More Uber data exposed in possible supply chain attack
Tuesday, December 13, 2022
A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack.
ImmuniWeb chief architect and CEO Ilia Kolochenko said that given Uber’s likely investments into security since a 2016 data breach – which recently resulted in the criminal conviction of its ex-security officer Joe Sullivan – vulnerable third parties were likely to prove to be the “weakest link” for the firm.
“Despite all the efforts, controlling your external vendors is an arduous and costly task which is often underfunded and underprioritised compared to other security processes,” said Kolochenko. “Unsurprisingly, pragmatic cyber criminals hit the most vulnerable party to extract valuable data from Uber, which can now be exploited to further sophisticated attacks.”
If reports of the nature of the data prove accurate, Uber will now be at risk of attempts to gain access to its mobile architecture, said Kolochenko, while its employees may find themselves targeted in advanced spear-phishing or password-spraying attacks. From a legal perspective, the incident may also spell trouble for Uber, he added. Read Full Article
Latest Hacking News: ImmuniWeb Community Edition Review – Inclusive Vulnerability Scanning for Small Businesses
International Bar Association: Cyber security: Ukraine conflict and hybrid working add to threat matrix