Month: November 2021

Home  ›  2021  ›  November
  • 23
  • Nov
Go Daddy data breach exposes over 1 million customer details in managed WordPress hosting environment
KYogesh Data Breach Comments Off on Go Daddy data breach exposes over 1 million customer details in managed WordPress hosting environment
Reading Time: < 1 minutes
Go Daddy data breach 2021
Go Daddy data breach 2021

Web-hosting giant GoDaddy has confirmed another data breach, this time affecting at least 1.2 million of its customers.

In an official statement it says On November 17, 2021, they discovered unauthorized third-party access to our Managed WordPress hosting environment.

They identified suspicious activity in their  Managed WordPress hosting environment and after that  they immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.

Go Daddy immediately blocked the unauthorized third party from their system and  investigation is ongoing, but they have determined that, beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to the following customer information:

  • Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
  • The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, then reset those passwords.
  • For active customers, sFTP and database usernames and passwords were exposed. Then reset both passwords.
  • For a subset of active customers, the SSL private key was exposed. Go Daddy will be issuing and installing new certificates for those customers.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter  and LinkedIn to read more exclusive content we post.

  • 04
  • Nov
What is Pegasus
KYogesh Cyber Attack Comments Off on What is Pegasus
Reading Time: < 1 minutes

Pegasus is the spyware – that is developed, marketed and licensed to governments around the world by the Israeli company NSO Group.

What is Spyware

It has the capability to infect billions of phones running either iOS or Android operating systems.

Pegasus has evolved from using spear-phishing, a process where an attacker tricks the target to click on a malicious link sent via text message or email, to a more sophisticated method of attack called zero-click attacks. This new form of attack has made the software one of the most dangerous spyware that threatens individual’s privacy.

To gain entry, the software identifies zero-day vulnerabilities, meaning flaws in the OS that are not identified yet and hence have not been patched. Instead of exploiting human error, it banks on flaws in the software and hardware system to gain access to a device.

All the hacker does is simply make a WhatsApp call and that initiates access to the OS by launching the code. After planting the malware, Pegasus alters call log so that the user has no knowledge of what happened.
Popular Contents
Up Coming Webinar
Archives

Our Visitor

0 0 3 5 1 8
Users Today : 0