#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

windows hacking tool | Breaking Cybersecurity News | The Hacker News

Hacker Reveals Easiest Way to Hijack Privileged Windows User Session Without Password

Hacker Reveals Easiest Way to Hijack Privileged Windows User Session Without Password
Mar 20, 2017
You may be aware of the fact that a local Windows user with system rights and permissions can reset the password for other users, but did you know that a local user can also hijack other users' session, including domain admin/system user, without knowing their passwords? Alexander Korznikov, an Israeli security researcher, has recently demonstrated that a local privileged user can even hijack the session of any logged-in Windows user who has higher privileges without knowing that user's password, using built-in command line tools. This trick works on almost all versions of Windows operating system and does not require any special privileges. Korznikov is himself unable to figure out if it is a Windows feature or a security flaw. The issue discovered by Korznikov is not entirely new, as a French security researcher, namely Benjamin Delpy, detailed a similar user session hijacking technique on his blog some six years ago. Korznikov calls the attack a "privilege

Student Faces 10 Years In Prison For Creating And Selling Limitless Keylogger

Student Faces 10 Years In Prison For Creating And Selling Limitless Keylogger
Jan 14, 2017
A 21-year-old former Langley High School student, who won a Programmer of the Year Award in high school, pleaded guilty on Friday to charges of developing and selling custom key-logging malware that infected thousands of victims. Zachary Shames from Virginia pleaded guilty in a federal district court and now faces a maximum penalty of up to 10 years in prison for his past deeds. Shames was arrested this summer while he was working as a technical intern at Northrop Grumman, a security and defense government contractor, developing front-end site code and backend Java software and managing a MySQL database, according to what appears on his Linkedin page. According to a press release from the U.S. Department of Justice, Shames developed a keylogger in 2013 that allowed users to steal sensitive information, including passwords and banking credentials, from a victim's computer, while he was still a high school student in 2013. Keylogger is malicious software designed to recor

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

Stolen NSA "Windows Hacking Tools" Now Up For Sale!

Stolen NSA "Windows Hacking Tools" Now Up For Sale!
Jan 10, 2017
The Shadow Brokers who previously stole and leaked a portion of the NSA hacking tools and exploits is back with a Bang! The hacking group is now selling another package of hacking tools, " Equation Group Windows Warez ," which includes Windows exploits and antivirus bypass tools, stolen from the NSA-linked hacking unit, The Equation Group. For those unfamiliar with the topic, The Shadow Brokers is a notorious group of black-hat hackers who, in August 2016, leaked exploits, security vulnerabilities, and "powerful espionage tools" created by The Equation Group. On Saturday, the Shadow Brokers posted a message on their ZeroNet based website, announcing the sale of the entire " Windows Warez " collection for 750 Bitcoin (around US$678,630). The data dump contains many windows hacking tools, categorized as following: Fuzzing tools (used to discover errors and security loopholes) Exploit Framework Network Implants Remote Administration Tools (RAT) Remot

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Cybersecurity Resources