The full name of SOAR is Security Orchestration, Automation and Response, which means security orchestration automation and response.

Retrial Hacker hacker will not destroy the system. It is not a hacker who destroys data and the system. It is a software hacker (software cracker)

The biggest melon in the security circle these days is uber. The Chinese name is Uber. Everyone has made a lot of Uber’s wool, right? Although it was acquired by Didi because of its domestic business, it is still a monopoly dominant position in the foreign online car-hailing taxi market.

According to the "Wait Twist Times" threat actors hacked an employee's slack (enterprise chat platform) and obtained the company's access to the Amazon and Google cloud computing platforms. also notified the uber insider that the uber company "had suffered a data breach" and provided a list of internal databases allegedly hacked. , located in , , San Francisco, has confirmed the hacking attack, and the company is rushing to evaluate the losses caused by the hacking attack.

"I declare that I am a hacker and Uber has been leaked"

( hacker crackke always likes to say that he is a hacker, is real hacker does not destroy data or system )

Uber believes that the hacker behind the leak last week is associated with the Lapsus$ blackmail organization, which is famous for destroying other well-known technology companies such as Microsoft , Cisco , Nvidia, Samsung and Okta.

The company added that the attacker used credentials from the stolen Uber EXT contractor in an MFA fatigue attack, in which the contractor was flooded with a two-factor authentication (2FA) login request until one of them was accepted.

This social engineering strategy has become very popular and has been used in recent attacks on globally renowned companies, including Twitter, Robinhood, MailChimp and Okta.

In 2016, a major network security incident occurred in Uber. Hackers invaded Uber's network and obtained the personal privacy of millions of online ride-hailing passengers, including names, emails, phone numbers, and a large number of online ride-hailing drivers' car licenses and other information were also stolen. After the incident, Uber concealed the society and did not make it public until a year later. The company also admitted to paying $100,000 to hackers. Due to the unfavorable response in the hack, the US prosecutor filed criminal charges against the above-mentioned executive Sullivan for intentional obstruction.

It is reported that the latest hacking attacks in 2016 and this time involved Uber's account in the network security service provider "HackerOne". HackerOne's security service comes from some "justice hackers", who will discover security vulnerabilities in Internet companies, while manufacturers pay a certain bonus to obtain vulnerability information to consolidate the platform's security. Uber also has an account on HackerOne.

Multiple cybersecurity experts told a US financial media that they judged that the new hacker attack on Thursday had nothing to do with the cybersecurity case that Uber is currently trialing.

Corben Leo, chief marketing officer and security research expert at the US blockchain security company Zellic, said the trial that began on Friday does not seem to be related to the hacker attack, but hackers used the trial to distract Uber from launching the attack. The hacker's demands are the same as 99% of young and immature hackers on the Internet, which are fame and money.

Leo said that the depth and breadth of this hacking attack are still unknown, which makes the outside world even more worried. The hacker obtained files related to the vulnerability bonus plan. What's worse is that the hacker also accessed Uber's operating environment on Amazon's cloud computing platform, which is very likely to store Uber's customer information.

Retrial Hackers will not destroy the system. It is not the hacker who destroys the data system. It is the software hacker (software cracker)

In response to this incident, 360 founder Zhou Hongyi posted on Weibo that the incident was once again hacked exposed a common problem. Many companies and units only knew about it when they were attacked, and even didn't know about it.

"Today, the software-defined world is everywhere, and as long as there are vulnerabilities, they will definitely be attacked.The traditional security protection method of building a few firewalls and buying a few boxes is outdated. "Zhou Hongyi emphasized: "We need to upgrade security protection concepts and methods, and rely on massive big data analysis on the entire network, cloud analysis, sample library comparison and advanced expert services, so as to truly build digital security protection capabilities that "predict risks, see threats, and resist attacks." "

Zero Trust Solution should be widely used. There is also a learning algorithm SOAR automatic security response system If the strategy is good, there will be no such serious accident.

customer information and geographical location information will directly affect the security of uber users

If uber uses zero trust to build the entire security framework, then the changes in accessing the data environment will not happen if multiple internal systems are compromised. The full name of

SOAR is Security Orchestration, Automation and Response, which means security orchestration automation and response. This technology focuses on the field of security operations and maintenance, focusing on solving (but not limited to) security response issues. It was first proposed by Gartner in 2015. At that time, Gartner defined SOAR as Security Operations, Analytics, and Reporting. With the rapid development and evolution of security operation and maintenance technology, in 2017, Gartner redefined SOAR as security orchestration automation and response, and regarded it as security orchestration and automation (SOA, Security Orchestration and Automation), security incident response platform (SIRP, Security Incident Response Platform) and threat intelligence platform (TIP, Threat Intelligence Platform) A fusion of three technologies/tools. Gartner believes that SOAR technology is still evolving rapidly and its connotation may change in the future, but its goal of focusing on security operation and maintenance will not change.