#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

hacking tools | Breaking Cybersecurity News | The Hacker News

British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace

British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace

Oct 27, 2022
A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called  The Real Deal  that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye , who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been charged with five counts of access device fraud and one count of money laundering conspiracy. Kaye was indicted in April 2021, and subsequently consented to his extradition from Cyprus to the U.S. in September 2022. "While living overseas, this defendant allegedly operated an illegal website that made hacking tools and login credentials available for purchase, including those for U.S. government agencies,"  said  U.S. Attorney Ryan K. Buchanan. Court documents show that  The Real Deal , until its shutdown in 2016, functioned as a market for illicit items, including stolen account logins for U.S. government computers, bank accounts, and social media platforms such as Twitter and
Former CIA Engineer Convicted of Leaking 'Vault 7' Hacking Secrets to WikiLeaks

Former CIA Engineer Convicted of Leaking 'Vault 7' Hacking Secrets to WikiLeaks

Jul 14, 2022
Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed  Vault 7  to WikiLeaks. The 33-year-old engineer had been  charged  in June 2018 with unauthorized disclosure of classified information and theft of classified material. Schulte also  faces  a separate trial on charges related to possession of child pornographic photos and videos, for which he was arrested on August 24, 2017. U.S. Attorney Damian Williams  said  in a statement that Schulte was convicted for "one of the most brazen and damaging acts of espionage in American history," adding his actions had a "devastating effect on our intelligence community by providing critical intelligence to those who wish to do us harm." WikiLeaks would go on to release the documents on March 7, 2017,  calling  it the "largest ever publication of confidential documents on the agency." This incl
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin

FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin

Apr 13, 2022
An international law enforcement operation raided and took down RaidForums, one of the world's largest hacking forums notorious for selling access to hacked personal information belonging to users. Dubbed Tourniquet, the seizure of the cybercrime website involved authorities from the U.S., U.K., Sweden, Portugal, and Romania, with the criminal investigation resulting in the  arrest  of the forum's administrator at his home last month in Croydon, England. The three confiscated domains associated with the illicit marketplace include "raidforums[.]com," "Rf[.]ws," and "Raid[.]lol." Diogo Santos Coelho (aka "Omnipotent"), the said founder and chief administrator, was apprehended in the U.K. on January 31 and is pending extradition to the U.S. Santos Coelho has been charged with conspiracy, access device fraud, and aggravated identity theft. In addition to detailing Santos Coelho's central role in designing and administering the soft
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Israel Bans Sales of Hacking and Surveillance Tools to 65 Countries

Israel Bans Sales of Hacking and Surveillance Tools to 65 Countries

Nov 26, 2021
Israel's Ministry of Defense has dramatically restricted the number of countries to which cybersecurity firms operating in the nation are allowed to sell offensive hacking and surveillance tools to, cutting off 65 nations from the export list. The revised list, details of which were first reported by the Israeli business newspaper  Calcalist , now only includes 37 countries, down from the previous 102: Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Iceland, India, Ireland, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, New Zealand, Norway, Portugal, Romania, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, the Netherlands, the U.K., and the U.S. Notably missing from the list are countries such as Morocco, Bahrain, Saudi Arabia, and the U.A.E, which have been previously identified as customers of Israeli spyware vendor NSO Group. In curtailing the exports, the mov
U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes

U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes

Oct 21, 2021
The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security (NS) and anti-terrorism (AT) reasons. The  mandate , which is set to go into effect in 90 days, will forbid the export, reexport and transfer of "cybersecurity items" to countries of "national security or weapons of mass destruction concern" such as China and Russia without a license from the department's Bureau of Industry and Security (BIS). "The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fueling authoritarian practices," BIS  said  in a press release. The rule does not cover "intrusion software" itself, but rather the following — Systems, equipment, and components specially designed or
SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

Dec 14, 2020
Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. " SoReL-20M " (short for  So phos- Re versing L abs –  20   M illion), as it's called, is a dataset containing metadata, labels, and features for 20 million Windows Portable Executable (.PE) files, including 10 million disarmed malware samples, with the goal of devising machine-learning approaches for better malware detection capabilities. "Open knowledge and understanding about cyber threats also leads to more predictive cybersecurity," Sophos AI group said. "Defenders will be able to anticipate what attackers are doing and be better prepared for their next move." Accompanying the release are a set of  PyTorch  and  LightGBM -based machine learning  models pre-trained
Kali Linux 2019.1 Released — Operating System For Hackers

Kali Linux 2019.1 Released — Operating System For Hackers

Feb 18, 2019
Wohooo! Great news for hackers and penetration testers. Offensive Security has just released Kali Linux 2019.1, the first 2019 version of its Swiss army knife for cybersecurity professionals. The latest version of Kali Linux operating system includes kernel up to version 4.19.13 and patches for numerous bugs, along with many updated software, like Metasploit, theHarvester, DBeaver, and more. Kali Linux 2019.1 comes with the latest version of Metasploit (version 5.0) penetration testing tool, which "includes database and automation APIs, new evasion capabilities, and usability improvements throughout," making it more efficient platform for penetration testers. Metasploit version 5.0 is the software's first major release since version 4.0 which came out in 2011. Talking about ARM images, Kali Linux 2019.1 has now once again added support for Banana Pi and Banana Pro that are on kernel version 4.19. "Veyron has been moved to a 4.19 kernel, and the Raspbe
Researchers Release Tool That Finds Vulnerable Robots on the Internet

Researchers Release Tool That Finds Vulnerable Robots on the Internet

Jan 28, 2019
A team at a robot cybersecurity startup has released a free, open-source tool for information security professionals to help them easily 'footprint' and detect unprotected robots, not only connected to the Internet, but also to the industrial environments where they operate. Dubbed " Aztarna ," the framework has been developed by Alias Robotics , a Spanish cybersecurity firm focused on robots and is capable of detecting vulnerable industrial routers and robots powered by ROS (Robot Operating System), SROS (Secure ROS) and other robot technologies. Written in Python 3, Aztarna is basically a port scanning tool with a built-in database of fingerprints for industrial routers (including Westermo, Moxa, Sierra Wireless, and eWON), and robotic technologies and components, as well as patterns that power the tool to test those devices against various known vulnerabilities and security misconfigurations. Researchers at Alias Robotics told The Hacker News that Aztarna h
Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Dec 11, 2017
Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. Moscow-based security firm Group-IB published a 36-page report on Monday, providing details about the newly-disclosed hacking group, dubbed MoneyTaker , which has been operating since at least May 2016. In the past 18 months, the hacking group is believed to have conducted more than 20 attacks against various financial organisations—stolen more than $11 Million and sensitive documents that could be used for next attacks. According to the security firm, the group has primarily been targeting card processing systems, including the AWS CBR (Russian Interbank System) and SWIFT international bank messaging service (United States). " Criminals stole documentation for OceanSystems' FedLink card processing system, which is used by 200 banks in Latin America
3 New CIA-developed Hacking Tools For MacOS & Linux Exposed

3 New CIA-developed Hacking Tools For MacOS & Linux Exposed

Jul 27, 2017
WikiLeaks has just published a new set of classified documents linked to another CIA project, dubbed ' Imperial ,' which reveals details of at least three CIA-developed hacking tools and implants designed to target computers running Apple Mac OS X and different flavours of Linux operating systems. If you are a regular reader of THN, you must be aware that this latest revelation by the whistleblower organisation is the part of an ongoing CIA-Vault 7 leaks, marking it as the 18th batch in the series. If you are unaware of the Vault 7 leaks, you can head on to the second of this article for having a brief look on all the leaks at once. Achilles — Tool to Backdoor Mac OS X Disk Images Dubbed Achilles , the hacking tool allows CIA operators to combine malicious Trojan applications with a legitimate Mac OS app into a disk image installer (.DMG) file. The binding tool, the shell script is written in Bash, gives the CIA operators "one or more desired operator specified e
How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet)

How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet)

Jul 13, 2017
WikiLeaks has today published the 16th batch of its ongoing Vault 7 leak , this time instead of revealing new malware or hacking tool, the whistleblower organisation has unveiled how CIA operatives stealthy collect and forward stolen data from compromised smartphones. Previously we have reported about several CIA hacking tools, malware and implants used by the agency to remotely infiltrate and steal data from the targeted systems or smartphones. However, this time neither Wikileaks nor the leaked CIA manual clearly explains how the agency operatives were using this tool. But, since we have been covering every CIA leak from the very first day, we have understood a possible scenario and have illustrated how this newly revealed tool was being used. Explained: How CIA Highrise Project Works In general, the malware uses the internet connection to send stolen data after compromising a machine to the attacker-controlled server (listening posts), but in the case of smartphones,
'Shadow Brokers' Threatens to Unmask A Hacker Who Worked With NSA

'Shadow Brokers' Threatens to Unmask A Hacker Who Worked With NSA

Jun 28, 2017
The Shadow Brokers , a notorious hacking group that leaked US cyberweapons — which were also abused by the recent ransomware disasters WannaCry and Petya or NotPetya — has now threatened to unmask the identity of a former hacker who worked for the NSA. Besides this, the Shadow Brokers group has also doubled the price for its monthly subscription model of NSA's built hacking tools and zero-day exploits from 100 ZEC (Zcash) to 200 ZEC, which is around $64,400 USD. Moreover, the hacking group has also announced a VIP service for people, who will be entertained by the group for their queries on the leaked hacking tools and exploits. To subscribe to the VIP service, one has to make a one-time payment of 400 ZEC (around US$128,800). Last month, the Shadow Brokers announced to release more zero-days exploits and hacking tools  developed by the US spy agency every month from June 2017, but only to private members who will subscribe for receiving exclusive access to the futur
Shadow Brokers Launches 0-Day Exploit Subscriptions for $21,000 Per Month

Shadow Brokers Launches 0-Day Exploit Subscriptions for $21,000 Per Month

May 30, 2017
As promised to release more zero-days exploits and hacking tools for various platforms starting from June 2017, the infamous hacking group Shadow Brokers is back with more information on how to subscribe and become a private member for receiving exclusive access to the future leaks. The Shadow Brokers is the same hacking group who leaked NSA's built Windows hacking tools and zero-day exploits in public that led to the WannaCry menace . When the Shadow Brokers promised its June 2017 release two weeks ago, the group announced that it would sell new zero-day exploits and hacking tools only to the private members with paid monthly subscription, instead of making them public for everyone. How to Become Member of the 'Wine of Month' Club? Now, just a few minutes ago, the hacking collective has released details about how to participate in the monthly subscription model – or the "Wine of Month Club," as the group called it – to get exclusive access to the
Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days

Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days

May 16, 2017
The infamous hacking collective Shadow Brokers – the one who leaked the Windows SMB exploit in public that led to last weekend's WannaCrypt menace – are back, this time, to cause more damage. In typically broken English, the Shadow Brokers published a fresh statement (with full of frustration) a few hours ago, promising to release more zero-day bugs and exploits for various desktop and mobile platforms starting from June 2017. However, this time the Shadow Brokers leaks will not be available for everybody, as the hacking collective said: "TheShadowBrokers is launching new monthly subscription model. Is being like [the] wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month." To some extent, this is good news, but it is terrible news too. Good because now all these upcoming alleged unpatched vulnerabilities will be patched after being disclosed and terrible because the group will sell new zero-day e
Leaked NSA Hacking Tools Being Used to Hack Thousands of Vulnerable Windows PCs

Leaked NSA Hacking Tools Being Used to Hack Thousands of Vulnerable Windows PCs

Apr 22, 2017
Script kiddies and online criminals around the world have reportedly started exploiting NSA hacking tools leaked last weekend to compromise hundreds of thousands of vulnerable Windows computers exposed on the Internet. Last week, the mysterious hacking group known as Shadow Brokers leaked a set of Windows hacking tools targeting Windows XP, Windows Server 2003, Windows 7 and 8, and Windows 2012, allegedly belonged to the NSA's Equation Group. What's Worse? Microsoft quickly downplayed the security risks by releasing patches for all exploited vulnerabilities , but there are still risks in the wild with unsupported systems as well as with those who haven't yet installed the patches. Multiple security researchers have performed mass Internet scans over the past few days and found tens of thousands of Windows computers worldwide infected with DoublePulsar , a suspected NSA spying implant, as a result of a free tool released on GitHub for anyone to use. Security r
Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by Wikileaks

Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by Wikileaks

Apr 10, 2017
Security researchers have confirmed that the alleged CIA hacking tools recently exposed by WikiLeaks have been used against at least 40 governments and private organizations across 16 countries. Since March, as part of its " Vault 7 " series, Wikileaks has published over 8,761 documents and other confidential information that the whistleblower group claims came from the US Central Intelligence Agency (CIA). Now, researchers at cybersecurity company Symantec reportedly managed to link those CIA hacking tools to numerous real cyber attacks in recent years that have been carried out against the government and private sectors across the world. Those 40 cyber attacks were conducted by Longhorn — a North American hacking group that has been active since at least 2011 and has used backdoor trojans and zero-day attacks to target government, financial, energy, telecommunications, education, aerospace, and natural resources sectors. Although the group's targets were a
Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

Jan 12, 2017
The company that sells digital forensics and mobile hacking tools to others has itself been hacked. Israeli firm Cellebrite , the popular company that provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had 900 GB of its data stolen by an unknown hacker. But the hacker has not yet publicly released anything from the stolen data archive, which includes its customer information, user databases, and a massive amount of technical data regarding its hacking tools and products. Instead, attackers are looking for possible opportunities to sell the access to Cellebrite system and data on a few selected IRC chat rooms, the hacker told Joseph Cox, contributor at Motherboard , who was contacted by the hacker and received a copy of the stolen data. Meanwhile, Cellebrite also admitted that it recently experienced "unauthorized access to an external web server," and said that it is "conducting an investigation
Cybersecurity Resources