Skip to main content


#HITB2018AMS Call for Papers Closes 31st December!

posted onNovember 2, 2017
by l33tdawg

The Call for Papers for the 8th annual HITBSecConf in Amsterdam is now open!

If you're working on new ways to break out of sandboxes, built a state of the art neural network or if you've found a new way to detect and defend next gen attacks, we want to see you on stage at HITBSecConf2018 in Amsterdam!

Call for Papers:
Event Website:

Researchers Find a Way to Disable Much-Hated Intel ME Component Courtesy of the NSA

posted onAugust 29, 2017
by l33tdawg

Researchers from Positive Technologies — a provider of enterprise security solutions — have found a way to disable the Intel Management Engine (ME), a much-hated component of Intel CPUs.

Intel ME is a separate processor embedded with Intel CPUs that runs its own operating system complete with processes, threads, memory manager, hardware bus driver, file system, and many other components.

SAP point-of-sale systems were totally hackable with $25 kit

posted onAugust 29, 2017
by l33tdawg

Point-of-Sale systems from SAP had a vulnerability that allowed them to be hacked using a $25 Raspberry Pi or similar device, according to research unveiled at the Hack in the Box conference in Singapore last week.

Critical vulnerabilities in SAP's POS – since resolved – created a means for hackers not only to steal customers' card data but to gain unfettered control over the server, enabling them to change prices of goods with the help of a simple device, according to ERPScan.

Researcher Releases Fully Working Exploit Code for iOS Kernel Vulnerability

posted onAugust 27, 2017
by l33tdawg

Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions.

The zIVA exploit code allows an attacker to gain arbitrary RW (Read Write) and root access. Apple has addressed the eight vulnerabilities at the heart of this exploit package in a security patch it released in May. One affects the IOSurface kernel extension and seven others affect the AppleAVE Driver kernel extension.

Security Lacking in Previous AppleAVEDriver iOS Kernel Extension

posted onAugust 27, 2017
by l33tdawg

An obscure Apple kernel extension patched in July in iOS 10.3.3 was originally built without security measures in place, according to the researcher who privately disclosed the flaws.

Today at the Hack in the Box security conference in Singapore, Zimperium zLabs’ Adam Donenfeld was scheduled to disclose details on seven flaws he found in the AppleAVEDriver.kext, a video encoder kernel extension, as well as another critical issue in the IOSurface.kext.

Watch Hackers Hijack Three Robots for Spying and Sabotage

posted onAugust 23, 2017
by l33tdawg

The entire corpus of science fiction has trained humanity to fear the day when helpful household and industrial robots turn against it, in a Skynet-style uprising. But a much more near-term threat lurks in the age of automation: not that anthropomorphic gadgets will develop minds of their own, but that a very human hacker will take control of them.

Security researchers demonstrate fast and cheap relay hack of keyless entry system in cars

posted onMay 3, 2017
by l33tdawg

Keyless entry systems are not uncommon in cars these days but they are also the target of unscrupulous hackers who are able to spoof the signal from a car key fob to open a vehicle’s doors. Now, a group of researchers at the Beijing-based security firm Qihoo 360 has demonstrated that the attack is not only easy to execute, but can be done relatively cheaply as well.