See how a hacker broke into Uber’s IT systems yesterday – CISO Advisor

Uber stated late Thursday night, September 15, 2022 (San Francisco, California time) that it contacted the police after confirming that a hacker had breached its community. A safety engineer at Yuga Labs, Sam Curry, advised the New York Times that, in a dialog with the suspected hacker, he discovered full entry to Uber’s system. The hacker contacted the newspaper saying he was 18 years outdated and had been training his cyber safety expertise for years. He additionally stated he hacked Uber’s systems as a result of the web trade was weak. In a message on the corporate’s Slack, the activist additionally known as for Uber drivers to be paid extra.

This Friday the sixteenth, the worth of Uber shares fell 5.2% in pre-market negotiations on the New York Stock Exchange.

In Telegram’s dialog with safety researchers, he stated that with the credentials he acquired, he accessed Uber’s web. Inside, he discovered a community share that contained some PowerShell scripts. One of them comprises the username and password for operating Thycotic, a proprietary entry administration (PAM) program. With that he obtained the secrets and techniques of all of the providers – DA, DUO, Onelogin, AWS and GSuite.

The display was taken by Imran Parray (click on to enlarge)

Engineer Imran Parray, the CEO of the Indian firm Snapsec, posted a screenshot with a hacker indicating that he had hacked the account of an Uber worker in hackerone – thus, he has entered the information Uber’s full vulnerability. .

Hacker talks to the researcher and explains his hack (click on to enlarge)

As a consequence, a number of communication and engineering systems have been shut down, the newspaper stated. The attacker compromised the safety of inner systems, sending photos of company e-mail, cloud storage, and code dumps to cybersecurity researchers and the newspaper to show the breach.

Check this out
Hackers clarify what an Uber hack appears to be like like
Deal with Justice places Uber on trial

Since the incident was confirmed, Uber staff have been banned from utilizing the inner messaging service Slack. At this time, Uber isn’t guaranteeing that full entry to the units can be restored. Right earlier than Slack was banned, in keeping with the NYT, staff acquired a message from a hacker saying “Uber had a information breach.” The message went on to listing a number of inner databases that the hacker stated have been compromised.

According to an Uber spokesperson, an attacker hacked an worker’s Slack account and used it to ship the message. It was later found that he was capable of acquire entry to different inner systems after importing a photograph to an worker’s inner profile web page. The hacker who claimed duty for the hack advised The New York Times that he obtained the password by messaging an Uber worker claiming to be an IT professional – so the worker agreed to present his password, which he entered. system. In an inner e-mail, an Uber supervisor advised staff that the assault was being investigated.

This is not the primary time a hacker has stolen Uber information. In 2016, hackers stole data from 57 million Uber driver and passenger accounts, then contacted the corporate to demand $100,000 to delete their copy of the information. At that point, Uber managers – together with the chief safety officer – labored with the activists to cowl up the issue. However, the issue was found by new managers who got here to the corporate and reported it to the authorities. The firm’s former CISO is on trial for obstruction of justice and concealing a crime.

Paolo Passeri, cyber intelligence chief at Netskope, stated, “Social engineering is a vital a part of cyber assaults (…) Malicious actors are similar to IT groups, CEOs and different folks dedication to utilizing social know-how as a device to achieve entry to company systems and information do not belief something“.

And worldwide information companies

Leave a Reply

Your email address will not be published.