Uber Links the Recent Security Breach to Lapsus$ Hacker Group
Read also: crypto trading company Wintermute has lost $160 million in a hack, a 15-year-old Python bug puts at risk thousands of open-source projects, and more.
Thursday, September 22, 2022
Uber links the recent security breach to Lapsus$ hacker group
A hacker affiliated with the infamous Lapsus$ data extortion group may have been behind the recent Uber security breach that forced the ride-hailing company to temporarily shut down its internal systems.
The hack came to light last week when the attacker leaked several screengrabs that showed some Uber’s critical IT systems, including the AWS instance and HackerOne admin panel.
In an update on the incident Uber said that the hacker gained access to its systems via a compromised third-party account and from there accessed several other employee accounts thus gaining elevated permissions to a number of tools, including G-Suite and Slack. The company said it found no evidence that the intruder gained access to any user accounts or altered its codebase.
Crypto trading company Wintermute suffers a $160 million heist
Wintermute, one of the largest players in cryptocurrency industry has been robbed of about $160 million in various tokens, including Dai stablecoin, USD Coin, Tether, Wrapped ETH, in a security breach that took place on September 20.
The attackers had managed to steal 90 tokens from Wintermute’s EHT wallet and transfer them to their own. The company said that the hackers had drained funds from its decentralized finance (DeFi) operations, but the incident did not affect its lending and over-the-counter (OTC) services.
While Wintermute did not reveal the exact exploit method used in the attack, some reports suggest that the hackers may have exploited a recently disclosed bug in a Ethereum vanity address (a personalized cryptocurrency user account) generator tool called Profanity.
A 15-year-old Python bug puts at risk thousands of open-source projects
More than 350,000 open-source projects and several closed–source projects are at risk of software supply-chain compromise due to an old flaw in Python programming language that was disclosed back in 2007 but still remains unpatched, researchers have warned.
Tracked as CVE-2007-4559, the issue is a path traversal-related vulnerability in the Python tarfile module that could be exploited for arbitrary code execution. The problem here is that this module is a default module in any project using Python, and is currently present in numerous frameworks developed by Netflix, AWS, Intel, Facebook, Google, and software used for machine learning, automation and Docker containerization.
Disgruntled developer reportedly leaks the LockBit ransomware builder
It appears that the LockBit ransomware gang has itself become victim of a breach via an angry developer who published the newest LockBit 3.0 ransomware builder online.
The leak came to light after security researchers spotted a post on Twitter, in which a user going online as “Ali Qushji” claimed they hacked LockBit servers and obtained a builder for the LockBit 3.0 ransomware encryptor.
However, in a now-deleted tweet malware research group VX-Underground said a LockBit representative has disputed these claims and said they were not hacked, but rather a disgruntled programmer who was “upset with Lockbit leadership” leaked the builder. Regardless of how the leak occurred, it may be a huge blow to the LockBit operation, as it can lead to a rise in threat actors utilizing the leaked builder for their own ransomware attacks.
Rockstar Games confirms the leak of confidential information
Video game publisher Rockstar Games, a subsidiary of Take-Two Interactive, has confirmed it suffered a network intrusion that led to the theft of early development footage for the next game in its “Grand Theft Auto” franchise and other assets after the attacker leaked more than 90 video clips on an online forum.
In a security notice the company said that it does not anticipate any disruption to its game services or long-term effect of the ongoing projects.
Mere days after the RockStar attack, video game publisher 2K Games, another Take-Two Interactive’s unit, revealed that its help desk platform was compromised and used to spread malware via fake support tickets.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
