• About Us
  • Advertise
  • Contact Us
  • DMCA
  • Follow on Google News
Sunday, June 1, 2025
  • Login
National Age
  • Home
  • India
    • National
    • State News
  • World
  • Education
  • Lifestyle
    • Health & Fitness
    • Fashion
    • Travel
    • Food
  • Business
  • Tech
    • App News
    • Gadgets
  • Entertainment
  • Auto
  • Sports
  • Others
    • Agriculture
    • Science
    • Astrology
    • Finance/Money
    • Press Release
No Result
View All Result
  • Home
  • India
    • National
    • State News
  • World
  • Education
  • Lifestyle
    • Health & Fitness
    • Fashion
    • Travel
    • Food
  • Business
  • Tech
    • App News
    • Gadgets
  • Entertainment
  • Auto
  • Sports
  • Others
    • Agriculture
    • Science
    • Astrology
    • Finance/Money
    • Press Release
No Result
View All Result
National Age
No Result
View All Result
Home Business

Postmortem of Uber’s Social Engineering Hack

National Age by National Age
September 28, 2022
in Business
0
Postmortem of Uber’s Social Engineering Hack
Share on FacebookShare on Twitter

CloudSEK’s contextual AI based digital risk protection platform discovered a threat actor claiming to have compromised Uber, the American mobility service provider. Uber has confirmed the above claims and responded to the incident by stating that it is in contact with law enforcement agencies. Social engineering was employed as an initial attack vector by the threat actor.

The threat actor was able to compromise an employee’s HackerOne account to access vulnerability reports associated with Uber. To demonstrate the legitimacy of the claims, the actor has posted unauthorized messages on the HackerOne page of the company. Moreover, the attacker has also shared several screenshots of Uber’s internal environment including their GDrive, VCenter, sales metrics, Slack, and the EDR portal.

“The Uber Hack is a classic case of failure on multiple levels where Over privilege or privilege mismanagement plays a pivotal role. Eliminating privilege escalation paths or monitoring for access changes in accounts can be initial answers for mitigation, apart from Darkweb and surface web monitoring”, says Abhinav Pandey, Cyber Threat Researcher, Cloudsek.

Read ThisAlso

Say Hello to the Smartest Way to Sound — Ooka Audio Launches TWINS 707 Bluetooth Ceiling Speakers

Say Hello to the Smartest Way to Sound — Ooka Audio Launches TWINS 707 Bluetooth Ceiling Speakers

May 28, 2025
Smart Geek Visas Turns Immigration Dreams into Global Success Stories

Smart Geek Visas Turns Immigration Dreams into Global Success Stories

May 27, 2025

The actor plausibly employed social engineering techniques as an initial attack vector to compromise Uber’s infrastructure.

After attaining access to multiple credentials, the actor exploited the compromised victim’s VPN access to:

  • Pivot and escalate privileges inside the internal network
  • Scan the internal network(Intranet) for access

Subsequently, the actor gained access to an internal network(Intranet) *.corp.uber.com where the actor got access to a directory, plausibly with a name “share”, which provided the actor with numerous PowerShell scripts that contained admin credentials to the privileged access management system (Thycotic). This enabled the actor with complete access to multiple services of the entity such as Uber’s Duo, OneLogin, AWS, Gsuite Workspace, etc.

This hack had a tremendous impact on Uber starting from the Obfuscation of the application code, hindering the usability of the application, leaked credentials, and access could facilitate multiple account takeovers and leaking of sensitive and critical information of the entity. Equipping malicious actors with details required to launch sophisticated ransomware attacks, exfiltrate data, and maintain persistence, not to mention the reputational damage for Uber.

Mitigation Steps include training employees against social engineering attacks and techniques, implementing a strong password policy and enabling MFA across logins, creating specialized user groups with minimum privileges, closing unused ports, limiting file access, patching vulnerable, and exploitable endpoints, preventing private keys from being shared unencrypted in messaging systems like Slack or WhatsApp.

Singapore headquartered CloudSEK is a contextual AI (Artificial Intelligence) company, founded in 2015, by cybersecurity expert Rahul Sasi, with the aim to construct a future where intelligent machines can emulate human cognition to predict cyber threats even before they occur.

CloudSEK’s central proposition is to leverage AI to build a rapid and reliable detection, analysis, and alert system that offers swift detection across internet sources, precision analysis of threats, and prompt resolution with minimal human intervention.

CloudSEK offers the power of Cyber Crime monitoring, Brand Monitoring, Attack Surface monitoring, and Supply Chain Intelligence to give context to customers’ digital risks. CloudSEK’s single unified dashboard allows customers to triage and visualize all their digital threats in one place. CloudSEK also offers workflows and integrations to manage and remediate the identified threats.

Tags: American mobility service providerAttack Surface monitoringBrand MonitoringCloudSEKcontextual AI (Artificial Intelligence) companyCyber Crime monitoringcybersecurity expert Rahul Sasidigital risk protection platformHackerOneSupply Chain IntelligenceUberUber Hack
Share8Tweet5Share1SendShareSend
Previous Post

Dr. Geomcy George – Top emerging healthcare leader who is making a difference in the lives of many

Next Post

Cycle Pure launches pujaroom.com to provide a premium puja experience

National Age

National Age

Related Posts

Say Hello to the Smartest Way to Sound — Ooka Audio Launches TWINS 707 Bluetooth Ceiling Speakers
Business

Say Hello to the Smartest Way to Sound — Ooka Audio Launches TWINS 707 Bluetooth Ceiling Speakers

May 28, 2025
Smart Geek Visas Turns Immigration Dreams into Global Success Stories
Business

Smart Geek Visas Turns Immigration Dreams into Global Success Stories

May 27, 2025
More Than Toys: How Reddy Soft is Becoming India’s Favorite Gifting Brand
Business

More Than Toys: How Reddy Soft is Becoming India’s Favorite Gifting Brand

May 23, 2025
In India’s Smaller Cities, a Measured Investment Shift is Underway
Business

In India’s Smaller Cities, a Measured Investment Shift is Underway

May 22, 2025
Quick Scaleup Technologies: How a Patna-Based Startup is Powering Global Digital Growth
Business

Quick Scaleup Technologies: How a Patna-Based Startup is Powering Global Digital Growth

May 20, 2025
ClinicSpots Digital Services: Empowering Healthcare Brands with Proven Digital Growth
Business

ClinicSpots Digital Services: Empowering Healthcare Brands with Proven Digital Growth

May 20, 2025
Next Post
Cycle Pure launches pujaroom.com to provide a premium puja experience

Cycle Pure launches pujaroom.com to provide a premium puja experience

Diquery Digital, has been recognised by CustomFit. ai as one of the Top 20 Digital Marketing Agencies in India

Diquery Digital, has been recognised by CustomFit. ai as one of the Top 20 Digital Marketing Agencies in India

5 emerging leaders in the fintech and lending space in India

5 emerging leaders in the fintech and lending space in India

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Trending
  • Comments
  • Latest
Pro Cricket Championship Trophy (PCCT) announced the schedule of their selection trials and matches today

Pro Cricket Championship Trophy (PCCT) announced the schedule of their selection trials and matches today

May 26, 2022
Now our E-store India has become an international company

Now our E-store India has become an international company

November 1, 2022
Rotary announces: 20th Global Poster Painting Competition

Rotary announces: 20th Global Poster Painting Competition

June 8, 2022
On 27th & 28th December at Surat Marriott, Athwalines India’s premier fashion showcase Hi Life Exhibition is back

On 27th & 28th December at Surat Marriott, Athwalines India’s premier fashion showcase Hi Life Exhibition is back

December 26, 2023

Changa Video sharing app crosses 2 million on play store

0

World’s first DeepUV Air Sanitizer, launched by Indian startup Dokat Inc.

0

Japan’s tech start-ups bitgrit and Atrae rolls out professional ‘matching’ app in India offering jobs in India

0

Surat’s company invents – low-cost,high-end ventilator in support of the Aatmanirbhar Bharat Abhiyan

0
TCL Q6 Series: The Real Deal for Tech-Savvy TV Buyers This Year? (Yeah, We’re Looking Closely!)

TCL Q6 Series: The Real Deal for Tech-Savvy TV Buyers This Year? (Yeah, We’re Looking Closely!)

May 30, 2025
Hemant Suresh Avhad – Winner of the 21st Century Emily Dickinson Award

Hemant Suresh Avhad – Winner of the 21st Century Emily Dickinson Award

May 30, 2025
Chander Parkash Malhotra – Winner of the 21st Century Emily Dickinson Award

Chander Parkash Malhotra – Winner of the 21st Century Emily Dickinson Award

May 29, 2025
Rajarshi Choudhury – Winner of the 21st Century Emily Dickinson Award

Rajarshi Choudhury – Winner of the 21st Century Emily Dickinson Award

May 28, 2025

Recent News

TCL Q6 Series: The Real Deal for Tech-Savvy TV Buyers This Year? (Yeah, We’re Looking Closely!)

TCL Q6 Series: The Real Deal for Tech-Savvy TV Buyers This Year? (Yeah, We’re Looking Closely!)

May 30, 2025
Hemant Suresh Avhad – Winner of the 21st Century Emily Dickinson Award

Hemant Suresh Avhad – Winner of the 21st Century Emily Dickinson Award

May 30, 2025
Chander Parkash Malhotra – Winner of the 21st Century Emily Dickinson Award

Chander Parkash Malhotra – Winner of the 21st Century Emily Dickinson Award

May 29, 2025
Rajarshi Choudhury – Winner of the 21st Century Emily Dickinson Award

Rajarshi Choudhury – Winner of the 21st Century Emily Dickinson Award

May 28, 2025

www.nationalage.com, digital news and story platform bring you the news, articles, stories, and opinions on the latest happenings worldwide covering various sectors like nation, politics, and governance, social sector, review, foreign affairs, defence and security, latest review, lifestyle, entertainment, sports, technology, auto sectors, education, business and start-ups updates, Agriculture, Science, finance, money, food, and culture, etc.

If you have any query regarding Site, Advertisement, and any other issue, please feel free to contact at [email protected]

Follow Us

Browse by Category

  • Agriculture
  • App News
  • Astrology
  • Auto
  • Business
  • Education
  • Entertainment
  • Fashion
  • Finance/Money
  • Food
  • Gadgets
  • Health & Fitness
  • Lifestyle
  • National
  • Photography
  • Politics
  • Press Release
  • Religion
  • Science
  • Social Work
  • Sports
  • State News
  • Tech
  • Travel
  • Uncategorized
  • World
TCL Q6 Series: The Real Deal for Tech-Savvy TV Buyers This Year? (Yeah, We’re Looking Closely!)

TCL Q6 Series: The Real Deal for Tech-Savvy TV Buyers This Year? (Yeah, We’re Looking Closely!)

May 30, 2025
Hemant Suresh Avhad – Winner of the 21st Century Emily Dickinson Award

Hemant Suresh Avhad – Winner of the 21st Century Emily Dickinson Award

May 30, 2025
Chander Parkash Malhotra – Winner of the 21st Century Emily Dickinson Award

Chander Parkash Malhotra – Winner of the 21st Century Emily Dickinson Award

May 29, 2025
  • About Us
  • Advertise
  • Contact Us
  • DMCA
  • Follow on Google News

Copyright © 2021 National Age

No Result
View All Result
  • About Us
  • Advertise
  • Contact Us
  • DMCA
  • Home
  • Privacy Policy

Copyright © 2021 National Age

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In