As it was also mentioned that the data which has been leaked or hacked from 90 videos of clips from the game, which has been leaked over the weekend on GTA forums by a user with an alias” Teapotuberhacker,” which hinting that the party is same person responsible for the recent Uber breach.

“ At this time, we do not anticipate any disruption to the live game services which are nor any long-term effect on the development of our ongoing projects,” as the company said in a notice shared on its social media handles.

The company also said the third party has accessed  confidential information from our systems which although it’s not immediately clear if it involved any other data beyond the game footage.

The Uber hacker which found by the information it runs on the name “TeaPot “ which should to be an 18-year -old teenager and no more further information has been found yet.

“The teapotuberhacker said in one of the forum messages‘’ These videos were downloaded from slack”. This also likely means that the threat actor resorted to the same  methods of MFA bombing to get past extra account security layers.

The leaker posted a negotiation deal with company and said “ I will leak more if Rockstar/Take2 Doesn’t pay me” as per conversation mentioned in the media

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

TeaBot Trojan Spreads via Fake Antivirus Apps

Russian military which targeted passwords in wide-ranging hacking campaign, US and UK officials say

Record Breaking Data Breach happens with British Airways

Uber Officials Said the Investigation of Potential breach of Server

The post Hacker stole Early Grand Theft Auto VI footages Confirm by Rockstar Games appeared first on Vednam.

The United states marshals Servce(USMS) is a crucial bureau operating under the department of justice, which is connected to the federal justice system.The federal law enforcement agency has confirmed that the recently stolen data contains personally identifiable information of its employees.The agency released red flag for all the employees whose data has been compromised and asked them to be extra vigilant with their personal information.

As per report it has been confirmed by the NBC report, the federal law enforcement agency has been confirmed that the data has been stolen recently which has the personally identifiable information of its employee.Even the notice has been passed from the higher authorities to be very attentive with their personal information.

Even the USMS has released notice and executed the investigation for the culprits behind it which has taken this incident.Even they has just offline all the affected systems which were in the network to stop the culprit for more action.

What Really Hacked ?

There are lots of data Personal, Professional , Government, Public and Financial but lot more there are:

• Returns from legal process
• PII related to USMS investigations
• PII related to third parties
• PII related to USMS employees
• Administrative information 

USMS has a witness security File information System which has not been accessed by the attackers which means they are unable to establish any access to the system. 

This breach also did not put the danger to anyone in the witness protection system.

The compromised data has been having a long story and it has been a very concerning point for the documents which are very essential and not to be disclosed in public for safety reasons.

The U.S Marshals Service takes this data compromised seriously and even takes all the necessary steps which can prevent the data breach next time and protect the data which has been sensitive information.

The agency has taken alternate shifts till the system has been recovered and be on track.This service again be online and operational when all data has been on the track again with safety calls.

The post U.S Marshals Service Hacked! appeared first on Vednam.

When we talk about the Ransomware these days the hike in these attacks is increased and the threat actor worked with such dedication that we all become aware or next maybe you.

Russian Hacker Evil Corp has worked and accessed at least 31 organization networks in order to cripple systems and demand millions of dollars in ransom.

The US Justice Department has indicated the two alleged leaders in December 2019.

As a report mentioned from BBC that last year the US authorities filed charges against Evil Corp which alleged leaders Maskim Yakubets and Igor Turashev which are accused of using malware and stealing millions of dollars from the group which includes schools and religious organizations in over 40 organizations.

Even the organization who is finding these goons also announced $5m rewards for the information to their arrest that was the largest amount ever offered for a cyber-criminal.

According to the Gallup Poll, around 62% of the threat comes with the Americans who were working from home and still supporting the company or family in this pandemic time.

The US election is ahead and just a month away that’s why the federal and local officials have been putting hard measures in place to protect the voter records as well as manage safe voting practices amid the pandemic.

Attack Analysis

A firm named Symantec Corporation which monitors the corporate and government networks has released a notice of threat warning on Thursday night as it was identified.

The attacks which the Symantec have described as a relatively new type of the ransomware which was called WastedLocker which the Evil crop attributed it.

Ransomware is the computer virus that threatens the victim if they won’t pay the amount then their files are deleted. The most important this (Wasted Locker ransomware) virus demands ransoms around $500,000 to $ 1m and then after they unlock the file it seizes.

The Symantec firm also mentioned the “Vast majority of targets are the major corporations which include many household names and the main they target the 500 companies.

They attacked almost all the companies which are US-based and expect one owned.

According to the Symantec firm, the Russian hacker has breached the network of these companies and was “laying the groundwork” for the future ransomware attack, and that would let them block access to data and demand millions of dollars.

The New York Times also mentioned, “ The Russian hacker is using VPN for taking advantage of employees and now using virtual private networks(VPNs) to access work systems”.

Even though they use VPNs to identify which company a user works for, they are used to infect the computer when they visit a public or commercial site. After that even after the user connects then the Russian hacker can attack.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post Russian Hacker Evil Crop Group targets US workers at home appeared first on Vednam.

The tremendous increase in the number of cyber-attacks compared with the same period last year. This year the average ransom payment has nearly doubled over the years. Even with the countries which have the most advanced security technologies are also being attacked.

The several Florence officials may have been alerted that their information technology systems were hacked by the hackers who specialize in deploying ransomware.

The mayor mentioned that hackers may have access to the city’s computer systems for more than a month.

The Florence City Council voted unanimously at an emergency meeting that pays the ransom from the city insurance fund in order to preserve the information of city workers and customers.

On May 26, acting on a tip from Milwaukee which held the security KrebsOnSecurity contacted the office of Florence’s mayor to alert them that the Windows 10 system in their IT environment had been commandeered by a ransomware gang.

As Mayor Holt said “ We are having to approach it from the standpoint that we’re going to have to assume -we know they have some of our information, we don’t know that they have critical information frankly don’t think they do but we don’t know”

After that mayor, Holt has confirmed that the city is being deceived by the ransomware gang called DoppelPaymer.

Doopelpaymer has a reputation for never releasing any information once the ransom is paid.

The city will seek proof that the hacker deleted the stolen information.

“Ransom has been a big problem for some time but that was a worrying chapter for me as the Decatur information technology Director Brad Philips said”.

if you feel any suggestions for this article.Please!  let me know in the comment section

The post $300,000 Ransomware paid by city of Florence after attack appeared first on Vednam.

When the whole incident is associated then it is a warning that the improper usage and deployment of careless methods. The issues which become random attacks in NASA will securely affect the intellectual property, individuals as well as the national security data that might be loose by the data breaches.

According to the report which mentioned the Office of Management (OMB), which is currently increasing its security system which causes vulnerability.

The Office of Management and Budget (OMB) also reported that there was a whole of 1,468 cyber conflicts that was recorded at NASA in the year 2019 which OMB also evaluates the government companies as well on a yearly basis.

The same office is also reliable for producing and managing the implementation of strategies, guidelines, and rules on cybersecurity in federal agencies. These conflicts that there are also some conflicts that were reported like email attacks.

Email attacks are one of the most common conflicts which occur in public companies but there are only a few cases of email attackers in NASA that were reported with and the actual case of that type of conflict is improper usages of the service.

The previous year, NASA reinforced the Jet propulsion laboratory which has been hacked after someone at NASA which unauthorized Raspberry Pi to JPL servers. Due to the unauthorized connection leads the hackers to pass from the JPL server to NASA’s deep space network array of the telescopes.

All the attacks and the security incidents have affected the security budgets of NASA which can be handled by the Department of Defense (DOD) which sustained nearly 50% of the federal cybersecurity funds in 2019 which is about $8.5 billion.

Due to heavy attacks the IT structure department which was planned in budget and this time it was $479 million and that was the extra budget if you compare the budget of 2019 with 2018 which was mentioned in the report in 2019.

As per report the agencies re-planning for the development of the departments like technologies diversity, geographical decentralization of the government network that was the leading security. You can’t deny also that the rapid growth of the cyber-attacks which are damaging the public agencies and creating every possible challenge which becomes difficult to fulfill due to the budgets.

As per watching the increase in the rate of the incident of the cyber attack in NASA may put a negative impact and there will be a decrease in budgets that may affect also. Cyber-attacks may hit for 12% to 23%  and that was the alarming point for all. 

The agencies are still running on old code which is an outdated language and the system required the extra funds to maintain it yearly.NASA should focus on managing the department which leads to a decrease in cyber attacks.

If you find any suggestions for this article. Please! Drop it in the comment section.

The post NASA affected by 366% of Cyber attack in 2019 appeared first on Vednam.

According to the source, it was found that A1 Telekom, the largest internet service provider in Austria Which can admit to a security breach this week which whistleblower’s exposed.

The company admitted to suffering from the malware infection in November 2019 as the A1 security team detected a month later. The main issue is to remove the infection which is more problematic than it was at the initial anticipation.

It all from December 2019 to may 2020 where the security team had done all their jobs to take the malware operators in attempts which can remove all the hidden backdoor components which kick out the intruders.

A1 which has disclosed the nature of the malware which didn’t say if the intruders who are financially focused are a cybercrime gang.

When some bloggers came in contact with the Austrian ISP they discussed the malware which only infected the computers on its office network which consist of more than 15,000 workstations, 12,000 servers, and thousands of applications.

The threat actor wants to tool manual control of the malware and attempted to expand the foothold on the few systems to check the company’s entire network. The company security expert also said that the attackers are able to manage or compromised some database and even ran database queries in order to learn the companies internal network

With the talk with the Austrian press,” A1 which has a complex of its internal network which helped to prevent the threat actor from affecting the other systems and this happens because the thousands of the databases and their relationship are by no means for an outsider to understand.

The A1 mentioned to heise that the serious compromise that the lasted more than six months which can be attackers did not get the hands-on the sensitive customer data.according to the claims it was coming out with the queries of location, phone number and the other customer data for the certain private A1 customers

From the company, it was assured that the password of 8,000+ employees has changed the password and all access keys of the servers.

If you have any suggestions for the article. let me know in the comment section.

The post The Austria’s largest ISP Data breached by Hacker appeared first on Vednam.

The Whole Scenario

1. In May, the researcher from cybersecurity firms “RiskIQ” team discovered three compromised website which was owned by the Endeavor Business Media, Hosting javascript skimming code. The classic methods which is embraced by the magecart in the association with several hackers group that target the online shopping cart systems.
2. Three affected websites host content and the chat forums related to the emergency services provided by the police officer, firefighter, and security professionals.
3. Using the methods and involvement of Virtual credit card skimming attacks also called form jacking. The magecart operator secretly inserts Javascript code into a compromised website-usually on payment pages which can steal; customer’ card details which can later be transferred to a remote hacker-controlled server.

S3 Bucket Misconfigured 

1. In July 2019, Magecart conducted a similar campaign that exploited AWS insecure S3 bucket to feed virtual credit card skimmers on 17,000 domains.
2. It was started in April 2019, where a malicious script named “jqueryapi1oad” was employed in the malvertising operation which has impacted on 277 unique hosts so far. The threat actors behind the code were misconfigured S3 buckets.
3. This is featured in the top 30,000 of global Alexa ranking futbolred[.]com, a Colombian soccer news site which had a misconfigured AWS S3 storage buckets.

Credit card skimming

1. A company named as NutriBullet has suffered from Mageattack in February 2020. After a week, RiskIQ has discovered a javaScript skimmer placed in the NutriBullet website. You can ensure that the skimmer is inserted on the payment pages. Mage cart targeted a resource -JQuery javascript library.
2. During March 2020, the researcher from the Malwarebytes spotted a credit card skimmer which is embedded in the website of Tupperware which is a food storage company. The magecart attackers exploited the vulnerabilities on the website which you can insert their malicious module that can siphon the credit card details in which shoppers filled the payment forms to complete transactions.

Needless

Malicious actors have been exploiting misconfigured AWS S3 Buckets to insert their code into multiple websites for quite some time now.

If you have any suggestions for this. You can drop a comment below

The post AWS S3 Buckets again Exploit by the Hackers appeared first on Vednam.

DDoS attacks are basically done for different purposes but the most used is the DDoS attack can cause a webpage to become unavailable when receiving thousands of traffic at a specific time.

When our team followed up the last security reports from different firms, news, and portal we came to the conclusion that DDoS attacks are being doubled during the pandemic time which makes records of attacks

These attacks are effectively done by the attacker using several things related to the COVID-19 or the pandemic.

The cyber attacker and the group of hackers know well and take advantage of coronavirus to evolve the efficiency of DDoS Attack.

What actually happens when you attacked by DDoS the consumption of resources in computers like bandwidth,memory Space, alteration of the configuration and data theft may harm the physical network components…etc

What is a DDoS attack?

A DDoS attack is an attack that can compromise the website, server, services, and infrastructure which has the main purpose to disable and make a site, server, etc by sending false and fake traffic that engages the website server and let them down for a while.

The result of such an attack is to serve the site and forcefully process the excessive amount of false requests and make the site inaccessible to the simple user.

Types of DDoS attacks?

There are three forms of the DDoS attack and here is the list below :

• Volume-Based Attacks: This attack uses high traffic to flood the network with bandwidth and make a site, server, service, or infrastructure unavailable.

• Application-Based Attacks:  This attack is considered as the most sophisticated and critical form of harm to the web application.
• Protocol-Based Attacks: An attack focuses on exploiting the resources to the server which makes users unavailable during attacks.

DDoS Attacks Rage during the Pandemic Period 

According to the reports, the more work from home culture generated the more DDoS attack Rise at peak. Everything was related to the COVID-19 and due to which the world faced quarantine living and the situation has changed in the work culture of all sectors. The average growth in DDoS attack is 25 percent in 2020 but it doesn’t affect everyone equally, as the attacks on the educational resources and official website of the towns and cities have increased threefold compared to the same period of the last year.

From the report of security companies, it was mentioned that the number of attacks campaigns are run to the school and cities company.

This was also said by the security personnel that the attacks have increased two times as compared to the quarter of previous years.

This all focuses on the single point that the Cyber attackers are always taking advantage of any situation. During the pandemic time, the most targeted ransomware attacks are on the health organization and according to the reports, the situation will get worse.

How do they do the DDoS attacks? 

There are two types of logically divided DDoS attacks: the first: Attack on the network layer and the second is the application layer part of the server.

When the attack happens on the network layer that means the server communication channels are flooded by the Cyber attacker. If the Communication channel is the one who is only responsible for the amount of the data that the server is able to receive.

When the Flow of data is in the form of traffic then the server is unable to respond and execute the data that made the site unavailable for the whole visitor.

In this scenario, the attackers are able to make the resources for the visitors and they can easily access them but during the attack, there are too many requests that the server got failure and stop responding that happens during the DDoS attacks. Even sometimes DDoS attacks can increase the utilization of Processor and RAM and that can freeze the response rate.

How to Prevent DDoS Attacks?

First, you get connected with the cyber experts and discuss the situation. If they recommend any tools to use then go for it and use it on the server. You can manage it also by

1. Time to time monitors your server bandwidth utilization
2. Check the risk factor
3. If any issues found get contact with the expert and use the recommendation.

If you feel any suggestions. Please! Drop down to the comments section. Thank you

The post DDos Attacks- Affect During the Corona virus Pandemic appeared first on Vednam.

According to the report, the total vulnerabilities are 25 that have high and critical severity levels were eliminated as part of IOS and IOS XE.

The company also mentioned a number of other recommendations as well as on problems of high and medium severity affecting the IOS and the other software.

CVE-2020-3205 is the most critical and serious issue which allows the unauthenticated attackers to execute the arbitrary shell commands on a VDS server.

The Cyber attacker can exploit the security flaw and simply send the crafted packets to the victim’s device and that was the successful attack that can make compromise the victim’s systems.

The Second Vulnerabilities found is CVE-2020-3198 and this is the same as the previous one.

As the vulnerabilities hit the and authentication of attackers which you can remotely execute the arbitrary code on the vulnerable machine and crash the system after that reboot the device by sending the malicious packets to the machine.

Some Routers of Cisco like ISR 809 and 829 Industrial Routers even 1000 Series CGRs also.

Here the Third vulnerability caught is that CVE-2020-3227 is critical but it is not more dangerous as the earlier one and the flaw has scored 908 points out of 10 on CVSS scale.

CVE-2020-3227: Software Privilege

CVE-2020-3227 fowl has the issue of authorization controls for the Cisco 10x Infrastructure in Cisco IOS XE

As you all know, a simple bug can make authentication and credentials bypass and let the attacker full access to the machine. The same happens with the Cisco IOxAPI and executes commands remotely.

So what happened the vulnerabilities turned out to be the IOx that does not correctly handle requests for authorization tokens and the result is that it allows an attacker to use a special API commands requests a token and that execute commands on the affected machine.

Cisco already mentioned that it had released the necessary software update that specially addressed the vulnerability that there were no issues available with these updates.

After this cisco released the new Cisco IOS XE  software 16.3.1 for the security flaw comes in the router.

CVE-2020-3205: VM Channel

The CVE-2020-3205 Error has been present I the inter-VM channel of the Cisco IOS software for the Router 809,829, and 1000 Series that may be designed as hypervisor architecture. This vulnerability can allow the attacker to enter without unauthenticated and saute the shell commands in VDS of the affected devices.

The security issues are used by the cyber attacker to send malicious packets to the victims machine. If the attackers enter the router and then he/she can efficiently execute the commands with the privilege of the root user and that is the full commands on the device as you say.

After that Cisco released patched software and reminded every user to update with the new software to get rid of these vulnerabilities.

CVE-2020-3198: Code Execution 

In the Case of CVE-2020-3198, if the router crash or restart can be targeted by the attacker and the code is executed in the back of the shell. Cisco has mentioned a level of vulnerabilities 9.8 out of 10 points so this is more harmful and potential vulnerabilities than then rest of. Cisco has also published the software updates for the CVE-2020-3198 and now it was under control.

If you have any questions? Please! let me know in the comment section.

The post Cisco IOS router Under threat due some critical Flaw appeared first on Vednam.

According to the latest update the new arrival of the most demandable and real end-to-end encryption feature which apparently published because that was only available for the paid user. The main information of the critical vulnerabilities discovered latest.

The researcher from Cisco has mentioned in his comment that it was discovered the two vulnerabilities in the Zoom video conferencing software that could have allowed cyber attackers to compromise the machine of the group user chat or any individual recipient remotely.

Both the mistakes have made a path for the attacker to be vulnerable and can be exploited to write arbitrary files on the run=ing machine and vulnerable to any version of the Zoom Video conferencing software and also execute the malicious code.

According to the researcher, it was found that the successful exploitation of both the issues required little interaction form the participant user and execute the malicious code by some specially crafted message through the chat systems to an individual or a group.

The Previous vulnerabilities (CVE-2020-6109) also resided in the way Zoom leverages GIPHY services which were recently bought by Facebook,  let the users search and exchange animated GIFs while chatting.

The team who is in finding the source of hacking the machine, they found that the Zoom application did not check whether the shared GIF is loading from Giphy Services or from another source. The attacker embedded the GIFs from the third party attackers-controller server which zoom by the design cache/store on the recipient’s system in the specific folder which is associated with the application.

The application did not have filenames checking facilities that could allow the hackers to achieve the directory and trick the application into saving malicious files which are in the form of GIFs and sent to any location of the victim’s system.

The second remote code was used for the execution of malicious machines residing in the vulnerable version of the zoom application and process code of the snippets which are shared through the chat.

The researcher also said that the Zoom’s Video conferencing application chat process uses the XMPP standard with an additional extension to help and give a good user-friendly experience. In between, one of the extensions supports the feature of including source code snippets which have the syntax highlighting support. This feature sends the code snippets required by the installation of an additional plugin but receiving them does not.

The above feature used to create a zip of the shared code snippet before sending and that automatically unzips it with the recipient’s system.

From the source, it was mentioned that the Zoom Zip file extraction feature has never validated the content of the Zip file before the extraction process and allows the attacker to malicious code of the target computer.

Last Month Zoom patched both the code vulnerabilities and released version 4.6.12 the previous version 4.6.10 contained the vulnerabilities and now the video conferencing software is safe for windows, Mac OS, and Linux. 

If you feel anything about the comment. Please! Drop your comments below.

The post Zoom Chat let the hacker’s victimize the user appeared first on Vednam.