HITBGSEC

An obscure Apple kernel extension patched in July in iOS 10.3.3 was originally built without security measures in place, according to the researcher who privately disclosed the flaws.

Today at the Hack in the Box security conference in Singapore, Zimperium zLabs’ Adam Donenfeld was scheduled to disclose details on seven flaws he found in the AppleAVEDriver.kext, a video encoder kernel extension, as well as another critical issue in the IOSurface.kext.

The entire corpus of science fiction has trained humanity to fear the day when helpful household and industrial robots turn against it, in a Skynet-style uprising. But a much more near-term threat lurks in the age of automation: not that anthropomorphic gadgets will develop minds of their own, but that a very human hacker will take control of them.

L33tdawg: Check out the demo live at #HITBGSEC next month :)

SAP fixed 23 vulnerabilities across roughly a dozen products on Tuesday, including a series of high-risk flaws that could allow an attacker to gain access to SAP POS, the company’s client/server point-of-sale (PoS) solution.

Florian Lukavsky hacks criminals profiting from out-of-control multi-billion dollar CEO wire transfer scams... and they hate him for it.

The director of SEC Consult's Singapore office has made a name striking back at so-called "whaling" scammers by sending malicious Word documents that breach their Windows 10 boxes and pass on identity information to police.

L33tdawg: The slides and whitepaper from Bernhard's #HITBGSEC talk is available here: http://gsec.hitb.org/sg2016/sessions/attacking-software-tokens/

Mobile apps that generate on-screen tokens for two-factor authentication can be examined and cloned by malware, a security researcher warns.

Fraudsters and crooks can take these clones and generate the codes necessary to login into bank accounts and other online services as their victims.