HITB

Point-of-Sale systems from SAP had a vulnerability that allowed them to be hacked using a $25 Raspberry Pi or similar device, according to research unveiled at the Hack in the Box conference in Singapore last week.

Critical vulnerabilities in SAP's POS – since resolved – created a means for hackers not only to steal customers' card data but to gain unfettered control over the server, enabling them to change prices of goods with the help of a simple device, according to ERPScan.

Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions.

The zIVA exploit code allows an attacker to gain arbitrary RW (Read Write) and root access. Apple has addressed the eight vulnerabilities at the heart of this exploit package in a security patch it released in May. One affects the IOSurface kernel extension and seven others affect the AppleAVE Driver kernel extension.

An obscure Apple kernel extension patched in July in iOS 10.3.3 was originally built without security measures in place, according to the researcher who privately disclosed the flaws.

Today at the Hack in the Box security conference in Singapore, Zimperium zLabs’ Adam Donenfeld was scheduled to disclose details on seven flaws he found in the AppleAVEDriver.kext, a video encoder kernel extension, as well as another critical issue in the IOSurface.kext.

The entire corpus of science fiction has trained humanity to fear the day when helpful household and industrial robots turn against it, in a Skynet-style uprising. But a much more near-term threat lurks in the age of automation: not that anthropomorphic gadgets will develop minds of their own, but that a very human hacker will take control of them.

Anyone in the information security industry who’s interested in Mac security probably knows who Patrick Wardle is. Apart from being Chief Security Researcher at Synack, he’s also the creator of a number of security tools for macOS, which he makes available for free on his Objective-See project site.

L33tdawg: Check out the demo live at #HITBGSEC next month :)

SAP fixed 23 vulnerabilities across roughly a dozen products on Tuesday, including a series of high-risk flaws that could allow an attacker to gain access to SAP POS, the company’s client/server point-of-sale (PoS) solution.

Keyless entry systems are not uncommon in cars these days but they are also the target of unscrupulous hackers who are able to spoof the signal from a car key fob to open a vehicle’s doors. Now, a group of researchers at the Beijing-based security firm Qihoo 360 has demonstrated that the attack is not only easy to execute, but can be done relatively cheaply as well.

DarkMatter, the international cyber security firm headquartered in the UAE, today announced its participation at the upcoming Hack in the Box (HiTB) Security Conference. Taking place from 10-14 April, 2017 at the NH Grand Krasnapolsky in Amsterdam, DarkMatter will use its presence at this leading computer security conference to showcase its latest offerings in the areas of Cryptographic analysis, Cryptanalysis – in particular side channel analysis, systems vulnerabilities research and penetration testing. DarkMatter will also use this platform to attract top international talent.

Users assume the underlying hardware and software system, mobile antivirus, password managers and encryption technology will protect them from malicious attacks on their communications. Upcoming research at the HITB Security Conference in Amsterdam suggests to think twice before trusting mobile security blindly and shows that security is not a final product, but rather a bumpy process.

Hack In The Box announced an exciting line-up for its annual security conference taking place in Amsterdam on April 13th and 14th. Groundbreaking security research covering new exploit methodology and several zero-days, will be disclosed during the event. These disclosures affect a wide range of technologies from network and mobile security implementations, payment systems, to web browsers and more.