The new Superseding incident does not contain any additional charges beyond the prior 18-count indictment filed against Assange in May 2019 but it does “Broaden the scope of the conspiracy surrounding alleged computer intrusions with the Assange was previously charged”, the DoJ said.

Around May 2019, Assange was charged with 18 counts which is under the old U.S Espionage Act for the unlawful publishing of the classified and diplomat document on his popular Wikileaks website in 2010 and which obtained firm former Army intelligence analyst Chelsea Manning.

The Assange which has been alleged to have obtained classified documents by conspiring with Manning to crack a password hash to a classified U.S Department of Defense computer.

The New Superseding indictment unsealed Wednesday  [PDF], Assange, and other WikiLeaks also recruited hackers at conferences in Europe and Asia which conspired with them to commit computer intrusions to benefit Wikileaks.

The early days of the Wikileaks which Assange has spoken in conferences about his own last activities as a “famous teenage hacker in Australia” which encouraged others to hack and obtain information for WikiLeaks.

In around 2009, for the instance which Assange and told the hacking at the random conference that Wikileaks  which obtained nonpublic documents from the Congressional Research Service by exploiting “a Small Vulnerability” inside the document distribution system of the United States Congress and then after assessed that “This is what anyone of you would find if you were actually looking”

The Indictment also accused Assange of gaining unauthorized access to a government computer system of a NATO country (30 Member states from North America and Europe) in 2010.

Even Assange communicated directly with the leader of the hacking group LulzSec (This group also cooperating with the FBI) and they asked for the list of targets to hack.

“With due respect to one target, the Assange asked the Lulzsec leader to look for the databases, documents, pdfs, and mail which the Wikileaks provide. Finding another communication the Assange also mentions the LulzSec chief that the it that mostly released and exposed materials would be from CIA, NSA or the new york times” as the DoJ mention in the quote.

According to the threat actor, Assange has been indirectly pushed and asked him to spam the victim company again. The Assange has abstained and published the emails from data breach which are committed against the U.S intelligence Consulting company by the hackers which are mentioned with “Anonymous” and LulzSec which is published on Wikileaks.

Assange was arrested in April 2019 in London after Ecuador withdrew his asylum and was later sentenced for the 50 weeks in U.K prison for breaching the bail condition in 2012.

Even the 48-Year-old is still awaiting possible extraction to the United States who is currently in prison in the U.K.

Now he will be convicted for all counts, The Assange could face a total maximum sentence of 175 years in the U.S prison for the alleged role in compromising the classified information in the history of the united state.”

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post Wikileaks Owner charged for the involvement in conspiracy appeared first on Vednam.

From the Blue Leaks, the data which is exposed or leaked by the DDoSecrets group which contains hundreds of sensitive documents from the past 10 years that may include official and personal information.

DDoSecrets of the Distributed Denial of secrets works the same as the WikiLeaks include transparency work. they publicly publish data and classified information that is submitted by the hackers while claiming the organizations themselves and never get involved in the extraction of the data.

As the hacktivist Group, the BlueLeaks dump having the information of “Police and FBI reports, guides, bulletins and more details which provide the unique insights into enforcement and a wide array of government activities that include the thousands of documents mentioning about the COVID19. 

We are gonna find a Screenshots of the Blue Leaks dump which show the data contains around millions of the files which include images, document, videos, web pages, text files, emails, audio files and more though they yet to investigate how many files are classified and that not supposed to be public.

The Blueleaks having the data which contained intelligence on protests include the recent countrywide “Black Lives matter” and that protest in the U.S which followed the death of George Floyd at the time when he was in the custody of Minneapolis.

The Blue Leaks have the list of U.S agencies are : 

• Alabama Fusion Center
• Austin Regional Intelligence Center
• Boston Regional Intelligence Center
• Colorado Information Analysis Center
• California Narcotic Officers’ Association
• Delaware Information and Analysis Center
• FBI Houston Citizens Academy Alumni Association
• FBI National Academy Association Arkansas/Missouri Chapter
• FBI National Academy Association Michigan Chapter
• FBI National Academy Association of Texas

When Finding it appears that the source of the massive data stems from a security breach at Houston-based web hosting ‘Netsential Inc’, and the web server for the National Fusion Center Association (NFCA) is hosted as security bloggers mention it.

The Fusion centers are having the information centers which enable intelligence sharing between local, territorial law enforcement, tribal and federal agencies which maximizing the ability to detect, investigate, prevent and respond to criminal and terrorist activities.

The NFCA confirmed that the “Data leaked was actually of around 24 years which are from August 1996 through June 19, 2020. The document which includes names, email addresses, phone number, PDF documents, images, and a large number of text, video, CSV and ZIP files”.

Netsential confirmed about the threat actor which had leveraged a compromised Netsential customer user account and the web platforms upload features and exfiltrated other Netsential customer data which include U.S police agencies.

NetSential is the same web hosting company that can previously be abused by the attackers that infect targeted victims with ransomware by sending spoofed spear-phishing emails.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post 269 GB of U.S Police and Fusion Centres Data Leaked Online appeared first on Vednam.

People Know about the Cognizant that it is one of the big IT firms which has more than 3 Lakh employees and it provides the IT services which include digital, technology, consulting, and operations services.

The Attack affect

The day April 17 is not good for the company, the first the internal system is hit by the Maze ransomware. The company has informed the clients about the attack and provided them with the indicator of compromise (IOCs) and the other technical information of defensive nature.

The company has initially learned that the attackers have staged and likely exfiltered a limited amount of data from the cognizant’s systems.

The company has further investigation that was found that the majority of the personal information was also exposed.

When we talk about the personal information that may impact the information related to our corporate credit cards.

The company has also informed all the associates who gave an active corporate credit card and they can offer credit and identity theft monitoring services.

The company has built a team and mentioned that they continue to monitor the account for any fraudulent activities and we have been informed that they have not seen an increase in fraud for our accounts.

Ransomware attacks have become an easy and malicious way of robbing individuals and companies can cost billions of dollars not to mention the privacy and safety implications.

The company also published the breach notification letter states that the Maze ransomware is active in the Cognizant network between April 9 and 11.

The post After Ransomware attacks Cognizant Confirms Data Breach appeared first on Vednam.

The whole story

The theft of the top-secret computer hacking tools from the CIA in 2016 was the result of the work culture in which the agency’s computer hackers “ which is used for the prioritized building cyber weapons at the expense of securing their own systems” as the internal report mentioned by Mike Pompeo.

The breach was committed by a CIA employee which was discovered a year after that happened and the information leaked by the Wikileaks in March 2017. The US officials said that the biggest unauthorized disclosure of classified information in the CIA’s History. The agency shut down some of the intelligence operations and alerting foreign adversaries that spy the agency’s techniques.

In October 2017 report the CIA’s Wikileaks task force that several pages of the missing of which are missing or redacted, portrays an agency that is concerned with the bulking up with the cyber arsenal which keeps those tools secure. The security procedures were “ Woefully lax” and the special unit which was designed and built the tools.

The task force has noted that they could not determine the size of the breach because the CIA hacking team disroot required the monitoring of who used its network, but it was concluded that the employee has stolen as much as 34 terabytes of information; it’s around 2.2 billion pages.

The CIA press secretary that denied the comment and said “CIA works for the incorporate best-in-class technologies which keep ahead of and defend against ever-evolving threats”

The hacking tool was developed by the CIA’s center for the Cyber intelligence that the agency’s most-sophisticated hacker which gain the access to the hard penetrate networks for the instance that was secretly activate the camera and the microphone on the foreign target’s tablet that steals the design plans of the foreign adversary’s advanced weapons systems.

Those employees who work under pressure to find the constant pressure for the vulnerabilities in commercial software and the other technologies as the former senior intelligence said.

The CIA hacker pursued that the ability to “audit” the network is to know the logging user and watching what they are doing, the better more detailed than it was actual.

The entire computer network was maintained by the contractors according to the report and the misunderstanding between the people who ran the unit and people who ran and maintained the network.

For suggestions please comment in the comment section.

The post CIA failed to protect the Top-secret hacking tools : Report appeared first on Vednam.

According to the source, it was found that A1 Telekom, the largest internet service provider in Austria Which can admit to a security breach this week which whistleblower’s exposed.

The company admitted to suffering from the malware infection in November 2019 as the A1 security team detected a month later. The main issue is to remove the infection which is more problematic than it was at the initial anticipation.

It all from December 2019 to may 2020 where the security team had done all their jobs to take the malware operators in attempts which can remove all the hidden backdoor components which kick out the intruders.

A1 which has disclosed the nature of the malware which didn’t say if the intruders who are financially focused are a cybercrime gang.

When some bloggers came in contact with the Austrian ISP they discussed the malware which only infected the computers on its office network which consist of more than 15,000 workstations, 12,000 servers, and thousands of applications.

The threat actor wants to tool manual control of the malware and attempted to expand the foothold on the few systems to check the company’s entire network. The company security expert also said that the attackers are able to manage or compromised some database and even ran database queries in order to learn the companies internal network

With the talk with the Austrian press,” A1 which has a complex of its internal network which helped to prevent the threat actor from affecting the other systems and this happens because the thousands of the databases and their relationship are by no means for an outsider to understand.

The A1 mentioned to heise that the serious compromise that the lasted more than six months which can be attackers did not get the hands-on the sensitive customer data.according to the claims it was coming out with the queries of location, phone number and the other customer data for the certain private A1 customers

From the company, it was assured that the password of 8,000+ employees has changed the password and all access keys of the servers.

If you have any suggestions for the article. let me know in the comment section.

The post The Austria’s largest ISP Data breached by Hacker appeared first on Vednam.

The android users are pretty accustomed to warnings from security researchers even google can take the best effort to check the application involvement in ransomware or any other into the Play Store. 

After the report of the researcher which has a large audience and many android users are evolved in this called SnapTube. This app is basically used to download videos from youtube and Facebook. It was also mentioned that this app is downloaded more than 40 Millions times

This app is totally free to download but it can cost you more than that.

According to the new report of Upstream Systems that the user of a snap tube installed on their smartphone could find himself paying deadly. That is the simple download app quietly signs up users for the premium services without their knowledge.

The above practice is known as “freeware” which means the developer abused the ability for the apps to begin charging users a subscription fee after a trial to test the service.

Google allows third-party developers to charge the credit and debit card which can be saved with your google accounts for some of the most popular services like NetFlix.

The vast majority of users usually uninstall an app when they are not interested or remove the subscription. You might forget that you have even signed up for the trial subscription for the applications and you don’t remove that part and instead remove the application from your phone. When you download a snap tube then it is asking for a premium package and you just go and fill all the details for trial and download the video and after that uninstall the application.

It was estimated that a total of $100 Million has been earned by the snap tube through this fraud method.

When this issue comes to light then the developer of the snap tube said that we are unaware of this issue and they will fix this as soon as possible. And they claim that unwanted charges have been deducted by the third party application.

If you have downloaded the snap tube and see some unusual changes with you account then delete the application and be safe from fraud 

Share your thoughts on this article in the comment section. Thank you for your time.

The post 40 Million Android Snap Tube Application User are at risk : Report appeared first on Vednam.

Talking about Godaddy

Godaddy is the world’s largest Internet domain registrar and the web hosting company the main headquarter is in Scottsdale, Arizona which is approximately 19 million customers and worldwide total employee connected with the organization is around 9,000 

Let’s take a look at the data breach

As the whole scenario came from the company is that they identified the suspicious activity on a subset of the server. The investigation found that an unauthorized individual has access to your login information which is used to connect the SSH on your hosting accounts. After that, the unauthorized user has been blocked by the systems and we can continue the investigation potential which impacts the across our environment.

As per information, it was cleared that the attacks the hosting accounts but not affect the main website user credentials and information is safe.

SSH 

SSH is a secure shell which is a cryptographic network protocol for the operating network services

Securely over an unsecured network. Basically SSH is used to access an organization’s most critical assets, organizations stick to the highest security level of SSH access and disable basic credentials authentication and use the machine identities. A threat intelligence specialist of venafi said that the implementation of the strong private-public key to authenticate a user and a system.

What are the measures taken by GoDaddy?

In the process of precaution to avoid unauthorization access to the hosting account with login information. For the safer side, the customers are requested to conduct an audit for their hosting accounts. Godaddy team has sent the breach notification letter and offered one year of free website security deluxe and express malware removal services to show this was not the customer’s fault.

Godaddy runs the scans on your website to identify and alert you of any potential vulnerabilities. If a special way to contact our security team and they will be there to help that all mentioned in the notification letter.

The post Open the Incident of Godaddy Data breach appeared first on Vednam.

Let me tell you that the DigiLocker is an online digital store where you can save your document and data where you can totally under the surveillance of the government. A few Days back a researcher discovered a new vulnerability in the Digi locker which compromised around 3.8 crore accounts.

The authentication flaw they had put the core of the user’s data at risk and the issue was identified by a security researcher last month.

The two-factor authentication which has this type of vulnerability can let the hacker access some of the sensitive private information of the users, but now the issue has been resolved and fixed.

The issue was found at the time of DigiLocker when the researcher analyzed the authentication mechanism. They also found that they obtained the default mechanism which asks for a one-time password that is (OTP) and a PIN to log the DIgilocker.

After getting the OTP which is capable of circumventing the authentication mechanism after putting an aadhar number and preventing the link to DigiLocker which simply modifies the parameter.

The Digilocker has a total of 38 million enrolled users which are cloud-based lockers that serve a digital platform to help the several online processing of records and faster performance of different government-to-citizen assistance.

The more important is the mobile number and aadhar card number used to sign up for the Digi locker.

The other security experts have also investigated the vulnerability of the Digi locker and they get the main reason as they mention soon.

https://twitter.com/digilocker_ind/status/1267873034645331969

INVESTIGATION

According to the security research member they came to find a vulnerability which is CERT_IN and the issue is determined on MAY 28. The detailed analysis which is discovered :

1. Weak SSL pinning mechanism in the mobile app
2. Secret PIN bypass/takeover- marked as critical
3. OTP bypass due to lack of authorization-marked as critical
4. Poor session mechanism in APIs-marked as high

Weak SSL pinning mechanism in the mobile app

The poor SSL pinning Mechanism in the mobile app and the app useless the weak SSL pinning which can bypass efficiently with the devices like Frida and also some acknowledged methods as well.

Secret PIN bypass/takeover- marked as critical

The secret pin bypass/takeover which is one of the flaws which was also marked as critical findings. Any API/URL pin can easily help the hackers to reset the new pin of any users without any authentication. For hackers this the easiest way to compromise the user data and that was the main reason for the critical issue.

OTP bypass due to lack of authorization-marked as critical

The OTP bypass is due to the lack of authorization which makes the situation more comfortable for the attacker. The easy way to implement the OTP validation is by presenting any valid users and then after it manipulates the flow to log in as a completely distinct user.

Poor session mechanism in APIs-marked as high

The poor session of the APIs mechanism is found to be a higher risk than then rest of the vulnerabilities. When you find deep the issue related to the APIs Call you to find them while using the mobile app you were utilizing primary authentication to retrieve any data of transactions.

It the more important that all calls get encrypted that helps every user to have their present credential which is fully based on the basic authentication format that is also encrypted with the alogo.

If you find any suggestions for us. Please! Let me know @contact

The post Hacker access over 3.8 crore accounts of Digi locker appeared first on Vednam.

According to the report, the total vulnerabilities are 25 that have high and critical severity levels were eliminated as part of IOS and IOS XE.

The company also mentioned a number of other recommendations as well as on problems of high and medium severity affecting the IOS and the other software.

CVE-2020-3205 is the most critical and serious issue which allows the unauthenticated attackers to execute the arbitrary shell commands on a VDS server.

The Cyber attacker can exploit the security flaw and simply send the crafted packets to the victim’s device and that was the successful attack that can make compromise the victim’s systems.

The Second Vulnerabilities found is CVE-2020-3198 and this is the same as the previous one.

As the vulnerabilities hit the and authentication of attackers which you can remotely execute the arbitrary code on the vulnerable machine and crash the system after that reboot the device by sending the malicious packets to the machine.

Some Routers of Cisco like ISR 809 and 829 Industrial Routers even 1000 Series CGRs also.

Here the Third vulnerability caught is that CVE-2020-3227 is critical but it is not more dangerous as the earlier one and the flaw has scored 908 points out of 10 on CVSS scale.

CVE-2020-3227: Software Privilege

CVE-2020-3227 fowl has the issue of authorization controls for the Cisco 10x Infrastructure in Cisco IOS XE

As you all know, a simple bug can make authentication and credentials bypass and let the attacker full access to the machine. The same happens with the Cisco IOxAPI and executes commands remotely.

So what happened the vulnerabilities turned out to be the IOx that does not correctly handle requests for authorization tokens and the result is that it allows an attacker to use a special API commands requests a token and that execute commands on the affected machine.

Cisco already mentioned that it had released the necessary software update that specially addressed the vulnerability that there were no issues available with these updates.

After this cisco released the new Cisco IOS XE  software 16.3.1 for the security flaw comes in the router.

CVE-2020-3205: VM Channel

The CVE-2020-3205 Error has been present I the inter-VM channel of the Cisco IOS software for the Router 809,829, and 1000 Series that may be designed as hypervisor architecture. This vulnerability can allow the attacker to enter without unauthenticated and saute the shell commands in VDS of the affected devices.

The security issues are used by the cyber attacker to send malicious packets to the victims machine. If the attackers enter the router and then he/she can efficiently execute the commands with the privilege of the root user and that is the full commands on the device as you say.

After that Cisco released patched software and reminded every user to update with the new software to get rid of these vulnerabilities.

CVE-2020-3198: Code Execution 

In the Case of CVE-2020-3198, if the router crash or restart can be targeted by the attacker and the code is executed in the back of the shell. Cisco has mentioned a level of vulnerabilities 9.8 out of 10 points so this is more harmful and potential vulnerabilities than then rest of. Cisco has also published the software updates for the CVE-2020-3198 and now it was under control.

If you have any questions? Please! let me know in the comment section.

The post Cisco IOS router Under threat due some critical Flaw appeared first on Vednam.

From the report, the Researcher warns about the feature called “click to chat” options which users mainly use in their mobile phone number at risk- Google is allowed to index all the number of everyone who is using this application and anyone can find you on google search after that.

Form the Facebook or as you call whats owner “There is no big deal and that the search results which only reveal what the user wants to share publicly”

A Bug-bounty Hunter “ They discovered the issue which basically said the phone number is leaked and that may put the user security and privacy at risk”

“Click to chat” Offers the website an easy way to initiate a whats app chat session without the website visitor. It works through QR(Quick Response ) code image and that was created by the third-party services and the site owner uses their mobile phone number. The QR code helps visitors to scan the code and directly start the whats app chat session-visitors don’t need the dialed number itself. The Visitor can start access to the phone number once the session starts.

The only issues do not end here. Jayaram mentioned that” The Click to chat metadata has been indexed by the google search engines index and the mobile number comes in Google search results. The phone number which is revealed because of the URL string  (https://wa.me/<phone_number>) and after the “leaks” the mobile phone number of WhatsApp users in the plaintext according to me”.

The “wa.me” is owned and maintained by WhatsApp that was mentioned in WHOIS records.

Your mobile number is visible in plaintext in the URL which anyone who gets hold of the URL can know your mobile number. You cannot revoke it.

He mentioned that it was easier for the spammers to compile legitimate phone numbers to mount campaigns that are specially crafted which have search strings of the domain http://wa.me/ around the Google indexed 300,000 WhatsApp phone numbers.

“ As individual phone number is leaked which can attack by the message and call and sell the phone number to marketers, Spammers which can use scammers,” he said

Google Search only revealed the phone number and not the identifies of users that they connected.

The researcher mentioned that ”they are able to  to see the user’s profile picture on what’s app along with their phone numbers”

A hacker could reverse image search the user’s profile picture in hopes of collecting enough clues to establish the user’s identity.

Click to chat is used for the WhatsApp user to chat with any user without saving the contact on their phone.

The post Whats app Phone Number Exposed on Google Search result-How ? appeared first on Vednam.