From the Blue Leaks, the data which is exposed or leaked by the DDoSecrets group which contains hundreds of sensitive documents from the past 10 years that may include official and personal information.

DDoSecrets of the Distributed Denial of secrets works the same as the WikiLeaks include transparency work. they publicly publish data and classified information that is submitted by the hackers while claiming the organizations themselves and never get involved in the extraction of the data.

As the hacktivist Group, the BlueLeaks dump having the information of “Police and FBI reports, guides, bulletins and more details which provide the unique insights into enforcement and a wide array of government activities that include the thousands of documents mentioning about the COVID19. 

We are gonna find a Screenshots of the Blue Leaks dump which show the data contains around millions of the files which include images, document, videos, web pages, text files, emails, audio files and more though they yet to investigate how many files are classified and that not supposed to be public.

The Blueleaks having the data which contained intelligence on protests include the recent countrywide “Black Lives matter” and that protest in the U.S which followed the death of George Floyd at the time when he was in the custody of Minneapolis.

The Blue Leaks have the list of U.S agencies are : 

• Alabama Fusion Center
• Austin Regional Intelligence Center
• Boston Regional Intelligence Center
• Colorado Information Analysis Center
• California Narcotic Officers’ Association
• Delaware Information and Analysis Center
• FBI Houston Citizens Academy Alumni Association
• FBI National Academy Association Arkansas/Missouri Chapter
• FBI National Academy Association Michigan Chapter
• FBI National Academy Association of Texas

When Finding it appears that the source of the massive data stems from a security breach at Houston-based web hosting ‘Netsential Inc’, and the web server for the National Fusion Center Association (NFCA) is hosted as security bloggers mention it.

The Fusion centers are having the information centers which enable intelligence sharing between local, territorial law enforcement, tribal and federal agencies which maximizing the ability to detect, investigate, prevent and respond to criminal and terrorist activities.

The NFCA confirmed that the “Data leaked was actually of around 24 years which are from August 1996 through June 19, 2020. The document which includes names, email addresses, phone number, PDF documents, images, and a large number of text, video, CSV and ZIP files”.

Netsential confirmed about the threat actor which had leveraged a compromised Netsential customer user account and the web platforms upload features and exfiltrated other Netsential customer data which include U.S police agencies.

NetSential is the same web hosting company that can previously be abused by the attackers that infect targeted victims with ransomware by sending spoofed spear-phishing emails.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post 269 GB of U.S Police and Fusion Centres Data Leaked Online appeared first on Vednam.

From the report, the Researcher warns about the feature called “click to chat” options which users mainly use in their mobile phone number at risk- Google is allowed to index all the number of everyone who is using this application and anyone can find you on google search after that.

Form the Facebook or as you call whats owner “There is no big deal and that the search results which only reveal what the user wants to share publicly”

A Bug-bounty Hunter “ They discovered the issue which basically said the phone number is leaked and that may put the user security and privacy at risk”

“Click to chat” Offers the website an easy way to initiate a whats app chat session without the website visitor. It works through QR(Quick Response ) code image and that was created by the third-party services and the site owner uses their mobile phone number. The QR code helps visitors to scan the code and directly start the whats app chat session-visitors don’t need the dialed number itself. The Visitor can start access to the phone number once the session starts.

The only issues do not end here. Jayaram mentioned that” The Click to chat metadata has been indexed by the google search engines index and the mobile number comes in Google search results. The phone number which is revealed because of the URL string  (https://wa.me/<phone_number>) and after the “leaks” the mobile phone number of WhatsApp users in the plaintext according to me”.

The “wa.me” is owned and maintained by WhatsApp that was mentioned in WHOIS records.

Your mobile number is visible in plaintext in the URL which anyone who gets hold of the URL can know your mobile number. You cannot revoke it.

He mentioned that it was easier for the spammers to compile legitimate phone numbers to mount campaigns that are specially crafted which have search strings of the domain http://wa.me/ around the Google indexed 300,000 WhatsApp phone numbers.

“ As individual phone number is leaked which can attack by the message and call and sell the phone number to marketers, Spammers which can use scammers,” he said

Google Search only revealed the phone number and not the identifies of users that they connected.

The researcher mentioned that ”they are able to  to see the user’s profile picture on what’s app along with their phone numbers”

A hacker could reverse image search the user’s profile picture in hopes of collecting enough clues to establish the user’s identity.

Click to chat is used for the WhatsApp user to chat with any user without saving the contact on their phone.

The post Whats app Phone Number Exposed on Google Search result-How ? appeared first on Vednam.

The hacker mentioned the name “john wick” who had hands in breaching the ZEE5 systems and downloaded 150GB of live data and also stole the source code of the Website.

Mainstream Story

According to the report which is circulated on the internet”the hacker who breached the data has a connection from the Korean hacking group which executed this plan successfully and sold all the data on the hackers’ forums”.

Hackers group shared some of the proof that they have access to the ZEE5’s Private code which are confirmed by the monitoring team and it was said that the access proof is correct the hack happened between the end of February or March.

Few Days after the hackers shared the other sample which is a very serious concern because this sample has the live code secret keys and credentials of the unsecured AWS.

The last breach was also detected on the 24th April 2020 and clearly indicated that the hacker has access to recently subscribed users and the database which contains user details among every state of India.

The database breach which we are talking about has the records of the “Payment Platform”.This is really becoming a big deal for the company that the user data with payment details that mainly harms the users who are connected with the ZEE5.

According to Ralph Wagner “We don’t manage the Zee5 Database and nor the Mysql database which are mentioned. I will investigate the whole breach and then we will share the proper details’

The leaked data includes which such information like :

1. Email Address
2. Mobile Numbers
3. Recent transaction 
4. Passwords

An Email sent to the different news agency which mentions “will expose your database & code in public for the open sale soon”

The Email address si sends from a secure and encrypted email service which cannot be able to trace the email. The mail send from the hacker through “hckindi@tutanota.com “

This email server is used in different campaigns like Dharma ransomware and the same email address which is seen used by the Korean hacker.

This is not the first time this hacking happens with the ZEE5. This all breach happens and the company says or takes any action on the breach.

If you like the Content comment and share it with others. Thank you for reading the article.

The post Zee5 Hacked-150GB Data leaked from Video On demand Platform appeared first on Vednam.

While investigating the data leak we found it was around 132 GB data which is linked with Bigfooty.com, a website and mobile application mainly made for the Aussie Rules Football where around 100,000 members joined in that.

Although going deep in investigating, a Security officer found that the data leaked not only contain personal information. Some of them are anonymous users and some people private messages seen by the security officer which contain email addresses, passwords, and usernames for the site and the live streams

If the cyber attacker has known your data from the database they may have got useful credential stuffing to attack the other sites.

Finding the whole user messages it contains personal threats and racist content, which could be used for the cyber attacker to blackmail that user.

The security officer said” The private messages are fully exposed and it was leaked and you can’t trace back to the specific users. The leak data contains high-profile users like an Australian police officer and government employees “

The private information that belongs to the individuals may include the chat and email address that was enough for the cyber attacker to blackmail and damage the reputation of high profile or even normal users also.

When we talk about the technical term it was also mentioned that the site includes the IP address, Server and OS information, GPS data, and access logs that may allow hackers to compromise the part of IT infrastructure.

The leak was closed by the Australian Cybersecurity center after a short period of time and BigFooty didn’t respond after that.

The security office has seen more accidents and leaks at two popular money-saving websites and perhaps most time it happens with the adult live streaming site.

The post 70 Million records Leaked from Aussie Football Site appeared first on Vednam.

On March 26, after the two weeks of the breach, DN shut down the services for the good urging users to move their site to the new dark web hosting providers. It was mentioned that around 7,600 websites which are an approx third of all dark web portals went down.

DATA LEAKED

A hacker called him KingNull uploaded the file of DH’s stolen database on a file-hosting portal.

According to the cursory analysis of the total overall data dump, the leaked data includes 3,671 e-mail addresses and 8,580 private keys, and 7,205 account passwords for the .onion (dark web) domains.

The main point they leaked the database which has sensitive information on the owner and several users that have darknet domains.

The leaked data can be used to tie the user of leaked email which has a certain dark web portal.

The information which is leaked may help to track the specific user and helps the government to take legal action if anyone is taking part in illegal activities on these darknet users.

That is an important point for the user of the dark web portal “ if the site owner moves their dark web portals to the other hosting provider and they don’t change the passwords then it may be affected again”. If the hacker has access to the new accounts because they cracked the DH hashed password previously that may help them again to take over.

Overall the threats intelligence firms and law enforcement team are finding the clues but the hacker has left no clues. The IP address is only the last option but they don’t find it in dumped data.

HACKED DH SECOND TIME AGAIN

In March 2020, it was the second time DH hacked and suffered the data breach. The first incident happened in November 2018 where the site backend database server was breached and deleted all sites. Around 6,500 sites were wiped at that time and no data was ever leaked.

This was not only the story that happened with DH hosting in the year 2017 some other hacker collective tool down freedom Hosting when they discovered hosting provider was sheltering child abuse portals.

The DH hosting still planned to launch the services but this time they made some more improvements and that was the main priority.

The post Dark Web Hosting provider database leaked by Hacker appeared first on Vednam.

Finding deep news it comes that AIS is the Thailand largest GSM mobile Network which has almost “40.23 million customers” as of 2018. The database is maintained and controlled by the subsidiary Advanced Wireless Network(AWN). It has the combination of DNS query logs and NetFlow logs that appears to be an AWN customer. If someone got all this data then it is easy to create a user track of internet surfing. After this information comes then the Thailand national CERT Team (ThaiCERT) be in action and contact AIS and secure the database.

What is AWN?

According to the source, AWN is a provider of wired as well as wireless network service and telecommunication network provider. This company started in 2005 according to website information. AWN is the subsidiary company of Advanced info Service (AIS).

AWN’s network connects directly with AIS which has only upstream peers. When the ThaiCERT contacted AIS about the exposed database then the database went offline.

When did that data leak start?

Based on the source story, the data was first hit on May 1 and then after May 7, 2020. There was not a single server left exposed on the internet without any authentication.AIS has been notified about the exposed database.

How Much Data Leaked?

Overall it would be 8.3 billion documents which are around 4.7 Terabyte data. On May, 21st,2020 8,336,189,132 Documents were stored in the database, and data contained NetFlow data and DNS Query logs. When they found it was roughly logged for only 8 days but why? 

Why they stopped logging after 8 Days questions are still open. Team perception is that they got more data than they entered to capture. Forensic says they logged roughly 2,538 DNS seconds per second for that period of time.

What do they get from data?

A lot of information can come out if they really follow the documents and data. They basically know your whole query generated on the internet and after that they are also able to know your personal information.

Based on the DNS queries it might be possible that they identify the person whole data because of DNS capture whole information of machine and queries. For example :

• They use android TV is connected with internet
• They use apple devices are connected with internet 
• They use windows devices and the software you use with cloud connectivity.
• They use Antivirus.
• They even use your social media account also.
• They read you google chrome or other browser saved information and history.

The post 8 billion Thai internet records leaked ! appeared first on Vednam.