Zero-Trust For All: A Practical Guide

While “zero-trust architecture” has become a buzz phrase, there’s plenty of confusion as to what it actually is. Is it a concept? A standard? A framework? An actual set of technology platforms? According to security experts, it’s best described as a fresh mindset for approaching cybersecurity...

Mobile Websites Can Tap Into Your Phone's Sensors Without Asking

Apps need your explicit permission to access your smartphone's motion and light sensors. Mobile websites? Not so much...

Backdoorme - Powerful Auto-Backdooring Utility

Tools like metasploit are great for exploiting computers, but what happens after you've gained access to a computer? Backdoorme answers that question by unleashing a slew of backdoors to establish persistence over long periods of time. Once an SSH connection has been established with the target,...

BackdoorMe - Powerful Auto-Backdooring Utility

Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility. Backdoorme relies on having an existing SSH connection or credentials to the victim, through which it will transfer and...

Path traversal

Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run...

Hawking Technology wireless router WR254-CA DNS issue

Hi, I have discovered a security issue with Hawking Technology wireless router, model WR254-CA. Since they are still available on the market so I think it will be good to warn the community. This router contains a DNS address 139.175.55.244 hardcoded in the firmware. At least when used in DHCP...