#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for Hijack | Breaking Cybersecurity News | The Hacker News

Hacker Reveals Easiest Way to Hijack Privileged Windows User Session Without Password

Hacker Reveals Easiest Way to Hijack Privileged Windows User Session Without Password

Mar 20, 2017
You may be aware of the fact that a local Windows user with system rights and permissions can reset the password for other users, but did you know that a local user can also hijack other users' session, including domain admin/system user, without knowing their passwords? Alexander Korznikov, an Israeli security researcher, has recently demonstrated that a local privileged user can even hijack the session of any logged-in Windows user who has higher privileges without knowing that user's password, using built-in command line tools. This trick works on almost all versions of Windows operating system and does not require any special privileges. Korznikov is himself unable to figure out if it is a Windows feature or a security flaw. The issue discovered by Korznikov is not entirely new, as a French security researcher, namely Benjamin Delpy, detailed a similar user session hijacking technique on his blog some six years ago. Korznikov calls the attack a "privilege
China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware

China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware

Jan 25, 2024 Malware / Cyber Threat
A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name  Blackwood . It's said to be active since at least 2018. The NSPX30 implant has been observed deployed via the update mechanisms of known software such as Tencent QQ, WPS Office, and Sogou Pinyin, with the attacks targeting Chinese and Japanese manufacturing, trading, and engineering companies as well as individuals located in China, Japan, and the U.K. "NSPX30 is a multistage implant that includes several components such as a dropper, an installer, loaders, an orchestrator, and a backdoor," security researcher Facundo Muñoz  said . "Both of the latter two have their own sets of plugins." "The implant was designed around the attackers
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
You Can Hijack Nearly Any Drone Mid-flight Using This Tiny Gadget

You Can Hijack Nearly Any Drone Mid-flight Using This Tiny Gadget

Oct 27, 2016
Now you can hijack nearly any drone mid-flight just by using a tiny gadget. Security researcher Jonathan Andersson has devised a small hardware, dubbed Icarus, that can hijack a variety of popular drones mid-flight, allowing attackers to lock the owner out and give them complete control over the device. Andersson, who is the manager of Trend Micro's TippingPoint DVLab division, demonstrated this new hack at this year's PacSec security conference in Tokyo, Japan on Wednesday. Besides Drones, the new gadget has the capability of fully hijacking a wide variety of radio-controlled devices, including helicopters, cars, boats and other remote control gears that run over the most popular wireless transmission control protocol called DSMx. DSMx is a protocol used to facilitate communication between radio controllers and devices, including drones, helicopters, and cars. This is not the first hardware that can hijack drones mid-flight . There are jamming devices available in
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Researchers Uncover Spying Tool Used by Governments to Hijack all Types of Smartphones

Researchers Uncover Spying Tool Used by Governments to Hijack all Types of Smartphones

Jun 25, 2014
Purchasing malware to victimize people is illegal by laws but if the same thing any government official do, then its not!! Yes, the police forces around the World are following the footsteps of U.S. National Security Agency ( NSA ) and FBI. Researchers from the Citizen Lab at the Munk School of Global Affairs at the University of Toronto and computer security firm Kaspersky Lab have unearthed a broad network of controversial spyware which is specially designed to give law enforcement agencies complete access to a suspect's phone for the purpose of surveillance. MALWARE FOR DESKTOPS AND ALL MOBILE DEVICES The malware , dubbed as Remote Control System (RCS) , also known as Da Vinci and Galileo, is developed by an Italian company known as Hacking Team, available for desktop computers, laptops, and mobile devices. The latest version of the malware works for all phone including Android, iOS, Windows Mobile, Symbian and BlackBerry devices, but best on Android devices , and can also b
Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

Apr 16, 2018
Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users' sensitive information, login credentials and the secret code for two-factor authentication. In order to trick victims into installing the Android malware, dubbed Roaming Mantis , hackers have been hijacking DNS settings on vulnerable and poorly secured routers . DNS hijacking attack allows hackers to intercept traffic, inject rogue ads on web-pages and redirect users to phishing pages designed to trick them into sharing their sensitive information like login credentials, bank account details, and more. Hijacking routers' DNS for a malicious purpose is not new. Previously we reported about widespread DNSChanger and Switcher —both the malware worked by changing the DNS settings of the wireless routers to redirect traffic to malicious websites controlled by attackers. Discovered by security researchers at Kaspersk
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

Feb 27, 2024 Supply Chain Attack / Data Security
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. "It's possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository on the platform, as well as hijack any models that are submitted through the conversion service," HiddenLayer  said  in a report published last week. This, in turn, can be accomplished using a hijacked model that's meant to be converted by the service, thereby allowing malicious actors to request changes to any repository on the platform by masquerading as the conversion bot. Hugging Face is a popular collaboration platform that helps users host pre-trained machine learning models and datasets, as well as build, deploy, and train them. Safetensors is a  format  devised by the company to store  tensors  keeping security in mind, as oppo
WordPress Cookie Flaw Lets Hackers Hijack Your Account

WordPress Cookie Flaw Lets Hackers Hijack Your Account

May 27, 2014
Do you own a blog on WordPress.com website? If Yes, then you should take some extra cautious while signing into your Wordpress account from the next time when connected to public Wi-Fi, because it can be hacked without your knowledge, even if you have enabled two-factor authentication. Yan Zhu , a researcher at the Electronic Frontier Foundation (EFF) noticed that the blogs hosted on WordPress are sending user authentication cookies in plain text, rather than encrypting it. So, it can be easily hijacked by even a Script-Kiddie looking to steal information. HIJACKING  AUTHENTICATION COOKIES When Wordpress users log into their account, WordPress.com servers set a web cookie with name " wordpress_logged_in " into the users' browser, Yan Zhu explained in a blog post. He noticed that this authentication cookie being sent over clear HTTP, in a very insecure manner. One can grab HTTP cookies from the same Wi-Fi Network by using some specialized tools, such as F
Spy Agencies Hijack Google Play Store to Install Spyware on Smartphones

Spy Agencies Hijack Google Play Store to Install Spyware on Smartphones

May 21, 2015
I have an Android phone with a five different gmail accounts configured in it. But what if any one of them get compromised via phishing, malware or any other way? The Hacker would be able to access my Google account and obviously Google Play Store account too, which allows anyone to install any Android application remotely into my phone without my knowledge and confirmation… What if someone compromises large number of Google accounts and trigger mass installation of a spying or malware app remotely with just one click???? Yes, this was exactly what the National Security Agency (NSA) had done under its widely spread Global surveillance program. A new top-secret document obtained from the former NSA contractor Edward Snowden revealed that the NSA and its closest allies planned to hijack Google and Samsung app stores to infect smartphones with spyware. The operation was launched by the Network Tradecraft Advancement Team, including spy agents from each of the coun
Hackers learning new ways to hijack smartphones !

Hackers learning new ways to hijack smartphones !

Jan 12, 2011
How safe is your cell phone? Thieves are coming up with new ways to hijack the most popular smartphones. ABC Action News investigative reporter Michael George enlisted the help of a hacking expert to find out how these programs work, and how to beat them. Droids, iPhones, and BlackBerries are just the tip of the iceberg when it comes to smartphones. The phones are wildly popular right now. USF student Marilyn Rodriguez says her whole life is on her phone. "I love my phone. It gets me through classes. I keep track of my schedule, my homework assignments," she said. More and more consumers are using their phones for things they used to do on their home computers. That includes tasks that require private, financial information, like online banking and shopping. The problem is, hackers are starting to figure this out, too. Stratum Security consultant Justin Morehouse is an expert in the methods used by hackers and identity thieves. It's his job to anticipate what the bad guys will
BASHLITE Malware leverages ShellShock Bug to Hijack Devices Running BusyBox

BASHLITE Malware leverages ShellShock Bug to Hijack Devices Running BusyBox

Nov 17, 2014
Cyber criminals are using new malware variants by exploiting GNU Bash vulnerability referred to as ShellShock ( CVE-2014-6271 ) in order to infect embedded devices running BusyBox software, according to a researcher. A new variant of " Bashlite " malware targeting devices running BusyBox software was spotted by the researchers at Trend Micro shortly after the public disclosure of the ShellShock vulnerability. BusyBox provides set of command line utilities that are specifically designed to run in constrained embedded environments. At compile time, different capabilities can be left out, reducing the size of the binaries, and efforts are made to make them memory efficient. This makes the software an excellent candidate for use in consumer electronics devices, which seem to have been the items of interest in this case. The malware variant, detected as ELF_BASHLITE.A (ELF_FLOODER.W) , when executed on victim's machine, scans compromised networks for device
Vulnerability in Facebook app allows hackers to steal access tokens and hijack accounts

Vulnerability in Facebook app allows hackers to steal access tokens and hijack accounts

Oct 29, 2013
There are more than 100 Million users who are using Facebook mobile app. Facebook has fixed multiple critical vulnerabilities in its Android based applications that allows hackers to steal access tokens and hijack accounts. Egyptian security researcher Mohamed Ramadan, Security researcher with Attack Secure, has who disclosed  a couple of vulnerabilities in the Facebook Main app and Facebook messenger app and Facebook page's manager application for Android. User's access token is the key to accessing a Facebook account and according to him, an attacker only needs to send a message that contains an attachment of any type, i.e. Videos, documents, and pictures. Once the victim will click on that file to download, immediately victim's access_token will be stored in the Android's log messages called -  logcat ,  that enables other apps to grab user's access token and hijack the account. Video Demonstration: The second flaw which is reported by Ramadan
New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

May 26, 2020
Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information. Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the wild to steal users' banking and other login credentials, as well as to spy on their activities. The same team of Norwegian cybersecurity researchers today unveiled details of a new critical vulnerability (CVE-2020-0096) affecting the Android operating system that could allow attackers to carry out a much more sophisticated version of Strandhogg attack. Dubbed ' Strandhogg 2.0 ,' the new vulnerability affects all Android devices, except those running the latest version, Android Q / 10, of the mobile operating system—which, unfortunately, is running on only 15-20% of the total
Vulnerability in HTC website allow attacker to hijack accounts

Vulnerability in HTC website allow attacker to hijack accounts

Dec 28, 2012
Thamatam Deepak (Mr.47™) reported a Cross site scripting (XSS) Vulnerability and cookie handling in HTC website, that allow an attacker to HTC website hijack accounts. Mr. Deepak is a 16 years old whitehat hacker, listed in Apple Hall of Fame with 'The Hacker News' researcher Mohit Kumar this month. Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. The malicious script can access any cookies, session tokens, or other sensitive information retained by your browser. This vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross site scripting is very common web application vulnerability, Yesterday our security researcher, Christy Philip Mathew reported about multiple xss in official latest versions of cPanel and WHM . As reported by Whitehat hacker Deepak, there are multiple xss in HTC website, that allow an attacker
Proof of Concept : PuttyHijack – Hijack SSH/PuTTY Sessions

Proof of Concept : PuttyHijack – Hijack SSH/PuTTY Sessions

Oct 02, 2011
Proof of Concept : PuttyHijack - Hijack SSH/PuTTY Sessions PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers. The injected DLL installs hooks and creates a socket in guest operating system for a callback connection that is then used for input/output redirection. PuttyHijack does not kill the current connection, and will cleanly uninject if the socket or process is stopped. Leaves no race for further analysis. How to run/install PuttyHijack Start a nc listener on some fully controlled machine. Run PuttyHijack specify the listener ip and port on victime machine (Some socail engg skill may be helpfull) Watch the echoing of everything including passwords (grab it for further analysis) Help commands of PuttyHijack !disco – disconnect the real putty from the display !reco –
Google Apps Flaw Allowed Hacker to Hijack Account and Disable Two-factor Authentication

Google Apps Flaw Allowed Hacker to Hijack Account and Disable Two-factor Authentication

Jan 23, 2015
A critical cross-site scripting ( XSS ) vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the https://admin.google.com/ domain. The Google Apps admin console allows administrators to manage their organization's account. Administrators can use the console to add new users, configure permissions, manage security settings and enable Google services for your domain. The feature is primarily used by many businesses, especially those using Gmail as the e-mail service for their domain. The XSS flaw allowed attackers to force the admin to do the following actions: Creating new users with "super admin" rights Disabling two-factor authentication ( 2FA ) and other security measures from existing accounts or from multiple domains Modifying domain settings so that all incoming e-mails are redirected to addresses controlled by the attacker Hijack an account/email by resett
Hacker exploits Heartbleed bug to Hijack VPN Sessions

Hacker exploits Heartbleed bug to Hijack VPN Sessions

Apr 19, 2014
Cyber criminals have explored one more way to exploit Heartbleed OpenSSL bug against organisations to hijack multiple active web sessions conducted over a virtual private network connection. The consulting and incident response Mandiant investigated targeted attack against an unnamed organization and said the hackers have exploited the " Heartbleed " security vulnerability in OpenSSL running in the client's SSL VPN concentrator to remotely access active sessions of an organization's internal network. The incident is the result of attacks leveraging the OpenSSL Heartbleed vulnerabilities, which resides in the OpenSSL's heartbeat functionality, if enabled would return 64KB of random memory in plaintext to any client or server requesting for a connection. The vulnerability infected almost two-third of internet web servers, including the popular websites. Recently, there has been an arrest of a Canadian teen of stealing usernames, credentials, session IDs and other da
15-Year-Old JasBug Vulnerability Affects All Versions of Microsoft Windows

15-Year-Old JasBug Vulnerability Affects All Versions of Microsoft Windows

Feb 11, 2015
Microsoft just issued a critical patch to fix a 15-year-old vulnerability that could be exploited by hackers to remotely hijack users' PCs running all supported versions of Windows operating system . The critical vulnerability — named " JASBUG " by the researcher who reported the flaw — is due to a flaw in the fundamental design of Windows that took Microsoft more than 12 months to release a fix. However, the flaw is still unpatched in Windows Server 2003, leaving the version wide open to the hackers for the remaining five months. HACKERS CAN EASILY HIJACK YOUR WINDOWS MACHINE The vulnerability ( CVE-2015-0008 ) could allow an attacker to easily hijack a domain-configured Windows system if it is connected to a malicious network – wirelessly or wired, giving attacker consent to do various tasks including, to go forth and install programs; delete, alter or peruse users' data; or to create new accounts with full user rights. However, Jasbug vulnerability do not affects h
Cybersecurity Resources