#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

cyber attacks | Breaking Cybersecurity News | The Hacker News

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

Jan 11, 2024 Cloud Security / Cyber Attacks
A new Python-based hacking tool called  FBot  has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio. "Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various SaaS accounts," SentinelOne security researcher Alex Delamotte  said  in a report shared with The Hacker News. FBot is the latest addition to the list of cloud hacking tools like  AlienFox, GreenBot  (aka Maintance),  Legion , and  Predator , the latter four of which share code-level overlaps with AndroxGh0st. SentinelOne described FBot as "related but distinct from these families," owing to the fact that it does not reference any source code from AndroxGh0st, although it exhibits similarities with Legion, which first came to light last year. The end goal of the tool is to hijack cloud, SaaS, and
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

Nov 16, 2023 Cyber Threats / Data Security
The threat actors behind the  Rhysida ransomware  engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). "Observed as a ransomware-as-a-service (RaaS) model, Rhysida actors have compromised organizations in education, manufacturing, information technology, and government sectors and any ransom paid is split between the group and affiliates," the agencies  said . " Rhysida actors leverage external-facing remote services, such as virtual private networks (VPNs), Zerologon vulnerability (CVE-2020-1472), and phishing campaigns to gain initial access and persistence within a network." First detected in May 2023,  Rhysida  makes use of the time-tested tactic of double extortion, demanding a ransom payment to decrypt victim
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks

Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks

Dec 06, 2022 Advanced Persistent Threat
A malicious campaign targeting the Middle East is likely linked to  BackdoorDiplomacy , an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful exploitation of  ProxyShell flaws  in the Microsoft Exchange Server. Initial compromise leveraged binaries vulnerable to side-loading techniques, followed by using a mix of legitimate and bespoke tools to conduct reconnaissance, harvest data, move laterally across the environment, and evade detection. "File attributes of the malicious tools showed that the first tools deployed by the threat actors were the NPS proxy tool and IRAFAU backdoor," Bitdefender researchers Victor Vrabie and Adrian Schipor said in a report shared with The Hacker News. "Starting in February 2022, the threat actors used another tool – [the] Quarian backdoor, along with many other scanners and proxy/tunnel
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks

Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks

Oct 28, 2022
The increased use of information technology in our everyday life and business has led to cyber-attacks becoming more sophisticated and large-scale. For organizations to thrive in this era of technology, they must develop robust security strategies to detect and mitigate attacks. Defense in depth is a strategy in which companies use multiple layers of security measures to safeguard assets. A well-implemented defense in depth can help organizations prevent and mitigate ongoing attacks.  Defense in depth uses various cutting-edge security tools to safeguard a business's endpoints, data, applications, and networks. The objective is to prevent cyber threats, but a robust defense-in-depth approach also thwarts ongoing attacks and prevents further damage. How organizations can implement defense in depth The image above shows the various layers of security that organizations must implement. Below we describe ideas that companies should consider for each layer. Governance and risk mana
CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware

CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware

Oct 24, 2022
U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the  Daixin Team  primarily targeting the healthcare sector in the country. "The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the agencies  said . The alert was published Friday by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS). Over the past four months, the group has been linked to multiple ransomware incidents in the Healthcare and Public Health (HPH) sector, encrypting servers related to electronic health records, diagnostics, imaging, and intranet services. It's also said to have exfiltrated personal identifiable information (PII) and patient health information (PHI) as part of a double extortion scheme to se
Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

Sep 19, 2018
Three young hackers who were sentenced late last year for creating and spreading the notorious Mirai botnet are now helping the FBI to investigate other "complex" cybercrime cases in return to avoid their lengthy prison terms. Paras Jha, 21 from New Jersey, Josiah White, 20 from Washington, and Dalton Norman, 21 from Louisiana, plead guilty in December 2017 to multiple charges for their role in creating and hijacking hundreds of thousands IoT devices to make them part of a notorious botnet network dubbed Mirai . Mirai malware scanned for insecure routers, cameras, DVRs, and other Internet of Things (IoT) devices which were using their default passwords and then made them part of a botnet network . The trio developed the Mirai botnet to attack rival Minecraft video gaming hosts, but after realizing that their invention was powerful enough to launch record-breaking DDoS attacks against targets like OVH hosting website, they released the source code of Mirai . The
British Hacker 'Lauri Love' will not be extradited to US, Court Rules

British Hacker 'Lauri Love' will not be extradited to US, Court Rules

Feb 05, 2018
British citizen and hacker Lauri Love, who was accused of hacking into United States government websites, will not be extradited to stand trial in the U.S., the High Court of England and Wales ruled today. Love, 33, is facing a 99-year prison sentence in the United States for allegedly carrying out series of cyber attacks against the FBI, US Army, US Missile Defence Agency, National Aeronautics and Space Administration (NASA), and New York's Federal Reserve Bank between 2012 and 2013. The High Court ruled Monday that Love should be tried in U.K. after Lord Chief Justice Lord Burnett of Maldon and Justice Ouseley heard he suffered severe mental illness like Asperger syndrome, eczema, asthma, and depression, and may kill himself if extradited. At Westminster Magistrates' Court in London in late 2016, District Judge Nina Tempia ordered Love to be extradited to the U.S. to stand trial, although his lawyers appealed the decision, arguing that he should be tried for his al
Malware Hunter — Shodan's new tool to find Malware C&C Servers

Malware Hunter — Shodan's new tool to find Malware C&C Servers

May 02, 2017
Rapidly growing, insecure internet-connected devices are becoming albatross around the necks of individuals and organizations with malware authors routinely hacking them to form botnets that can be further used as weapons in DDoS and other cyber attacks. But now finding malicious servers, hosted by attackers, that control botnet of infected machines gets a bit easier. Thanks to Shodan and Recorded Future. Shodan and Recorded Future have teamed up and launched Malware Hunter – a crawler that scans the Internet regularly to identify botnet command and control (C&C) servers for various malware and botnets. Command-and-control servers ( C&C servers ) are centralized machines that control the bots ( computers, smart appliances or smartphones ), typically infected with Remote Access Trojans or data-stealing malware, by sending commands and receiving data. Malware Hunter results have been integrated into Shodan – a search engine designed to gather and list information abo
MIT builds Artificial Intelligence system that can detect 85% of Cyber Attacks

MIT builds Artificial Intelligence system that can detect 85% of Cyber Attacks

Apr 19, 2016
In Brief What if we could Predict when a cyber attack is going to occur before it actually happens and prevent it? Isn't it revolutionary idea for Internet Security? Security researchers at MIT have developed a new Artificial Intelligence-based cyber security platform, called ' AI2 ,' which has the ability to predict, detect, and stop 85% of Cyber Attacks with high accuracy. Cyber security is a major challenge in today's world, as government agencies, corporations and individuals have increasingly become victims of cyber attacks that are so rapidly finding new ways to threaten the Internet that it's hard for good guys to keep up with them. A group of researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) are working with machine-learning startup PatternEx to develop a line of defense against such cyber threats. The team has already  developed an Artificial Intelligence system that can detect 85 percent of attacks by
FBI Cyber Division put 'Syrian Electronic Army' Hackers in wanted list

FBI Cyber Division put 'Syrian Electronic Army' Hackers in wanted list

Sep 05, 2013
The Syrian Electronic Army (SEA) , a pro-regime hacker group that emerged during Syrian anti-government protests in 2011, and involved in cyber attacks against western media organizations are now in the FBI's wanted list. The Federal Bureau of Investigation has issued an alert warning of cyber attacks by the Syrian Electronic Army and finally put them on its radar. " The SEA'S primary capabilities include spear-phishing, web defacements, and hijacking social media accounts to spread propaganda. " they said. The FBI also has increased its surveillance of Syrians living in the US. According to some anti-Assad activists, the group was founded by former intelligence agents and hardcore Assad supporters. SEA had compromised social media profiles for Western news organizations by sending fake email messages to news staff in an attempt to gain access to login credentials. Most recently, the group grabbed international attention after commandeering the webs
What to Look For in a SIEM Solution

What to Look For in a SIEM Solution

Jul 25, 2013
Security Information & Event Management (SIEM) has evolved over the years to become one of the most trusted and reliable solutions for log management, security, and compliance. The demand for SIEM tools is constantly increasing within network and IT security teams. This is due particularly to the colossal surge of security breaches and cyber-attacks that impact corporations and cause financial loss and damaged reputations. When conducting research for an SIEM solution, it's important to be able to identify features that will enable effective detection, prevention, and response to security threats. Below, we'll discuss a number of critical topics to consider when selecting an SIEM solution. Log Correlation – The Heart of SIEM SIEM software works with the principle of log collection and correlation, therefore, it's important to ensure that log correlation happens effectively, in real time, and provides centralized visibility into potentially insecure and non-co
Chinese Hackers hit New York Times and Wall Street Journal

Chinese Hackers hit New York Times and Wall Street Journal

Feb 01, 2013
The New York Times says Chinese hackers probably working for the military or Chinese government have carried out sustained attacks on its computer systems, breaking in and stealing the passwords of high-profile reporters and other staff members. For the last four months, Chinese hackers have persistently attacked The New York Times . On Thursday, The Wall Street Journal announced that it too had been hacked by Chinese hackers who were trying to monitor the company's coverage of China. It said hackers had broken into its network through computers in its Beijing bureau. " The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them " " Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information, " the statement rea
Malware stole 3000 confidential Documents from Japan ministry

Malware stole 3000 confidential Documents from Japan ministry

Jan 04, 2013
Japan ministry become the recent victim of a cyber attack through a malware that suspected to have compromised and sent overseas more than 3,000 confidential documents from the ministry, including many on global trade negotiations. After investigation, experts found that Hackers use "HTran" the Advanced Persistant Threat (APT) exploit kit for attack. Computers at country's Ministry of Agriculture, Forestry and Fishery suspected to be infected from this. HTran is a rudimentary connection bouncer, designed to redirect TCP traffic destined for one host to an alternate host. The source code copyright notice indicates that HTran was authored by "lion", a well-known Chinese hacker and member of "HUC", the Honker Union of China. A lot of the documents were about the negotiations over the US-led Trans-Pacific Partnership multilateral trade pact. According to a report from SecureWorks, Dell's security division, in 2011 that the malware is believed to have b
Israel preparing their Cyber Army under Unit 8200

Israel preparing their Cyber Army under Unit 8200

Nov 05, 2012
The Israeli military has set plans to boost its cyber warfare capabilities with a better Cyber Army by expand its Unit 8200. " It has become clear that the demand for soldiers in this field is growing, which is why we're searching for solutions not only in Israel but abroad as well ," a top officer in the Manpower Directorate. Unit 8200, Israel's equivalent to the NSA, is undergoing a massive expansion. The U.S. Army ad slogan may be: " The Army needs a few good men ." But IDF Unit 8200′s slogan is: " The IDF needs a few good hackers ." Actually not a few, more like hundreds if not thousands. The disclosure comes amid recent reports that the Israeli army is working to enhance its cyber-warfare abilities. Military intelligence chief Maj.-Gen. Aviv Kochavi is slated to invest 2 billion shekels (525 million U.S. dollars) to that end in the coming years. " The military officials are tasked to track "young computer geniuses" and persuade them to immigrate to Israel for
IRAN : US Is the source of Cyber Terrorism

IRAN : US Is the source of Cyber Terrorism

Oct 30, 2012
An obscure group identifying itself as the Izz ad-din al-Qassam Cyber Fighters claimed responsibility for the first wave of attacks as retaliation for the amateurish Innocence of Muslims film that mocked the Islamic prophet Mohammed and sparked protests throughout the Middle East.  Who's really responsible for a recent series of cyberattacks on American banks? A few days back US Defense Secretary Leon Panetta said Iran is responsible for cyberattacks launched against Saudi Aramco and RasGas and US banks. While Panetta did not directly link Iran to the Persian Gulf attacks, he later noted that Iran has " undertaken a concerted effort to use cyberspace to its advantage. " Today, Iran's defense minister said, The United States is the source of cyber terrorism. " and intends to pave the way for increasing its activities in relation to cyber terrorism through diverting attention and leveling accusation, " Defense Minister Ahmad Vahidi. The Iranian defense minister also sai
Anonymous Hacker claims to have 20,000 debit card details from HSBC Cyberattack

Anonymous Hacker claims to have 20,000 debit card details from HSBC Cyberattack

Oct 21, 2012
One of Anonymous hacker groups " FawkesSecurity " who claim responsibility for a DDOS cyber attack on HSBC Bank says that they also manage to get 20,000 debit card details. When HSBC said , " This denial-of-service attack did not affect any customer data , but did prevent customers using HSBC online services, including Internet banking.", Anonymous tweeted on Friday. " We also managed to log 20,000 debit card details ." On asking, is there any proof of this claim , they replied ,"  We're debating whether to release them or not, HSBC knows debit details were intercepted, They probz won't admit it tho, ". On the other hand, A group that calls itself Izz ad-Din Al Qassam  , which has claimed responsibility for recent cyberattacks on at least nine other banks, also took responsibility for the assault on HSBC. Who ever the real hitman behind this, but according to hacker's warnings - RBS, Lloyds TSB and Barclays Banks are next targets.
US authorities : Iranian Hackers are Becoming a Real Pain

US authorities : Iranian Hackers are Becoming a Real Pain

Oct 14, 2012
The U.S. have admitted they believe a series of cyber attacks on domestic banks and some foreign oil companies carried out over the last year are the handy work of a group of hackers linked to the Iranian government. Defence Secretary Leon Panetta said the cyberthreat from Iran has grown, and declared that the Pentagon is prepared to take action if America is threatened by a computer-based assault. The hackers are apparently part of a group of less than 100 computer security specialists from Iranian universities and network security firms, according to an unnamed US government official. American officials have said they are able to discover the source of the recent cyberattacks. We do welcome this and announce our readiness for any international cooperation to find the source of the attacks. The Iranian official said Tehran has already offered help to boost the companies cybersecurity, as Iran has itself recently been the victim of cyberattacks on its offshore oil platforms. The c
Cybersecurity Resources