Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments. [TechWeb]( Follow Dark Reading: [RSS]( September 19, 2022 LATEST SECURITY NEWS & COMMENTARY [Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber]( Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments. [Hacker Pwns Uber Via Compromised VPN Account]( A teen hacker reportedly social-engineered an Uber employee to hand over an MFA code to unlock the corporate VPN, before burrowing deep into Uber's cloud and code repositories. [Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials]( The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign. [Business Application Compromise & the Evolving Art of Social Engineering]( Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense. [DDoS Attack Against Eastern Europe Target Sets New Record]( The target has been under relentless DDoS attack, which ultimately set a new packets-per-second record for Europe. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish]( Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch. [5 Best Practices for Building Your Data Loss Prevention Strategy]( The entire security team should share in the responsibility to secure sensitive data. [Cyberattacks Are Now Increasingly Hands-On, Break Out More Quickly]( Interactive intrusion campaigns jumped nearly 50%, while the breakout time between initial access and lateral movement shrank to less than 90 minutes, putting pressure on defenders to react quickly. [MORE]( EDITORS' CHOICE [Highlights of the 2022 Pwnie Awards]( Since 2007, the Pwnies have celebrated the good, the bad, and the wacky in cybersecurity. Enjoy some of the best moments of this year's ceremony. LATEST FROM THE EDGE [Tackling Financial Fraud With Machine Learning]( Financial services firms need to learn how — and when — to put machine learning to use. LATEST FROM DR TECHNOLOGY [Note to Security Vendors: Companies Are Picking Favorites]( A stunning three-quarters of companies are looking to consolidate their security products this year, up from 29% in 2020, suggesting fiercer competition among cybersecurity vendors. WEBINARS - [Next-Gen Security Operations: Building the SOC of the Future]( What does a security operations center (SOCs) require in 2022? The practice of monitoring and responding to threats looks very different today than it did just a few years ago. Which tools and skills do you need know to outfit a ... - [Managing Security In a Hybrid Cloud Environment]( The enterprise cloud environment is not homogenous - enterprises spread their workloads across private data centers and different public cloud providers. How do you manage security when the tools are all different? How do you enforce security controls consistently across ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Five Best Practices for AWS Security Monitoring]( - [Eight Best Practices for a Data-Driven Approach to Cloud Migration]( - [Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( [View More White Papers >>]( FEATURED REPORTS - [6 Elements of a Solid IoT Security Strategy]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [State of the Cloud: A Security Perspective]( Cloud computing has evolved over the years from a nice-to-have item on the IT wish list to a core technology driving business initiatives. But despite widespread adoption, cloud-based IT systems continue to be saddled with issues related to data security, ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Telos Corporation to Help Enterprises Operationalize Cybersecurity Compliance and Regulatory Risks with IBM Security]( [Fortanix Raises $90M in Series C Funding Led by Goldman Sachs Asset Management]( [Arcserve Independent Global Study Finds Businesses Still Losing Mission-Critical Company Data]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Ransomware Resilience and Response: The Next-Generation]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)