Uber Breached, Again, After Attackers Compromise Third-Party Cloud

Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner. [TechWeb]( Follow Dark Reading: [RSS]( December 14, 2022 LATEST SECURITY NEWS & COMMENTARY [Uber Breached, Again, After Attackers Compromise Third-Party Cloud]( Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner. [Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update]( Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year. [Hackers Score Nearly $1M at Device-Focused Pwn2Own Contest]( Offensive security researchers found 63 previously unreported vulnerabilities in printers, phones, and network-attached storage devices in the Zero Day Initiative's latest hackathon. [Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw]( Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments. [The Cybersecurity Industry Doesn't Have a Stress Problem — It Has a Leadership Problem]( Organizations need servant leaders to step forward and make their teams' professional effectiveness and happiness a priority. [Accelerating Vulnerability Identification and Remediation]( Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBOM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [TikTok Banned on Govt. Devices; Will Private Sector Follow Suit?]( Texas and Maryland this week joined three other states in prohibiting accessing the popular social media app from state-owned devices. [Popular WAFs Subverted by JSON Bypass]( Web application firewalls from AWS, Cloudflare, F5, Imperva, and Palo Alto Networks are vulnerable to a database attack using the popular JavaScript Object Notation (JSON) format. [When Companies Compensate the Hackers, We All Foot the Bill]( Ensuring stronger in-house defenses is integral to retaining customer loyalty. [MORE]( EDITORS' CHOICE [Metaparasites & the Dark Web: Scammers Turn on Their Own]( Sophos research unveiled at Black Hat Europe details a thriving subeconomy of fraud on the cybercrime underground, aimed at Dark Web forum users. LATEST FROM THE EDGE [Cybersecurity Drives Improvements in Business Goals]( Deloitte's Future of Cyber study highlights the fact that cybersecurity is an essential part of business success and should not be limited to just mitigating IT risks. LATEST FROM DR TECHNOLOGY [Google Launches Scanner to Uncover Open Source Vulnerabilities]( OSV-Scanner generates a list of dependencies in a project and checks the OSV database for known vulnerabilities, Google says. WEBINARS - [Zero Trust Security 101: What You Need to Know Before Getting Started]( With varying definitions, variations, and approaches floating around the cybersecurity ecosystem, it can be difficult to get a clear view of what exactly zero trust is, what it means, and what it takes to get it done. In this webinar, ... - [Security Considerations for Working with Cloud Services Providers]( With so many workloads in the could these days, enterprises are working with one or more of the major cloud services providers. How you can be ensured that these providers are handling data securely? What is the plan if there ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( [View More White Papers >>]( FEATURED REPORTS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [2022 State of Network Management (a $499 Value FREE)]( We surveyed networking professionals about their networking budgets, spending priorities, and concerns. Find out how big of a role security is playing and how they plan to address it. Download the report today! [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Niels Provos Joins Lacework as Head of Security Efficacy]( [Report: 79% of Employees Are Distracted at Work Amid a Year of Permacrisis]( [Google Cloud and Palo Alto Networks Team to Protect the Modern Workforce]( [KnowBe4 Supports Metaverse Safety Week]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Developing and Testing an Effective Breach Response Plan]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)