#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

cyber attacks | Breaking Cybersecurity News | The Hacker News

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

Jan 11, 2024 Cloud Security / Cyber Attacks
A new Python-based hacking tool called  FBot  has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio. "Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various SaaS accounts," SentinelOne security researcher Alex Delamotte  said  in a report shared with The Hacker News. FBot is the latest addition to the list of cloud hacking tools like  AlienFox, GreenBot  (aka Maintance),  Legion , and  Predator , the latter four of which share code-level overlaps with AndroxGh0st. SentinelOne described FBot as "related but distinct from these families," owing to the fact that it does not reference any source code from AndroxGh0st, although it exhibits similarities with Legion, which first came to light last year. The end goal of the tool is to hijack cloud, SaaS, and
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

Nov 16, 2023 Cyber Threats / Data Security
The threat actors behind the  Rhysida ransomware  engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). "Observed as a ransomware-as-a-service (RaaS) model, Rhysida actors have compromised organizations in education, manufacturing, information technology, and government sectors and any ransom paid is split between the group and affiliates," the agencies  said . " Rhysida actors leverage external-facing remote services, such as virtual private networks (VPNs), Zerologon vulnerability (CVE-2020-1472), and phishing campaigns to gain initial access and persistence within a network." First detected in May 2023,  Rhysida  makes use of the time-tested tactic of double extortion, demanding a ransom payment to decrypt victim
Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks

Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks

Dec 06, 2022 Advanced Persistent Threat
A malicious campaign targeting the Middle East is likely linked to  BackdoorDiplomacy , an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful exploitation of  ProxyShell flaws  in the Microsoft Exchange Server. Initial compromise leveraged binaries vulnerable to side-loading techniques, followed by using a mix of legitimate and bespoke tools to conduct reconnaissance, harvest data, move laterally across the environment, and evade detection. "File attributes of the malicious tools showed that the first tools deployed by the threat actors were the NPS proxy tool and IRAFAU backdoor," Bitdefender researchers Victor Vrabie and Adrian Schipor said in a report shared with The Hacker News. "Starting in February 2022, the threat actors used another tool – [the] Quarian backdoor, along with many other scanners and proxy/tunnel
cyber security

Protecting Your Organization From Insider Threats - All You Need to Know

websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.
It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

May 15, 2024Enterprise Security / Cloud Computing
While cloud adoption has been top of mind for many IT professionals for nearly a decade, it's only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure – with relative ease. Transitioning from VMware vSphere to Microsoft Azure requires careful planning and execution to ensure a smooth migration process. In this guide, we'll walk through the steps involved in moving your virtualized infrastructure to the cloud giant, Microsoft Azure. Whether you're migrating your entire data center or specific workloads, these steps will help you navigate the transition effectively. 1. Assess Your Environment: Before diving into the migration process, assess your current VMware vSphere environment thoroughly. Identify all virtual machines (VMs), dependencies, and resource
Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks

Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks

Oct 28, 2022
The increased use of information technology in our everyday life and business has led to cyber-attacks becoming more sophisticated and large-scale. For organizations to thrive in this era of technology, they must develop robust security strategies to detect and mitigate attacks. Defense in depth is a strategy in which companies use multiple layers of security measures to safeguard assets. A well-implemented defense in depth can help organizations prevent and mitigate ongoing attacks.  Defense in depth uses various cutting-edge security tools to safeguard a business's endpoints, data, applications, and networks. The objective is to prevent cyber threats, but a robust defense-in-depth approach also thwarts ongoing attacks and prevents further damage. How organizations can implement defense in depth The image above shows the various layers of security that organizations must implement. Below we describe ideas that companies should consider for each layer. Governance and risk mana
CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware

CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware

Oct 24, 2022
U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the  Daixin Team  primarily targeting the healthcare sector in the country. "The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the agencies  said . The alert was published Friday by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS). Over the past four months, the group has been linked to multiple ransomware incidents in the Healthcare and Public Health (HPH) sector, encrypting servers related to electronic health records, diagnostics, imaging, and intranet services. It's also said to have exfiltrated personal identifiable information (PII) and patient health information (PHI) as part of a double extortion scheme to se
Cybersecurity
Expert Insights
Cybersecurity Resources