systems of power supply organizations. The Dragonfly attack group, also known as Energetic Bear and Crouching Yeti, has been operating hacking attempts since 2011 but appeared to cease activity after being publicly exposed in 2014.

Data Breach Costs Vary Significantly by Organization

“Forrester reports on data theft” 

Forrester has recently released a report that advises businesses to not use publicly reported breach costs at other organizations as an estimate for what you might end up paying for a breach. One of the biggest mistakes that security professionals make when estimating data breach costs is to assume they can use publicly reported costs from breaches at other organizations as a reasonable proxy for their own, and many do not take this into account when planning for their own possible incidents.

Multiple Vulnerabilities Found in Mobile Bootloaders

“Issues in bootloaders of popular mobile platforms”

Security researchers from the University of California, Santa Barbara have discovered a code execution series and denial of service vulnerabilities in the bootloaders of many mobile systems. Using a newly created tool called BootStomp, the researchers found six previously-unknown possible breach points, five of which have been validated by their creators.

Endpoint Security Overload

“Teams are over-investing in endpoint security tools, drives inefficiencies”

An excess of endpoint security tools in organizations is driving “information security debt,” according to a new report by 451 Research and Digital Guardian. The “Voice of the Enterprise” touches on the use and consolidation of endpoint security tools found that the more endpoint security systems an enterprise has, the greater the cost of managing them. Security teams are struggling with inefficiency because they’re moving from dashboard to dashboard all day.

Enjoy your read? Check out our other content here.