According to the source, it was found that A1 Telekom, the largest internet service provider in Austria Which can admit to a security breach this week which whistleblower’s exposed.

The company admitted to suffering from the malware infection in November 2019 as the A1 security team detected a month later. The main issue is to remove the infection which is more problematic than it was at the initial anticipation.

It all from December 2019 to may 2020 where the security team had done all their jobs to take the malware operators in attempts which can remove all the hidden backdoor components which kick out the intruders.

A1 which has disclosed the nature of the malware which didn’t say if the intruders who are financially focused are a cybercrime gang.

When some bloggers came in contact with the Austrian ISP they discussed the malware which only infected the computers on its office network which consist of more than 15,000 workstations, 12,000 servers, and thousands of applications.

The threat actor wants to tool manual control of the malware and attempted to expand the foothold on the few systems to check the company’s entire network. The company security expert also said that the attackers are able to manage or compromised some database and even ran database queries in order to learn the companies internal network

With the talk with the Austrian press,” A1 which has a complex of its internal network which helped to prevent the threat actor from affecting the other systems and this happens because the thousands of the databases and their relationship are by no means for an outsider to understand.

The A1 mentioned to heise that the serious compromise that the lasted more than six months which can be attackers did not get the hands-on the sensitive customer data.according to the claims it was coming out with the queries of location, phone number and the other customer data for the certain private A1 customers

From the company, it was assured that the password of 8,000+ employees has changed the password and all access keys of the servers.

If you have any suggestions for the article. let me know in the comment section.

The post The Austria’s largest ISP Data breached by Hacker appeared first on Vednam.

Talking about Godaddy

Godaddy is the world’s largest Internet domain registrar and the web hosting company the main headquarter is in Scottsdale, Arizona which is approximately 19 million customers and worldwide total employee connected with the organization is around 9,000 

Let’s take a look at the data breach

As the whole scenario came from the company is that they identified the suspicious activity on a subset of the server. The investigation found that an unauthorized individual has access to your login information which is used to connect the SSH on your hosting accounts. After that, the unauthorized user has been blocked by the systems and we can continue the investigation potential which impacts the across our environment.

As per information, it was cleared that the attacks the hosting accounts but not affect the main website user credentials and information is safe.

SSH 

SSH is a secure shell which is a cryptographic network protocol for the operating network services

Securely over an unsecured network. Basically SSH is used to access an organization’s most critical assets, organizations stick to the highest security level of SSH access and disable basic credentials authentication and use the machine identities. A threat intelligence specialist of venafi said that the implementation of the strong private-public key to authenticate a user and a system.

What are the measures taken by GoDaddy?

In the process of precaution to avoid unauthorization access to the hosting account with login information. For the safer side, the customers are requested to conduct an audit for their hosting accounts. Godaddy team has sent the breach notification letter and offered one year of free website security deluxe and express malware removal services to show this was not the customer’s fault.

Godaddy runs the scans on your website to identify and alert you of any potential vulnerabilities. If a special way to contact our security team and they will be there to help that all mentioned in the notification letter.

The post Open the Incident of Godaddy Data breach appeared first on Vednam.

The hacker mentioned the name “john wick” who had hands in breaching the ZEE5 systems and downloaded 150GB of live data and also stole the source code of the Website.

Mainstream Story

According to the report which is circulated on the internet”the hacker who breached the data has a connection from the Korean hacking group which executed this plan successfully and sold all the data on the hackers’ forums”.

Hackers group shared some of the proof that they have access to the ZEE5’s Private code which are confirmed by the monitoring team and it was said that the access proof is correct the hack happened between the end of February or March.

Few Days after the hackers shared the other sample which is a very serious concern because this sample has the live code secret keys and credentials of the unsecured AWS.

The last breach was also detected on the 24th April 2020 and clearly indicated that the hacker has access to recently subscribed users and the database which contains user details among every state of India.

The database breach which we are talking about has the records of the “Payment Platform”.This is really becoming a big deal for the company that the user data with payment details that mainly harms the users who are connected with the ZEE5.

According to Ralph Wagner “We don’t manage the Zee5 Database and nor the Mysql database which are mentioned. I will investigate the whole breach and then we will share the proper details’

The leaked data includes which such information like :

1. Email Address
2. Mobile Numbers
3. Recent transaction 
4. Passwords

An Email sent to the different news agency which mentions “will expose your database & code in public for the open sale soon”

The Email address si sends from a secure and encrypted email service which cannot be able to trace the email. The mail send from the hacker through “hckindi@tutanota.com “

This email server is used in different campaigns like Dharma ransomware and the same email address which is seen used by the Korean hacker.

This is not the first time this hacking happens with the ZEE5. This all breach happens and the company says or takes any action on the breach.

If you like the Content comment and share it with others. Thank you for reading the article.

The post Zee5 Hacked-150GB Data leaked from Video On demand Platform appeared first on Vednam.