Tag Archives: uber

Security Never Sleeps- Uber Breach, LA Cybersecurity

FTC: Uber Failed To Protect 100,000 Drivers In 2014 Hack

“Uber lacking security in several areas”

The Federal Trade Commission had ruled that Uber must upgrade its security systems after reviewing its current programs and finding them lacking. The review revealed evidence that a 2014 data theft had been twice as large as originally reported,where details of 100,000 drivers leaked to an intruder. The leak was made possible when the cybercriminal  was able to view driver data on an Amazon Web Services store in plain text.

Los Angeles plans to launch a cybersecurity threat-sharing group with city businesses

“Expected to lead as part of larger trend between state and business”

The city of Los Angeles has now officially announced a collaboration of cybersecurity threats with businesses that operate in the city. Industry organizations and federal agencies have made certain agreements that threat-share with each other in the past, however none have reached the scope and incorporation of SME’s that Los Angeles is orchestrating. Initial partners include video game production firm Riot Games, law firm O’Melveny and Myers and mall operator Westfield.

Automating cloud compliance

“Headchange needed for quality security”

Security systems are often viewed by individuals and firms as point-in-time activities. Standards and regulations are often based on this model, especially in cloud computing where customers are generally more in flux and rarely static. But in reality, constant compliance, auditing, and assurance programs are the only real way to ensure the viability of your protection.

Greed drives malevolent insider to steal former employer’s IP

“Remote IP theft”

Design and engineering firm Allen & Hoshall has fallen victim to a growing trend in IP crime. Remote theft of company data and ideas is growing, and Jason Needham, after founding the competing firm HNA-Engineering, helped himself to their ideas and research remotely via hacking.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 143

Google Just Discovered A Massive Web Leak… And You Might Want To Change All Your Passwords

“Perhaps most dangerous leak of the year so far”

A leak that may end up exposing the user passwords of many popular platforms and applications has been uncovered by a Google researcher recently. Major services indicated to be vulnerable may include Uber, FitBit, and OKCupid.

Beware Google Chrome scam that could inject malware into your computer

“Cybersecurity experts still concerned over continued threat”

A Google Chrome malware program still poses a threat to users after several months of circulation. Proofpoint has officially warned hackers that the program can inject script into inefficiently protected pages, targeting Chrome browsers specifically. It will then rewrite the compromised website to the affected users browser, making the page unreadable and provides a fake issue for the user to resolve,

Stop using SHA1: It’s now completely unsafe

“First real-world collision against SHA-1 hash”

Security researchers have now witnessed the first collision against the SHA-1 hash function, resulting in the duplication of a PDF file with the same signature. The algorithm’s security-sensitive functions are now entirely vulnerable, and should not be used for any secure files.

Enjoy your read? Check out our other content here.

10Fold – Security Never Sleeps – 37

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: HSBC has been hit by a cyber attack causing its personal banking website and mobile application to shut down, only weeks after a systems failure that left thousands of its customers without access to digital services. Researchers at Kaspersky Lab spotted attackers using malicious Microsoft Word documents distributed via spearphishing emails to spread the Black Energy Trojan in Ukraine. Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year. A bug exposed an Uber driver’s tax information including her name and social security number to all drivers who logged onto their dashboard in what the company calls, a ‘bug.’

HSBC cyber attack brings Internet banking to its knees – Publication: Financial Times – Reporter name: Emma Dunkley

HSBC has been hit by a cyber attack causing its personal banking website and mobile application to shut down, only weeks after a systems failure that left thousands of its customers without access to digital services. The bank said in a statement that it had “successfully defended against the attack, and customer transactions were not affected.” However by early afternoon on Friday its online banking services were still unavailable to some customers. Alex Kwiatkowski, a senior strategist at software group Misys, said the attack was “very concerning” and “shines a bright spotlight” upon HSBC’s systems weaknesses.


BlackEnergy malware deployed using malicious Word docs – Publication: SC Magazine – Reporter name: Robert Abel

Researchers at Kaspersky Lab spotted attackers using malicious Microsoft Word documents distributed via spearphishing emails to spread the Black Energy Trojan in Ukraine. Russian-speaking threat actors in the BlackEnergy APT group have been using malicious Excel and PowerPoint files to spread the group’s malware since last year but Kaspersky’s Global Research and Analysis Team Director Costin Raiu claimed this was the first time Word documents have been used. The BlackEnergy APT group has been actively targeting energy, government and media in Ukraine, and industrial controls systems supervisory control and data acquisition (ICS/SCADA) and energy companies worldwide.


 27% of all malware variants in history were created in 2015 – Publication: CSO Online – Reporter name: Maria Korolov

Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year. Trojans continued to account for the main bulk of malware, at 51.45 percent, followed by viruses at 22.79 percent, worms at 13.22 percent, potentially unwanted programs such as adware at 10.71 percent and cases of spyware at 1.83 percent.


‘Bug’ Exposes Uber Driver’s Tax Information, Including Name and Social Security Number – Publication: Forbes – Reporter name: Kelly Phillips

It was an über bad day for one driver who had her personal tax information, including her Social Security number, exposed due to what the drive on demand company is calling a “bug.” When Uber drivers logged on to the Uber partner dashboard to check their own 1099 information for 2015, they instead received information relating to someone else: a Florida woman who also drives for the company. The form in question was a federal form 1099-K, Merchant Card and Third Party Network Payments. Technically, drivers for Uber are not employees which is why they fill out the 1099-MISC. The driver’s 1099-K information remained on the Uber dashboard for a short time and it’s not known how many other drivers might have viewed it during that time. When made aware of the error, the company removed the tax tab on the dashboard altogether while the mistake was corrected.