On last week’s hack, Uber says a contractor’s account was breached, hackers are likely linked to Lapsus$, and exposed HackerOne bug reports have been remediated (Uber Newsroom)

Lawrence Abrams / BleepingComputer:
Security engineer says Uber hacker had access to its HackerOne bug bounty program; source: the hacker downloaded all vulnerability reports before losing access  —  Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots …

In the midst of a cybersecurity incident is not the time for K–12 IT leaders to discover their incident response plan has flaws. While having an IR plan is a positive first step for teams, they also need to ensure the plan will be effective when an attack occurs.
There is no single correct way to create an incident response plan, and the scope of these plans will vary by organization. However, there are common mistakes that all K–12 leaders should avoid.
Click the banner to explore incident response resources from the experts at CDW.

Ransomware, phishing, distributed denial of service and other cyber breaches and attacks are becoming more common in K–12 schools. With threat vectors changing every day, school IT leaders say incident response is more critical than ever.
EdTech recently hosted a mini-roundtable with three IT experts in K–12 cybersecurity who shared how schools of all sizes can minimize their risk profiles and mount a powerful response in the event of an attack.
Check out our Cybersecurity Awareness Month content on incident response for more insights.

Washington Post:
The Uber hacker, who reportedly claims to be 18 years old, says they had breached the company for fun and might leak its source code “in a few months”  —  The company said in a tweet it was “responding to a cybersecurity incident”  —  SAN FRANCISCO — Uber’s computer systems …

Sergiu Gatlan / BleepingComputer:
LastPass says attackers accessed customers’ data after breaching its cloud storage using information stolen during a security incident in August 2022  —  LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.

Juli Clover / MacRumors:
iOS 16 has an option to remove Rapid Security Responses, security fixes that don’t require a full iOS update and by default are installed automatically  —  Apple in iOS 16 added a new Rapid Security Response feature that’s meant to make it quicker and easier for the company to deploy security improvements …