378 matches found
To settle with the DoJ, Uber must confess to a cover-up. And it did.
Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...
To settle with the DoJ, Uber must confess to a cover-up. And it did.
Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...
Malicious code in uber-images (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9dd8d0258403cf035485142912d4cab1fa8404aa0ecadcef51cec2c48994ce27 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6726 Malicious code in uber-images (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9dd8d0258403cf035485142912d4cab1fa8404aa0ecadcef51cec2c48994ce27 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uber-unify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21e225a3970b7b05148665407d43149de0796a652a40af4f9cb8dfeb3898b82f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6727 Malicious code in uber-unify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21e225a3970b7b05148665407d43149de0796a652a40af4f9cb8dfeb3898b82f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Uber: Golang expvar Information Disclosure
Package expvar provides a standardized interface to public variables, such as stack trace information and operation counters in servers...
[SECURITY] Fedora 35 Update: golang-github-uber-athenadriver-1.1.12-5.fc35
A fully-featured AWS Athena database driver...
Fedora: Security Advisory for golang-github-uber-athenadriver (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-uber-jaeger-client (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: golang-github-uber-jaeger-client-2.30.0-2.fc36
Instrumentation library that implements an OpenTracing Tracer for Jaeger https://jaegertracing.io...
Malicious code in uber-i18n (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dbcca9f20db138ccc1d9933fcfbdadcf78824e95f8eefca0cfb094f62ca84bdc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8), ai.chronon:aggregator_2.12 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +1301 more potentially affected by CVE-2021-37404 via org.apache.hadoop:hadoop-common (>=3.0.0 <=3.2.2)
org.apache.hadoop:hadoop-common MAVEN version =3.0.0, =1.0.1, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =thread-pool-0.0.24-dev, =0.0.6, =0.0.2, =3.34.0.3-1-3.1, =0.0.3, =1.0.0, =1.4.0, =1.5.0 and more Source cves: CVE-2021-37404 Source advisory: OSV:GHSA-RMPJ-7C96-MRG8...
Uber: Full read SSRF in flyte-poc-us-east4.uberinternal.com
Uber summary TBD. @shubs and I discovered an instance of Flyte Console on uberinternal.com. After auditing the open source code, we noticed an unauthenticated route for a “CORS proxy”. This was a classic server-side request forgery issue, allowing us to pass an arbitrary request to be performed b...
Uber: Uber Test Report 20220301
Test summary from Team Uber. This is the summary from secret John. This is the edit from hacker John after disclosure was approved. Second test after disclosure...
A week in security (January 3 – 9)
Last week on Malwarebytes Labs: Ransomware attacks Finalsite, renders 8,000 school sites unreachable for days Patchwork APT caught in its own web Sophisticated phishing scheme spent years robbing authors of their unpublished work Google and Facebook fined $240 million for making cookies hard to...
Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails
A security vulnerability that would allow malicious attackers to send email from Uber’s network appears to be closed – but users could have been swindled already. The easy-to-find bug has been hanging around for years, ready to take Uber’s customers for a ride of a very different sort. According ...
Careful! Uber flaw allows anyone to send an email from uber.com
On New Years Eve, Seif Elsallamy @0x21SAFE on Twitter, a bug bounty hunter and security researcher, pointed out a phish-worthy security flaw he found on Uber’s email system. The flaw allowed anyone to send emails on behalf of Uber, meaning they would end with "@uber.com", just like the one below:...
Uber: Exposed Golang Pprof debugger at https://cn-geo1.uber.com/
The Golang pprof debug interface was exposed on an Uber endpoint. This allowed introspection of stack traces, application timing, command line parameters and memory usage...
Uber security alert scam spoofs real Uber number—Watch out!
This morning Malwarebytes Labs received a scam masquerading as a security alert from Uber. The alert was pretty convincing and used the kind of language were used to seeing in genuine security emails and SMS messages. It read: Your Uber account was recently logged into from iPhone in London. If...