#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

PhaaS | Breaking Cybersecurity News | The Hacker News

Category — PhaaS
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

Dec 23, 2024 Phishing / Cybercrime
An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm . "It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable," Sophos said in a new report published last week. "This does not appear to be because of a takedown action, but due to some technical failure on the backend of the service." Rockstar2FA was first documented by Trustwave late last month as a PhaaS service that allows criminal actors to launch phishing attacks that are capable of harvesting Microsoft 365 account credentials and session cookies, thereby circumventing multi-factor authentication (MFA) protections. The service is assessed to be an updated version of the DadSec phishing kit, which is tracked by Microsoft under the name Storm-1575. A majority of the ph...
Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks

Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks

Nov 29, 2024 Cybercrime / Cloud Security
Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service ( PhaaS ) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA) enabled can still be vulnerable," Trustwave researchers Diana Solomon and John Kevin Adriano said . Rockstar 2FA is assessed to be an updated version of the DadSec (aka Phoenix) phishing kit. Microsoft is tracking the developers and distributors of the Dadsec PhaaS platform under the moniker Storm-1575 . Like its predecessors, the phishing kit is advertised via services like ICQ, Telegram, and Mail.ru under a subscription model for $200 for two weeks (or $350 for a month), allowing cyber criminals with little-to-no technical expertise to mount campaigns at scale. Some of the...
Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

Jan 07, 2025Cybersecurity / Endpoint Security
It's time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to celebrities lost in the past year, this article will look back at a few of cybersecurity's brightest stars that went dark in the past year.  1. Legacy Multi-Factor Authentication (MFA) Cause of Death: Compromised by sophisticated phishing, man-in-the-middle (MitM), SIM-swapping, and MFA prompt bombing attacks. The superstar of access security for more than twenty years, legacy MFA solutions enjoyed broad adoption followed by almost-universal responsibility for cybersecurity failures leading to successful ransomware attacks. These outdated solutions relied heavily on SMS or email-based codes o...
 Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

Oct 01, 2024 Threat Intelligence / Malware
More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi, Howard Tong, and Alex Starov said in a technical report. "Phishers can either host these phishing pages on Sniper Dz-owned infrastructure or download Sniper Dz phishing templates to host on their own servers." Perhaps what makes it even more lucrative is that these services are provided for free. That said, the credentials harvested using the phishing sites are also exfiltrated to the operators of the PhaaS platform, a technique that Microsoft calls double theft . PhaaS platforms have become an increasingly common way for aspiring threat actors to enter the world of cy...
cyber security

Secure Your Azure: Proactive Tips for Cloud Protection

websiteWizCloud Security
Discover how to boost your Azure cloud security with practical steps to help you maintain control and visibility.
Expert Insights / Articles Videos
Cybersecurity Resources