Search results for free phishing tool | Breaking Cybersecurity News | The Hacker News

A Greek security researcher, named George Chatzisofroniou , has developed a WiFi social engineering tool that is designed to steal credentials from users of secure Wi-Fi networks. The tool, dubbed WiFiPhisher , has been released on the software development website GitHub on Sunday and is freely available for users. "It's a social engineering attack that does not use brute forcing in contrast to other methods. It's an easy way to get WPA passwords ," said George Chatzisofroniou. However, there are several hacking tools available on the Internet that can hack a secure Wi-Fi network, but this tool automates multiple Wi-Fi hacking techniques which make it slightly different from others. WiFiPhisher tool uses "Evil Twin" attack scenario. Same as Evil Twin, the tool first creates a phony wireless Access Point (AP) masquerade itself as the legitimate Wi-Fi AP. It then directs a denial of service (DoS) attack against the legitimate Wi-Fi access poi...

If your computer has been infected with PyLocky Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search might end here. Security researcher Mike Bautista at Cisco's Talos cyber intelligence unit have released a free decryption tool that makes it possible for victims infected with the PyLocky ransomware to unlock their encrypted files for free without paying any ransom. The decryption tool works for everyone, but it has a huge limitation—to successfully recover your files, you must have captured the initial network traffic (PCAP file) between the PyLocky ransomware and its command-and-control (C2) server, which generally nobody purposely does. This is because the outbound connection—when the ransomware communicates with its C2 server and submit decryption key related information—contains a string that includes both Initialization Vector (IV) and a password, which the ransomware generates randomly to encrypt the file...

Security researchers at Trustwave have released a new open-source tool that uses facial recognition technology to locate targets across numerous social media networks on a large scale. Dubbed Social Mapper, the facial recognition tool automatically searches for targets across eight social media platforms, including—Facebook, Instagram, Twitter, LinkedIn, Google+, the Russian social networking site VKontakte, and China's Weibo and Douban—based on their names and pictures. The tool's creators claim they developed Social Mapper intelligence-gathering tool predominantly to help pen testers and red teamers with social engineering attacks. Although the searches of names and pictures can already be performed manually, Social Mapper makes it possible to automate such scans far faster and "on a mass scale with hundreds or thousands of individuals" at once. "Performing intelligence gathering online is a time-consuming process, it typically starts by attempting to...

Cyberattacks on small and midsized companies in 2019 cost $200,000 per company on average, mercilessly putting many of them out of business, says CNBC in its analysis of a recent Accenture report. In light of the global cybersecurity skills shortage, the number is set to soar in 2020. Solely in the UK, over 50,000 British SMEs could collapse next year following a cyberattack. This article brings a list of free tools that are already being used to combat these alarming challenges and enabling SMEs to arm themselves against a wide range of cyber offenders. Website Security Test with GDPR and PCI DSS Compliance Scan The problem: It would be hard to come across an SME without a website, or at least a web page on the Internet. Such websites are habitually poorly protected, becoming low-hanging fruit for cybercriminals. Even if the website does not store or handle any payment transactions or otherwise sensitive information, once breached, access to it can be sold in Dark Web mark...

If your computer has been infected with Thanatos Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search is over here. Security researchers at Cisco Talos have discovered a weakness in the Thanatos ransomware code that makes it possible for victims to unlock their Thanatos encrypted files for free without paying any ransom in cryptocurrencies. Like all ransomware threats, Thanatos encrypts files and asks victims to pay for ransom in multiple cryptocurrencies, including Bitcoin Cash, to decrypt their files. "Multiple versions of Thanatos have been leveraged by attackers, indicating that this is an evolving threat that continues to be actively developed by threat actors with multiple versions having been distributed in the wild," the researchers say.  "Unlike other ransomware commonly being distributed, Thanatos does not demand ransom payments to be made using a single cryptocurrency like bitcoin. Inste...

Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography. See how they are carried out and learn to detect them. Quishing Quishing, a phishing technique resulting from the combination of "QR" and "phishing," has become a popular weapon for cybercriminals in 2023. By concealing malicious links within QR codes, attackers can evade traditional spam filters, which are primarily geared towards identifying text-based phishing attempts. The inability of many security tools to decipher the content of QR codes further makes this method a go-to choice for cybercriminals. An email containing a QR code with a malicious link Analyzing a QR code with an embedded malicious link in a safe environment is easy with  ANY.RUN : Simply open  this task  in th...

Account credentials, a popular initial access vector, have become a valuable commodity in cybercrime. As a result, a single set of stolen credentials can put your organization's entire network at risk. According to the  2023 Verizon Data Breach Investigation Report , external parties were responsible for  83 percent  of breaches that occurred between November 2021 and October 2022.  Forty-nine percent  of those breaches involved stolen credentials. How are threat actors compromising credentials? Social engineering is one of the  top five cybersecurity threats  in 2023. Phishing, which accounts for %of social engineering attempts, is the go-to method for stealing credentials. It's a relatively cheap tactic that yields results. As phishing and social engineering techniques become more sophisticated and the tools become more readily available, credential theft should become a top security concern for all organizations if it already isn't one. Phishin...

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. In this article, we're going to look at what AitM phishing is, how it works, and what organizations need to be able to detect and block these attacks effectively. What is AitM phishing? AitM phishing is a technique that uses dedicated tooling to act as a proxy between the target and a legitimate login portal for an application.  As it's a proxy to the real application, the page will appear exactly as the user expects, because they are logging into the legitimate site – just taking a detour via the attacker's device. For example, if accessing their webmail, the user will see all their real emails; if accessing their cloud file store then all the...

Last week, application security company ImmuniWeb released a new free tool  to monitor and measure an organization's exposure on the Dark Web. To improve the decision-making process for cybersecurity professionals, the free tool crawls Dark Web marketplaces, hacking forums, and Surface Web resources such as Pastebin or GitHub to provide you with a classified schema of your data being offered for sale or leaked. All you need to launch a Dark Web search is to enter your domain name. The volume of stolen credentials on the Dark Web is booming This week, over 26 million user records, including plaintext passwords, stolen from LiveJournal appeared on a Dark Web marketplace for as low as $35. The present week is likewise sadly marked with a compromise of 31 SQL databases (with 1.6 million rows of client data) from webshop owners. There were 7,098 breaches reported in 2019, exposing over 15.1 billion records, a new worst year on record according to Risk Based Security report...

PCI DSS 4.0 encourages the implementation of anti-phishing controls like DMARC! This highlights and reinforces the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. While not a mandate or a requirement for PCI DSS compliance, DMARC and supporting email authentication technologies like SPF and DKIM play a pivotal role in protecting domain names against misuse.  Organizations can sign up for a DMARC analyzer trial to simplify their DMARC implementation, without the need for technical expertise. With more than 94% of organizations falling victim to phishing, this is the cue for businesses of all sizes to strengthen domain security and prevent the next big cyber attack. Many organizations turn to email authentication management solutions like PowerDMARC to simplify implementation, monitor authentication, and ensure continuous protection. On the flip side, it also presents a golden opportunity for MSPs to sell DMARC to th...