#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

hacking tools | Breaking Cybersecurity News | The Hacker News

Category — hacking tools
Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks

Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks

Aug 19, 2024 Cloud Security / Threat Intelligence
Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News. Examples of the services used to facilitate the en masse distribution of SMS messages include Amazon Simple Notification Service (SNS), Nexmo, Plivo, Proovl, Send99, Telesign, Telnyx, TextBelt, Twilio. It's important to note here that the activity does not exploit any inherent weaknesses in these providers. Rather, the tool uses legitimate APIs to conduct bulk SMS spam attacks. It joins tools like SNS Sender that have increasingly become a way to send bulk smishing messages and ultimately capture sensitive information from targets. Distributed via Telegram and hacking fo...
New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

Jun 20, 2024 Threat Intelligence / Cybercrime
A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA dropper, VBA downloader, link downloader, and executable downloader -- with some of them using a PowerShell script to bypass User Account Control (UAC) and execute Fickle Stealer. The PowerShell script ("bypass.ps1" or "u.ps1") is also designed to periodically send information about the victim, including country, city, IP address, operating system version, computer name, and username to a Telegram bot controlled by the attacker. The stealer payload, which is protected using a packer, runs a series of anti-analysis checks to determine if it's running in a sandbox or a virtual machine environment, following which it beacons out to a remote server to exfiltrate da...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace

British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace

Oct 27, 2022
A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called  The Real Deal  that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye , who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been charged with five counts of access device fraud and one count of money laundering conspiracy. Kaye was indicted in April 2021, and subsequently consented to his extradition from Cyprus to the U.S. in September 2022. "While living overseas, this defendant allegedly operated an illegal website that made hacking tools and login credentials available for purchase, including those for U.S. government agencies,"  said  U.S. Attorney Ryan K. Buchanan. Court documents show that  The Real Deal , until its shutdown in 2016, functioned as a market for illicit items, including stolen account logins for U.S. government computers, bank accounts, and social media platforms such a...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Former CIA Engineer Convicted of Leaking 'Vault 7' Hacking Secrets to WikiLeaks

Former CIA Engineer Convicted of Leaking 'Vault 7' Hacking Secrets to WikiLeaks

Jul 14, 2022
Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed  Vault 7  to WikiLeaks. The 33-year-old engineer had been  charged  in June 2018 with unauthorized disclosure of classified information and theft of classified material. Schulte also  faces  a separate trial on charges related to possession of child pornographic photos and videos, for which he was arrested on August 24, 2017. U.S. Attorney Damian Williams  said  in a statement that Schulte was convicted for "one of the most brazen and damaging acts of espionage in American history," adding his actions had a "devastating effect on our intelligence community by providing critical intelligence to those who wish to do us harm." WikiLeaks would go on to release the documents on March 7, 2017,  calling  it the "largest ever publication of confidential documents on the...
FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin

FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin

Apr 13, 2022
An international law enforcement operation raided and took down RaidForums, one of the world's largest hacking forums notorious for selling access to hacked personal information belonging to users. Dubbed Tourniquet, the seizure of the cybercrime website involved authorities from the U.S., U.K., Sweden, Portugal, and Romania, with the criminal investigation resulting in the  arrest  of the forum's administrator at his home last month in Croydon, England. The three confiscated domains associated with the illicit marketplace include "raidforums[.]com," "Rf[.]ws," and "Raid[.]lol." Diogo Santos Coelho (aka "Omnipotent"), the said founder and chief administrator, was apprehended in the U.K. on January 31 and is pending extradition to the U.S. Santos Coelho has been charged with conspiracy, access device fraud, and aggravated identity theft. In addition to detailing Santos Coelho's central role in designing and administering the soft...
Israel Bans Sales of Hacking and Surveillance Tools to 65 Countries

Israel Bans Sales of Hacking and Surveillance Tools to 65 Countries

Nov 26, 2021
Israel's Ministry of Defense has dramatically restricted the number of countries to which cybersecurity firms operating in the nation are allowed to sell offensive hacking and surveillance tools to, cutting off 65 nations from the export list. The revised list, details of which were first reported by the Israeli business newspaper  Calcalist , now only includes 37 countries, down from the previous 102: Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Iceland, India, Ireland, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, New Zealand, Norway, Portugal, Romania, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, the Netherlands, the U.K., and the U.S. Notably missing from the list are countries such as Morocco, Bahrain, Saudi Arabia, and the U.A.E, which have been previously identified as customers of Israeli spyware vendor NSO Group. In curtailing the exports, th...
U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes

U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes

Oct 21, 2021
The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security (NS) and anti-terrorism (AT) reasons. The  mandate , which is set to go into effect in 90 days, will forbid the export, reexport and transfer of "cybersecurity items" to countries of "national security or weapons of mass destruction concern" such as China and Russia without a license from the department's Bureau of Industry and Security (BIS). "The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fueling authoritarian practices," BIS  said  in a press release. The rule does not cover "intrusion software" itself, but rather the following — Systems, equipment, and components specially designed or...
SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

Dec 14, 2020
Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. " SoReL-20M " (short for  So phos- Re versing L abs –  20   M illion), as it's called, is a dataset containing metadata, labels, and features for 20 million Windows Portable Executable (.PE) files, including 10 million disarmed malware samples, with the goal of devising machine-learning approaches for better malware detection capabilities. "Open knowledge and understanding about cyber threats also leads to more predictive cybersecurity," Sophos AI group said. "Defenders will be able to anticipate what attackers are doing and be better prepared for their next move." Accompanying the release are a set of  PyTorch  and  LightGBM -based machine learning  models pre-trained...
Kali Linux 2019.1 Released — Operating System For Hackers

Kali Linux 2019.1 Released — Operating System For Hackers

Feb 18, 2019
Wohooo! Great news for hackers and penetration testers. Offensive Security has just released Kali Linux 2019.1, the first 2019 version of its Swiss army knife for cybersecurity professionals. The latest version of Kali Linux operating system includes kernel up to version 4.19.13 and patches for numerous bugs, along with many updated software, like Metasploit, theHarvester, DBeaver, and more. Kali Linux 2019.1 comes with the latest version of Metasploit (version 5.0) penetration testing tool, which "includes database and automation APIs, new evasion capabilities, and usability improvements throughout," making it more efficient platform for penetration testers. Metasploit version 5.0 is the software's first major release since version 4.0 which came out in 2011. Talking about ARM images, Kali Linux 2019.1 has now once again added support for Banana Pi and Banana Pro that are on kernel version 4.19. "Veyron has been moved to a 4.19 kernel, and the Raspbe...
Researchers Release Tool That Finds Vulnerable Robots on the Internet

Researchers Release Tool That Finds Vulnerable Robots on the Internet

Jan 28, 2019
A team at a robot cybersecurity startup has released a free, open-source tool for information security professionals to help them easily 'footprint' and detect unprotected robots, not only connected to the Internet, but also to the industrial environments where they operate. Dubbed " Aztarna ," the framework has been developed by Alias Robotics , a Spanish cybersecurity firm focused on robots and is capable of detecting vulnerable industrial routers and robots powered by ROS (Robot Operating System), SROS (Secure ROS) and other robot technologies. Written in Python 3, Aztarna is basically a port scanning tool with a built-in database of fingerprints for industrial routers (including Westermo, Moxa, Sierra Wireless, and eWON), and robotic technologies and components, as well as patterns that power the tool to test those devices against various known vulnerabilities and security misconfigurations. Researchers at Alias Robotics told The Hacker News that Aztarna h...
Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Dec 11, 2017
Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. Moscow-based security firm Group-IB published a 36-page report on Monday, providing details about the newly-disclosed hacking group, dubbed MoneyTaker , which has been operating since at least May 2016. In the past 18 months, the hacking group is believed to have conducted more than 20 attacks against various financial organisations—stolen more than $11 Million and sensitive documents that could be used for next attacks. According to the security firm, the group has primarily been targeting card processing systems, including the AWS CBR (Russian Interbank System) and SWIFT international bank messaging service (United States). " Criminals stole documentation for OceanSystems' FedLink card processing system, which is used by 200 banks in Latin America...
3 New CIA-developed Hacking Tools For MacOS & Linux Exposed

3 New CIA-developed Hacking Tools For MacOS & Linux Exposed

Jul 27, 2017
WikiLeaks has just published a new set of classified documents linked to another CIA project, dubbed ' Imperial ,' which reveals details of at least three CIA-developed hacking tools and implants designed to target computers running Apple Mac OS X and different flavours of Linux operating systems. If you are a regular reader of THN, you must be aware that this latest revelation by the whistleblower organisation is the part of an ongoing CIA-Vault 7 leaks, marking it as the 18th batch in the series. If you are unaware of the Vault 7 leaks, you can head on to the second of this article for having a brief look on all the leaks at once. Achilles — Tool to Backdoor Mac OS X Disk Images Dubbed Achilles , the hacking tool allows CIA operators to combine malicious Trojan applications with a legitimate Mac OS app into a disk image installer (.DMG) file. The binding tool, the shell script is written in Bash, gives the CIA operators "one or more desired operator specified e...
How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet)

How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet)

Jul 13, 2017
WikiLeaks has today published the 16th batch of its ongoing Vault 7 leak , this time instead of revealing new malware or hacking tool, the whistleblower organisation has unveiled how CIA operatives stealthy collect and forward stolen data from compromised smartphones. Previously we have reported about several CIA hacking tools, malware and implants used by the agency to remotely infiltrate and steal data from the targeted systems or smartphones. However, this time neither Wikileaks nor the leaked CIA manual clearly explains how the agency operatives were using this tool. But, since we have been covering every CIA leak from the very first day, we have understood a possible scenario and have illustrated how this newly revealed tool was being used. Explained: How CIA Highrise Project Works In general, the malware uses the internet connection to send stolen data after compromising a machine to the attacker-controlled server (listening posts), but in the case of smartphones, ...
'Shadow Brokers' Threatens to Unmask A Hacker Who Worked With NSA

'Shadow Brokers' Threatens to Unmask A Hacker Who Worked With NSA

Jun 28, 2017
The Shadow Brokers , a notorious hacking group that leaked US cyberweapons — which were also abused by the recent ransomware disasters WannaCry and Petya or NotPetya — has now threatened to unmask the identity of a former hacker who worked for the NSA. Besides this, the Shadow Brokers group has also doubled the price for its monthly subscription model of NSA's built hacking tools and zero-day exploits from 100 ZEC (Zcash) to 200 ZEC, which is around $64,400 USD. Moreover, the hacking group has also announced a VIP service for people, who will be entertained by the group for their queries on the leaked hacking tools and exploits. To subscribe to the VIP service, one has to make a one-time payment of 400 ZEC (around US$128,800). Last month, the Shadow Brokers announced to release more zero-days exploits and hacking tools  developed by the US spy agency every month from June 2017, but only to private members who will subscribe for receiving exclusive access to the futur...
Shadow Brokers Launches 0-Day Exploit Subscriptions for $21,000 Per Month

Shadow Brokers Launches 0-Day Exploit Subscriptions for $21,000 Per Month

May 30, 2017
As promised to release more zero-days exploits and hacking tools for various platforms starting from June 2017, the infamous hacking group Shadow Brokers is back with more information on how to subscribe and become a private member for receiving exclusive access to the future leaks. The Shadow Brokers is the same hacking group who leaked NSA's built Windows hacking tools and zero-day exploits in public that led to the WannaCry menace . When the Shadow Brokers promised its June 2017 release two weeks ago, the group announced that it would sell new zero-day exploits and hacking tools only to the private members with paid monthly subscription, instead of making them public for everyone. How to Become Member of the 'Wine of Month' Club? Now, just a few minutes ago, the hacking collective has released details about how to participate in the monthly subscription model – or the "Wine of Month Club," as the group called it – to get exclusive access to the ...
Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days

Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days

May 16, 2017
The infamous hacking collective Shadow Brokers – the one who leaked the Windows SMB exploit in public that led to last weekend's WannaCrypt menace – are back, this time, to cause more damage. In typically broken English, the Shadow Brokers published a fresh statement (with full of frustration) a few hours ago, promising to release more zero-day bugs and exploits for various desktop and mobile platforms starting from June 2017. However, this time the Shadow Brokers leaks will not be available for everybody, as the hacking collective said: "TheShadowBrokers is launching new monthly subscription model. Is being like [the] wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month." To some extent, this is good news, but it is terrible news too. Good because now all these upcoming alleged unpatched vulnerabilities will be patched after being disclosed and terrible because the group will sell new zero-day e...
Leaked NSA Hacking Tools Being Used to Hack Thousands of Vulnerable Windows PCs

Leaked NSA Hacking Tools Being Used to Hack Thousands of Vulnerable Windows PCs

Apr 22, 2017
Script kiddies and online criminals around the world have reportedly started exploiting NSA hacking tools leaked last weekend to compromise hundreds of thousands of vulnerable Windows computers exposed on the Internet. Last week, the mysterious hacking group known as Shadow Brokers leaked a set of Windows hacking tools targeting Windows XP, Windows Server 2003, Windows 7 and 8, and Windows 2012, allegedly belonged to the NSA's Equation Group. What's Worse? Microsoft quickly downplayed the security risks by releasing patches for all exploited vulnerabilities , but there are still risks in the wild with unsupported systems as well as with those who haven't yet installed the patches. Multiple security researchers have performed mass Internet scans over the past few days and found tens of thousands of Windows computers worldwide infected with DoublePulsar , a suspected NSA spying implant, as a result of a free tool released on GitHub for anyone to use. Security r...
Expert Insights / Articles Videos
Cybersecurity Resources