Talking about Godaddy

Godaddy is the world’s largest Internet domain registrar and the web hosting company the main headquarter is in Scottsdale, Arizona which is approximately 19 million customers and worldwide total employee connected with the organization is around 9,000 

Let’s take a look at the data breach

As the whole scenario came from the company is that they identified the suspicious activity on a subset of the server. The investigation found that an unauthorized individual has access to your login information which is used to connect the SSH on your hosting accounts. After that, the unauthorized user has been blocked by the systems and we can continue the investigation potential which impacts the across our environment.

As per information, it was cleared that the attacks the hosting accounts but not affect the main website user credentials and information is safe.

SSH 

SSH is a secure shell which is a cryptographic network protocol for the operating network services

Securely over an unsecured network. Basically SSH is used to access an organization’s most critical assets, organizations stick to the highest security level of SSH access and disable basic credentials authentication and use the machine identities. A threat intelligence specialist of venafi said that the implementation of the strong private-public key to authenticate a user and a system.

What are the measures taken by GoDaddy?

In the process of precaution to avoid unauthorization access to the hosting account with login information. For the safer side, the customers are requested to conduct an audit for their hosting accounts. Godaddy team has sent the breach notification letter and offered one year of free website security deluxe and express malware removal services to show this was not the customer’s fault.

Godaddy runs the scans on your website to identify and alert you of any potential vulnerabilities. If a special way to contact our security team and they will be there to help that all mentioned in the notification letter.

The post Open the Incident of Godaddy Data breach appeared first on Vednam.

While investigating the data leak we found it was around 132 GB data which is linked with Bigfooty.com, a website and mobile application mainly made for the Aussie Rules Football where around 100,000 members joined in that.

Although going deep in investigating, a Security officer found that the data leaked not only contain personal information. Some of them are anonymous users and some people private messages seen by the security officer which contain email addresses, passwords, and usernames for the site and the live streams

If the cyber attacker has known your data from the database they may have got useful credential stuffing to attack the other sites.

Finding the whole user messages it contains personal threats and racist content, which could be used for the cyber attacker to blackmail that user.

The security officer said” The private messages are fully exposed and it was leaked and you can’t trace back to the specific users. The leak data contains high-profile users like an Australian police officer and government employees “

The private information that belongs to the individuals may include the chat and email address that was enough for the cyber attacker to blackmail and damage the reputation of high profile or even normal users also.

When we talk about the technical term it was also mentioned that the site includes the IP address, Server and OS information, GPS data, and access logs that may allow hackers to compromise the part of IT infrastructure.

The leak was closed by the Australian Cybersecurity center after a short period of time and BigFooty didn’t respond after that.

The security office has seen more accidents and leaks at two popular money-saving websites and perhaps most time it happens with the adult live streaming site.

The post 70 Million records Leaked from Aussie Football Site appeared first on Vednam.

The Main Point came when the public found some strangers are dropping messages in a group chat of kids.

Does the question arise how the phone number of the user gets exposed?

According to the News statement, it was about 419 million data leaked in 2019. The accounts linked with Facebook account IDs were found unprotected by any password. This was clear at that time that the people looking for such things could find all the access to the database.

There are almost 133 million records of users that are leaked. It was around 18 million records of the UK users and 50 million records from Vietnam.

The data leaked that was included with Facebook Unique ID and Phone Number that was listed as being connected to that account.

The Facebook statement comes after that “we know we have more work to do”

when has been confirmed by this massive embarrassing data leak”

The investigating team found that the data include not only phone and Facebook Unique IDs. It also contains Gender, user’s name, and location by the country.

What is SNAFU privacy mentioned by Facebook?

This feature basically removes the ability to secure the user and no one finds their phone number. According to Facebook the older dataset which helps to find people through contact number was rolled back in the last year 2018.

The company claimed that the data set is taken down and no more compromised by the Facebook accounts.

According to the Guardian report, Facebook mentioned that the actual number of users whose information was exposed is approximately 210 m because the 419m is double the same data means duplicate data.

But some data was found also duplicate that may set that Facebook is right on his point.

Facebook is typing to minimize the exposed data of phone numbers and try to make the matter normal. 

What did the security expert tell us about the Facebook data leak?

According to the expert, they said becoming a big organization like Facebook and that it is crazy that the number of data on servers is unprotected in the 2019 era.

The main point is the Phone number is highly sensitive data of the user and that really makes sense for the organization to take care of the user data. Today the world more identity belongs to their phone number and that makes attackers find the victim easier. As usual, President Trump’s twitter account is hacked on a similar basis and no one takes it seriously.

Another expert says” It better to end up the system of online cell number options”.

The post Revealing Facebook Exposed Data of 2019 : Full Incident appeared first on Vednam.

The Moscow headquarter vendor has not been in the working state of the companies for the past few months. The reports come from the Washington Post and Wall Street Journal that basically claimed that the product may be used by the Russian intelligence to harvest the data potentially with the Pc firms.

The New york times has another story that in the past month “the Kaspersky Lab software was compromised by the kremlin hacker and using the software as a tool. After that, the federal bureau banned all the products.

Kaspersky lab denied the media point and released a statement “ The media is circulating the older incidents that happened in 2015”.

Now the question arises on the NSA team, who took all the classified data and first how they were able to disable the Kaspersky Lab Software when they detected the new versions of APT-malware which is associated with the US Spy agency.

Let’s Go Deep 

The story does not end here” The detection for the malware, the user downloaded and installed the pirated software on his machine as it was indicated as illegal according to the cyber law but they did it. Every Pirated software carries a keygen with him to crack the activation but the keygen also activates the backdoor for the cyber attacker to enter in the machine.

Kaspersky claims” If malware or keygen runs on the system with Kaspersky security enabled then it is not possible that software will never detect that. If you want to run the keygen first you need to disable the Kaspersky security. The third-party access make the user’s machine to open the backdoor and the attacker get open path”

If the same user re-enables the Kaspersky lab software that detects the new malicious code which is sent to the vendor servers for analysis. When the suspected malicious source code found from the analyst the archive was deleted from the systems and it was not shared with the third party.

The Company also claimed that no further detections were received from the user in 2015 and there is no more incident happening after that date, except “Duqu 2.0”.

The Kaspersky lab software never created any detection method for the non-malicious document based on keywords like “top secret” and “classified “.

The main point is still doubtable that Kaspersky claimed that the incident happened in 2014 and most different reports claimed the incident in 2015.

After all the Kaspersky lab put their efforts to prove it’s being clean. So the company decided to launch the Global Transparency Initiative under which its plan to offer the source code for the independent third party review.

The post Kaspersky Lab : NSA contractor Victimizes the PC appeared first on Vednam.

The Data Size is almost nearly 3 GB of memory that the hacker has stored. The firm also disclosed 2000 Aadhaar cards and some sensitive information of 1.8 Million people from Madhya Pradesh State (India) in the same forum leaked.

From the Government’s personal statement yet not come about the data theft associated with citizens of Madhya Pradesh but from the newspaper “The Hindu” found the leaked during the research of job seeker data theft. The authorities are investigating the sensitive matter and taking serious concerns about this.

From the investigation, It was found that the data breach was leaked by a CV aggregation service from the legal job portal websites. 

After a weekend it was also explained that the data might have been out by an unsafe elastic search instance and made unavailable. The cyble security Expert said that the breach includes all kinds of sensitive data like email address, home address, phone number, work experience, DOB, qualification, and many more.

The Hackers also hunt all kinds of information so that they can efficiently conduct and follow the footprint of the user and do theft, scamming and corporate spying.

There are various screenshots that rotate in social media shows that most of the states which are affected are Delhi, West Bengal, Pune, Tamil Nadu, Karnataka, Ahmedabad, Bengaluru, Mumbai and Chennai with other states.

According to Security researchers, the hacking was based on comprehensive discussion and distribution of mutual and relevant resources. All these hacking panels where users can obtain loads of numerous data leak, hacking and cracking tools, some cracked software with different kinds of hacking tutorials.

Every user in the hacking panel where the job seekers data leak also take part in the discussion and make friends as well.

The researcher has mentioned that some unknown sources of a data breach, through which the information of this data breach is not cleared yet that how this will happen?

The post 29 Million Indian Job Seekers data Leaked on Deep Web For Free appeared first on Vednam.

What is Chafer APT?

A few days back cyber experts found the traces in new cybercrime campaigns known as chafer advanced persistent threats (APT) group. This group has been active since 2014 and has done many middle east cyber attacks. This group has a recent record of 2018 and last was 2019 targeted many Saudi and Kuwait organizations.

Whole Uncovered Story of attack :

According to cyber experts, this group has been active since 2014 but recently he has targeted middle east countries like Saudi and Kuwait. The last attack was in 2018 and 2019 targeted several unnamed organizations based in Kuwait and Saudi Arabia. The campaigns used custom-built tools known as bevy as well as “living off the land “ tactics used. 

The “Living off the land tools” has the feature of a target environment that is abused by the cyber attacker to achieve persistence. 

According to Bitdefender’s analysis “Researcher have found threat conducted by this actor in the middle east region back in 2018”.The campaigns based on several tools, including “living off the land” tools, which makes the attribution difficult, there are different hacking tools and a custom-built backdoor. The attackers find the victims affected by the air transport and government sector in the middle east the whole attack is based on proper analysis.

The researcher at work and find out how many companies are going to affect each country. They also say the data is more than we expect and what we get after the analysis report.

Let’s find the campaign Strategies :

A particular way of doing something behind the cyberattacks against the companies of Kuwait and Saudi Arabia finds some same track as the researcher says. According to the source the cyberattacks on the victims from Kuwait were more sophisticated as the cybercriminals were able to move on the network. As the researcher believes that the attackers infarct the victims by sending infected documents with shellcode and that was potentially sent via spear-phishing emails.

The attacker managed to create a user account on the victim’s machine and perform several malicious actions inside the network using the account that they created on victims machine that was an unusual behavior performed on some account that basically the attackers plan to make us believe that they are doing this. Basically their plan was to engage us at that certain point.

Once the attacker has access inside the company server then they install the backdoor (imjpuexa.exe) that was act like service of that machine but it was basically backdoor for the attacker. Even the attackers have done several exercises like network-scanning and credential gathering which helps the attacker to move inside the network. The attacker used the tool name as CrackMapExec.exe , these tools work multifunctioning like network scanning, credential sumping, account discovery, and code injection.

They also use the custom tool like the PLINK tool (known as wehsvc.exe).PLINK is the command-line connection tool mostly used for automated operations. This tool is mostly used to preserve campaign original functionality with some advanced key features such as the possibility to uninstall any service and run as a window service.

The researcher said that the attack on victims in Saudi Arabia was not as elaborate because the attackers did not manage to exploit the victim or they didn’t’ get information of interest.

According to the Research team” we believe initial compromise was achieved through social engineering and a RAT was loaded and executed twice in different name forms (Drivers.exe and driver_x64.exe). The researcher said the user is being tricked into running these applications.

How RAT is involved in attacks?

RAT program is written in Python language and converted into a standalone executable. It is similar to the other RATs tools which security researchers documented previously but this time it is customized for the particular attack. This is not common for the cyber attacker to create and modify according to victims or user needs. It needs a whole analysis of that particular victim. They may change the way the RAT communicates with the server C2C and they can add the other feature that was not necessary.

Different RAT components that were used at the different process. The First component (snmp.exe) works as a backdoor and second (imjpuexa.exe) as you see the target attacks in Kuwait.

As the source says the cyber attacker used “living off the land “ tools in both campaigns.

The post Middle East Government hits by Chapher APT with latest Cyber-Espionage Attack appeared first on Vednam.

Anurag Sen the Saftey Detective researcher who discovered that last month two unprotected-hosted servers which were 272 GB and 1.3 TB of size belonging to Natura that have almost more than 192 Million records.

Finding the Reports, we Got that the exposed data includes personally identifiable information on 250,000 Natura customers, Every account login cookies along with the archives which containing logs from the servers and users.

The Leaked information also includes Moip payment account details tokens for nearly 40,000 wirecard.com.br user who integrated it with their Natura accounts as informed by ThehackerNews

Anurag said that around 90% of the were Brazilian customers, although other nationalities were are also the part of ”

What leaked from the server of the omer includes :

• Full Name
• Mother’s Name
• nationality
• Gender
• date of Birth:
• hashed login passwords
• username and Nickname
• MOIP accounts Details
• API credentials with unencrypted passwords
• Recent  Purchases
• Email and physical addresses
• access token for wirecard.com.br

The unprotected server also had a secret permission certificate file that contains the key/passwords to the EC2 Amazon server where the Natura website is already hosted.

Source: TheHackernews

What happens if exploited the server key potentially could be allowed attackers to directly inject the digital skimmer into the company official website to steal the user’s all information including Payment details also.

According to experts, if you have connected with Natura you are advised to stay vigilant against identity theft you need to change the passwords and keep a close eye on every payment transaction if you feel any doubts directly connect with the cyber expert team.

Researchers always warned that the backend, as well as keys to servers, could be leveraged to manage further attacks and allow them to deep penetrations to the rest of existing systems

After all the experts connect with Amazon Services Company and let them know about the faulty server and the company immediately secures all servers and sends all server reporting.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post Brazil’s Cosmetic Brand Natura Find Exposes their User Personal Details appeared first on Vednam.