Uber Attributes Hack to Lapsus$ Group, Says No Sensitive User Information Accessed
Rockstar admits hack but says no long term impact, Ukraine IT Army hacks Wagner Group website, Pentagon probes military online operations, Wintermute loses $160 million in hack, much more
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Uber attributed its serious breach last week to a group of teen hackers known as Lapsus$, the same gang that hacked Okta, Microsoft, Nvidia, Globant, and Rockstar Games earlier this year.
The gang compromised an Uber contractor’s user account to gain nearly unfettered access to the company’s systems, the ride-hailing giant said. The company said the hacker stole some internal information and Slack messages but that no sensitive information such as credit card data and trip histories was taken, leaving open the question if other personal user information was compromised.
According to researchers, the employee’s credentials may have been stolen by password-stealing malware like RedLine installed on an employee’s computer, a technique that Lapsus$ has been known to use. After tricking the employee into accepting a push notification for multifactor authentication, the hacker gained access to Uber’s network. (Zack Whittaker / TechCrunch)
Related: Uber, Bleeping Computer, Bloomberg, CSO Online, The Register - Security, CPO Magazine, Marketwatch, Security News | Tech Times, PCMag.com, Fox Business, PCMag.com, Gizmodo, Forbes, iTech Post, ZDNet, iTech Post, Silicon UK, Gizchina.com, Teiss, India Today Latest Stories, Cybersecurity Insiders, Tech Monitor, The Stack, Startup Daily, Forbes, Gadgets 360, heise online News, Silicon Republic, Security Week, CSO Online, Wall Street Journal
Rockstar Games confirmed that a hacker broke into its systems and stole confidential internal data, including footage from the next highly-anticipated installment of its Grand Theft Auto series.
The company said it suffered a network intrusion that allowed someone to access and download “confidential information from our systems, including early development footage for the next Grand Theft Auto,” but doesn’t think the hack will disrupt its live game services or any long-term effect on the development of its ongoing projects.
The hacker behind the Rockstar breach and theft is purportedly the Lapsus$ gang, who also claimed credit for the significant Uber breach last week, although an individual, writing in apparently fluent English and using the handle “teapotuberhacker,” publicly took credit for the incident. Teapotuberhacker said they would leak more of what they stole if Rockstar Games or Take-Two Interactive did not pay them. (Jonathan Greig and Alexander Martin / The Record)
Related: The Independent, Barron's, Kotaku, The Tech Outlook, Hackerjournal.it, TThe Record by Recorded Future, TechRaptor, IBTimes.co.uk : Technology, The Nerd Stash, eTeknix, Help Net Security, Reuters, The Verge, Ars Technica, Tom's Guide, Polygon - All, NBC News Technology, Silicon Republic, WCCFtech, Motherboard, Finbold, Techaeris, Business Insider, Finbold, The Record by Recorded Future, Barron's, The Guardian, Engadget, Slashdot, HackRead, Techradar, Security Week, CNBC Technology, Variety, Neowin, PCMag.com
The Ukrainian IT Army, a government-led project of hacktivists conducting cyberoperations against Russia, says it hacked the website of Kremlin-affiliated Wagner private military company that is recruiting Russian prisoners for the war in Ukraine and obtained the personal data of the mercenaries.
“We have all personal data of mercenaries!” the IT Army said in a Telegram post. “Every executioner, murderer, and rapist will be severely punished. Revenge is inevitable!”
The hacker occurred after a video showed oligarch Yevgenii Prigozhyn, the organizer and handler of Wagner Private Military Company, personally encouraging Russian prisoners to go to war in Ukraine. (Euromaidan Press and Pravda)
Following concerns by the White House and federal agencies, Colin Kahl, the undersecretary of defense for policy, last week instructed the military commands that engage in psychological operations online to provide a full accounting of their activities by next month.
The Pentagon’s request for a comprehensive audit was triggered by disclosures by internet researchers Graphika and the Stanford Internet Observatory last month of takedowns in recent years by Twitter and Facebook of more than 150 bogus personas and media sites created in the United States. Although the researchers did not attribute the sham accounts to the U.S. military, sources say that the activities of U.S. Central Command are facing scrutiny.
Some takedowns involved posts from the summer that advanced anti-Russia narratives citing the Kremlin’s “imperialist” war in Ukraine and warning of the conflict’s direct impact on Central Asian countries. The researchers say some takedowns included a made-up Persian-language media site that shared content reposted from the U.S.-funded Voice of America Farsi and Radio Free Europe. Another was linked to a Twitter handle that in the past had claimed to operate on behalf of Centcom. (Ellen Nakashima / Washington Post)
Cryptocurrency market maker Wintermute lost $160 million in a hack relating to its decentralized finance (DeFi) operation.
Company CEO Evgeny Gaevoy said that the firm's lending and over-the-counter (OTC) services have not been affected, and the company remains solvent with "twice over" $160 million remaining in equity. However, he added that the company still treats the hack as a "white hat" event and asked the hacker to get in touch.
On-chain sleuth ZachXBT has tracked down the hacker's wallet. It currently holds around $9 million in ether (ETH) and $38 million in other erc-20 tokens. (Oliver Knight / CoinDesk)
Victims of the LockerGoga ransomware, known for its attacks on industrial systems, can now recover their stolen files for free, thanks to a new decryptor released by Romanian cybersecurity firm Bitdefender and the NoMoreRansom Initiative.
The Zurich Public Prosecutor’s Office, which also participated in developing the decryptor along with Europol, said the operators of LockerGoga were involved in ransomware attacks against more than 1,800 individuals and institutions in 71 countries, causing more than $100 million in damage. (Carly Page / TechCrunch)
Prosecutors in Bosnia and Herzegovina are investigating a wide-ranging cyberattack that has crippled the operations of the country’s parliament for the past two weeks.
Zlatko Miletić, a delegate in the House of Peoples, told the local newspaper Nezavisne that lawmakers couldn't get any work done and that the attack started around September 8 or 9. Although authorities have not said what kind of cyberattack was involved, the Sarajevo Times reported that the incident was a ransomware attack.
The country is in turmoil as concerns grow about secession efforts by Republika Srpska. A ransomware attack on the government of Montenegro three weeks ago took place likewise during a period of political turmoil, right as the current government was effectively removed from office by a no-confidence vote. (Jonathan Greig / The Record)
Financial technology company Revolut suffered a cyberattack that gave unauthorized third-party access to the personal information of tens of thousands of clients.
The incident occurred on September 11 and was described as highly targeted. A company spokesperson said that an unauthorized party had access "for a short period of time" to details of only a 0.16% of its customers. However, according to the breach disclosure to the State Data Protection Inspectorate in Lithuania, where Revolut has a banking license, 50,150 customers have been impacted.
Some Revolut customers also noted around the time of the incident that the support chat displayed inappropriate language to visitors. However, it’s unclear if the defacement is related to the breach. (Bill Toulas / Bleeping Computer)
A hacking group called Guacamaya that has primarily focused on Central American targets released roughly 10 terabytes of emails and other materials from military and police agencies in Chile, Mexico, El Salvador, Colombia, and Peru.
The specific targets are the Joint Chiefs of Staff of the Chilean Armed Forces, the Mexican Secretariat of National Defense, the National Civil Police of El Salvador and the Armed Forces of El Salvador, the General Command of the Military Forces of Colombia, the Joint Command of the Armed Forces of Peru and the Army of Peru.
The group targets entities it sees as playing a role in the region’s environmental degradation and the repression of native populations. (AJ Vicens / Cyberscoop)
American Airlines notified customers of a recent data breach after attackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information.
The airline said it has no evidence the exposed data was misused. The company discovered the breach on July 5th, immediately secured the impacted email accounts, and hired a cybersecurity forensic firm to investigate the security incident. (Sergiu Gatlan / Bleeping Computer)
According to a court filing, a former Republican Party official in Georgia, Cathy Latham, a fake elector in 2020, misrepresented her role in an alleged breach of voting equipment at a rural elections office two months after the last presidential election.
Latham helped coordinate the arrival of a computer forensics team at the Coffee County elections office on Jan. 7, 2021, welcomed them upon arrival, and spent nearly all day there instructing them what to copy, which turned out to be “virtually every component of the voting system,” the filing said. Latham’s attorney previously said that his client doesn’t remember all the details of that day. (Kate Brumback / Associated Press)
Binance Labs said it invested an undisclosed amount in Salus Security, which provides blockchain smart contract audits and automated smart contract vulnerability detection.
“At Binance, security has always been a priority, and we’re on the continued lookout for service projects that offer innovative security solutions to resolve pain points currently facing the blockchain ecosystem,” Yi He, Co-Founder of Binance and Head of Binance Labs, said in the statement. (Timmy Shen / Forkast)
Related: Binance Labs
Security giant CrowdStrike is investing an undisclosed amount in API security provider Salt Security through its strategic investment vehicle, Falcon Fund.
“As the adoption of SaaS applications grows, APIs are becoming a prime target for adversaries,” said Michael Sentonas, Chief Technology Officer at CrowdStrike. “Salt Security is the clear leader in solving this major 'blind spot' for organizations, which is why we chose to invest in this innovative technology and great team.” (Dutch IT Channel)
Clearwater cybersecurity training company KnowBe4 has received from Austin, Texas, private equity firm Vista Equity Partners a $4.2 billion offer to go private.
Vista Equity Partners made the company a buyout offer of $24 per share, a 39% premium over Friday’s closing price of $17.30, in a deal that values the company at $4.2 billion. In a statement, KnowBe4 said it has formed a committee of independent directors to weigh Vista’s offer “and other potential value creation opportunities to determine the course of action that it believes is in the best interests of KnowBe3 and its stockholders.” The company said it would not comment further until the committee makes its decision. (Jay Cridlin / Tampa Bay Times)