Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Is Qualcomm Facing Another Security Flaw?

May 19, 2016 by  
Filed under Computing

Comments Off on Is Qualcomm Facing Another Security Flaw?

FireEye has found a vulnerability in Qualcomm software packages which are under the bonnet of hundreds of Android phone models.

Google announced this week that it released an Android update to patch shedloads of vulnerabilities, but the advisory mentioned an information disclosure vulnerability in the Qualcomm tethering controller (CVE-2016-2060) that allows a malicious application to access user information.

FireEye said that this vulnerablity is “high severity,” but Google noted that it does not affect Nexus devices. The patch for the issue is not in the Android Open Source Project (AOSP) repository but might make it in the  latest driver updates for affected devices.

The security outfit said that researchers informed Qualcomm about the vulnerability in January and the vendor developed a fix by early March, when it started reaching out to OEMs to let them know about the issue. Now it’s up to the device manufacturers to push out the patch to customers. So probably a long time then.

The flaw exists in an open source software package maintained by Qualcomm and is related to the Android network daemon (netd).

“The vulnerability was introduced when Qualcomm provided new APIs as part of the ‘network_manager’ system service, and subsequently the ‘netd’ daemon, that allow additional tethering capabilities, possibly among other things,” FireEye said.

The flaw has been confirmed to affect devices running Android 5.0 Lollipop and earlier, which currently account for roughly three-quarters of Android devices. Researchers noted that the affected Qualcomm software package is used in a variety of projects, including the popular CyanogenMod, and the vulnerable APIs appear to have been around since at least 2011.

The vulnerability can be exploited to escalate privileges to the built-in “radio” user, which has permissions that are normally not available to a third-party app. The most efficient way to exploit CVE-2016-2060 is via a malicious application that is granted the “ACCESS_NETWORK_STATE” permission.

Courtesy-Fud

Oracle Goes Deeper Into The Cloud

May 13, 2016 by  
Filed under Computing

Comments Off on Oracle Goes Deeper Into The Cloud

Right on the heels of a similar acquisition last week, Oracle has announced it will pay $532 million to buy Opower, a provider of cloud services to the utilities industry.

Once a die-hard cloud holdout, Oracle has been making up for lost time by buying a foothold in specific industries through acquisitions such as this one. Last week’s Textura buy gave it a leg up in engineering and construction.

“It’s a good move on Oracle’s part, and it definitely strengthens Oracle’s cloud story,” said Frank Scavo, president of Computer Economics.

Opower’s big-data platform helps utilities improve customer service, reduce costs and meet regulatory requirements. It currently stores and analyzes more than 600 billion meter readings from 60 million end customers. Opower claims more than 100 global utilities among its clients, including PG&E, Exelon and National Grid.

Opower will continue to operate independently until the transaction closes, which is expected later this year. The union will create the largest provider of mission-critical cloud services to an industry that’s worth $2.3 trillion, Oracle said.

Oracle’s Utilities business delivers applications and cloud services that automate core operational processes and enable compliance for global electric, gas and water utilities.

“Oracle’s industry organizations maintain unique domain knowledge, specialized expertise and focused product investments,” said Rodger Smith, a senior vice president who leads the Utilities global business unit, in a letter to customers and partners. “This model has proven highly successful across several industries, and we look forward to bringing these same benefits to the customers of Opower.”

Source- http://www.thegurureview.net/aroundnet-category/oracle-pushes-deeper-into-cloud-computing-with-another-acquisition.html

Phishing Apps Plague Google Play

May 12, 2016 by  
Filed under Computing

Comments Off on Phishing Apps Plague Google Play

Google’s attempts to safeguard the Android app store — Google Play — are far from perfect, with malicious apps routinely slipping through its review process. Such was the case for multiple phishing applications this year that posed as client apps for popular online payment services.

Researchers from security firm PhishLabs claim that they’ve found 11 such applications since the beginning of 2016 hosted on Google Play, most of them created by the same group of attackers.

The apps are simple, yet effective. They load Web pages containing log-in forms that look like the target companies’ websites. These pages are loaded from domain names registered by the attackers, but because they are loaded inside the apps, users don’t see their actual location.

In some cases attackers registered domain names that are similar to those of the impersonated online payment services, PhishLab Security Threat Analyst Joshua Shilko said in a blog post.

More recently, attackers used domain names similar to those of cryptocurrency companies, suggesting that the cryptocurrency industry is also targeted.

PhishLabs did not name the exact payment card companies and online payment services whose users were targeted by these fake apps. However, most of those companies provide links to their official mobile applications on their websites and users should always use those links instead of manually searching for them on the Play store.

“In one case, a targeted company explicitly states on their website that no mobile application exists for their company and that users should be wary of any mobile application using their brand,” Shilko said.

The danger is that if phishers manage to routinely bypass Google’s review process and upload such apps to the Google Play store, their attacks might extend to other industries in the future.

Another problem is that even when these apps are detected by third-parties and reported, it can take several days for Google to remove them from the app store, leaving a sufficiently large window of opportunity for attackers. It’s not clear how attackers promote these fake apps or if they rely only on users finding them themselves, but in general phishing attacks are most effective during the first several hours after they’re launched.

Source- http://www.thegurureview.net/mobile-category/phishing-apps-continue-to-play-google-play.html

Are Tablets Dead?

May 11, 2016 by  
Filed under Computing

Comments Off on Are Tablets Dead?

There more evidence that tablets were never the game-changer that Steve Jobs tried to peddle them as, and were just the keyboardless netbooks we said they were.

IDC siad that for the first quarter of 2016, overall worldwide tablet shipments fell to 39.6 million, a 14.7 percent drop from the same period a year ago,  However the only part of the segment which did ok were tablets with keyboards – or as we used to call them, netbooks.

IDC said that the decline of ordinary tablets was partly due to traditional first-quarter slumps but also a complete lack of interest on the part of customers.

Traditional tablets accounted for 87.6 percent of all tablet shipments. But tablets that come with detachable keyboards increased of more than 4.9 million units last quarter. That was a gain of 120 percent from the same period last year and an all-time high for tablets with detachable keyboards.

Tablets are dying because more people are buying big-screened phones as an alternative. You remember Fablets? They were what Steve Jobs claimed would never work because they prefered smaller smartphones or bigger tablets. In fact he was talking rubbish and was trying to keep his keyboardless netbook idea going.

IDC said that the newer tablets don’t offer enough new features to entice people to upgrade. After all tablets were always looking for an app which made them useful, which never arrived.

To counteract the downturn, more manufacturers are turning to tablets with detachable keyboards that can thus serve as laptops – on otherwords returning to the netbooks that the Tablets were said to replace.

“With the PC industry in decline, the detachable market stands to benefit as consumers and enterprises seek to replace their aging PCs with detachables,” IDC senior research analyst Jitesh Ubrani said in a statement.

Apple saw its shipments and market share drop but remained in first place. Apple’s latest 9.7-inch iPad Pro and the new 256GB storage option for the 12.9-inch iPad Pro are “healthy additions” to the lineup, IDC said. Samsung also saw its shipments and market share decline. Though the Samsung Galaxy Tab lineup is still popular, its detachable TabPro S is dead in the water thanks to its $900 price tag.

Amazon has found success with its starting-at-$49 Fire, showing that consumers will still buy bargain-priced tablets. Missing from the list was Microsoft in spite of the popularity of its Surface Pro products, which start at $900.

IDC said:

“The Surface line is great. But it’s tough to drive volume in the first quarter. Prices of Surface products are fairly high, but Microsoft is in the top five list for tablets with detachable keyboards. The top five for tablets as a whole is a tougher nut to crack given the large slate volumes compared to detachables.”

Courtesy-Fud

 

T-Mobile Revenue Up

May 6, 2016 by  
Filed under Smartphones

Comments Off on T-Mobile Revenue Up

T-Mobile US Inc reported a better-than-expected 10.6 percent rise in quarterly revenue and raised its forecast for customer additions in 2016 as popular discounts aided the No.3 U.S. wireless carrier by subscribers attract more business.

T-Mobile has been offering cheaper leasing plans and free music and video streaming to lure customers away from larger rivals Verizon Communications Inc and AT&T Inc.

T-Mobile, controlled by Deutsche Telekom, said it added 2.2 million customers on a net basis in the first quarter ended March 31.

That easily topped the average analyst estimate of 1.72 million, according to research firm FactSet StreetAccount.

The company said it expected to add 3.2 million to 3.6 million postpaid customers on a net basis in 2016, compared with its previous forecast of 2.4 million to 3.4 million.

T-Mobile’s 10.6 percent jump in quarterly revenue to $8.6 billion suggested its strategy to boost revenue was working. Analysts on average had expected revenue of $8.43 billion, according to Thomson Reuters I/B/E/S.

In comparison, market leader Verizon’s operating revenue rose just 0.6 percent to $32.17 billion.

AT&T is scheduled to report results later on Tuesday.

T-Mobile reported net income of $479 million, or 56 cents per share, for the first quarter, compared with a loss of $63 million, or 9 cents per share, a year earlier.

Source-http://www.thegurureview.net/mobile-category/t-mobile-revenue-up-continues-attracting-new-customers.html

Did Researchers Create Lifetime Batteries?

May 4, 2016 by  
Filed under Around The Net

Comments Off on Did Researchers Create Lifetime Batteries?

Researchers at the University of California at Irvine (UCI) have accidentally – yes, accidentally – discovered a nanowire-based technology that could lead to batteries that can be charged hundreds of thousands of times.

Mya Le Thai, a PhD candidate at the university, explained in a paper published this week that she and her colleagues used nanowires, a material that is several thousand times thinner than a human hair, extremely conductive and has a surface area large enough to support the storage and transfer of electrons.

Nanowires are extremely fragile and don’t usually hold up well to repeated discharging and recharging, or cycling. They expand and grow brittle in a typical lithium-ion battery, but Le Thai’s team fixed this by coating a gold nanowire in a manganese dioxide shell and then placing it in a Plexiglas-like gel to improve its reliability. All by accident.

The breakthrough could lead to laptop, smartphone and tablet batteries that last forever.

Reginald Penner, chairman of UCI’s chemistry department, said: “Mya was playing around and she coated this whole thing with a very thin gel layer and started to cycle it.

“She discovered that just by using this gel she could cycle it hundreds of thousands of times without losing any capacity. That was crazy, because these things typically die in dramatic fashion after 5,000 or 6,000 or 7,000 cycles at most.”

The battery-like structure was tested more than 200,000 times over a three-month span, and the researchers reported no loss of capacity or power.

“The coated electrode holds its shape much better, making it a more reliable option,” Thai said. “This research proves that a nanowire-based battery electrode can have a long lifetime and that we can make these kinds of batteries a reality.”

The breakthrough also paves the way for commercial batteries that could last a lifetime in appliances, cars and spacecraft.

British fuel-cell maker Intelligent Energy Holdings announced earlier this year that it is working on a smartphone battery that will need to be charged only once a week.

Did Researchers Create Batteries That A Lifetime? : :: TheGuruReview.net ::

Courtesy-TheInq

iPhone SE Goes With Qualcomm Inside

April 8, 2016 by  
Filed under Consumer Electronics

Comments Off on iPhone SE Goes With Qualcomm Inside

Contrary to our previous reports we got a tip that iPhone SE will continue using Qualcomm modems and not change to Intel.

The tear downs will start happening soon but our sources very close to the matter said with high certainly that all iPhone SE come with an updated Qualcomm modem.

Intel is still in the run but apparently Apple still felt confident to continue using Qualcomm even for this generation of the phone. A few analysts did suggested that iPhone 7 and beyond might get Intel LTE hardware, but not with iPhone SE.

Back in December, when we originally wrote that Intel got the iPhone SE deal, our sources did suggest that Apple can still change its mind if it doesn’t feel that Intel modem is ready. This might be the case, but in the future, we are quite confident that Apple will get a second LTE supplier at some point, just as it did with different manufacturing fabs.

Having two suppliers will drive the cost down, and for Apple every dollar or cent they save of components means millions more in its pocket. Apple claims “LTE up to 50 percent faster than iPhone 5s,” but it doesn’t give a real number. The iPhone 5S uses MDM9615 that was first introduced in 2011. This modem is at the technology range of Cat 4, X5 modem that Qualcomm ships in its entry level SoCs or as an external component.

We will have to wait for the first teardowns to appear as it is not easy to get to “ LTE up to 50 percent faster than iPhone 5s.” You would need a modem that is capable of 225 Mbps  and the next of potential candidates for the iPhone SE is the MDM 20nm 9×35. Qualcomm calls this modem X7 these days, it use to call it Gobi back in late 2014 and this is a Cat 6, 300 Mbit per second download and 50 Mbit per second upload capable chip.

The fact that Apple continues the exclusive deal with Qualcomm is bad news for Intel, but we are sure that the team blue will keep working on getting inside of iPhone.

Courtesy-Fud

 

Symantec Has Some Flaws With SEP

April 1, 2016 by  
Filed under Computing

Comments Off on Symantec Has Some Flaws With SEP

Symantec has warned of three serious vulnerabilities in its Endpoint Protection (SEP) software, and is advising users to update their systems.

The bugs affect all builds of the 12.1 version of the SEP software, with the first two flaws allowing authorised but low privilege users of the software to gain elevated and administrative access to the management console, which can be accessed either locally or through a web-based portal.

The third bug is in the sysplant driver and enables users to bypass the SEP’s security controls and run malware and other malicious code on a targeted client machines.

“Exploitation attempts of this type generally use known methods of trust exploitation requiring enticing a currently authenticated user to access a malicious link or open a malicious document in a context such as a website or in an email,” said the security firm.

There have been no recorded exploits of the flaws, so it would appear that Symantec has squashed the bugs before they became a real-world problem for its customers.

The first two bugs were discovered by security researcher Anatoly Katyushin from rival firm Kaspersky Labs, which is a little embarrassing. Discovery of the third bug was credited to the enSilo Research Team.

Symantec advises SEP users to update their software to the 12.1 RU6 MP4 version. It also recommends that users should take precautions and restrict remote access to the management console in order to prevent hackers from attacking client systems through the web portal.

While hackers can direct sophisticated malware at even the most robustly secured systems, exploiting flaws in software offers an easier route into machines and networks, providing hackers get in before the bugs are discovered and patched.

Recent examples can be seen with the discovery of iOS malware which threatens iPhones through an Apple DRM flaw, and an error on Code.org’s website which saw the emails of its volunteers exposed.

Courtesy-TheInq

Is Microsoft A Risk?

February 29, 2016 by  
Filed under Security

Comments Off on Is Microsoft A Risk?

Hewlett Packard Enterprise (HPE) has cast a shade on what it believes to be the biggest risks facing enterprises, and included on that list is Microsoft.

We ain’t surprised, but it is quite a shocking and naked fact when you consider it. The naming and resulting shaming happens in the HPE Cyber Risk Report 2016, which HPE said “identifies the top security threats plaguing enterprises”.

Enterprises, it seems, have myriad problems, of which Microsoft is just one.

“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” said Sue Barsamian, senior vice president and general manager for security products at HPE.

“We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organisation to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.”

Microsoft earned its place in the enterprise nightmare probably because of its ubiquity. Applications, malware and vulnerabilities are a real problem, and it is Windows that provides the platform for this havoc.

“Software vulnerability exploitation continues to be a primary vector for attack, with mobile exploits gaining traction. Similar to 2014, the top 10 vulnerabilities exploited in 2015 were more than one-year-old, with 68 percent being three years old or more,” explained the report.

“In 2015, Microsoft Windows represented the most targeted software platform, with 42 percent of the top 20 discovered exploits directed at Microsoft platforms and applications.”

It is not all bad news for Redmond, as the Google-operated Android is also put forward as a professional pain in the butt. So is iOS, before Apple users get any ideas.

“Malware has evolved from being simply disruptive to a revenue-generating activity for attackers. While the overall number of newly discovered malware samples declined 3.6 percent year over year, the attack targets shifted notably in line with evolving enterprise trends and focused heavily on monetisation,” added the firm.

“As the number of connected mobile devices expands, malware is diversifying to target the most popular mobile operating platforms. The number of Android threats, malware and potentially unwanted applications have grown to more than 10,000 new threats discovered daily, reaching a total year-over-year increase of 153 percent.

“Apple iOS represented the greatest growth rate with a malware sample increase of more than 230 percent.”

Courtesy-TheInq

iOS Developers Warned About Taking Shortcuts

February 10, 2016 by  
Filed under Computing

Comments Off on iOS Developers Warned About Taking Shortcuts

Slapdash developers have been advised not to use the open source JSPatch method of updating their wares because it is as vulnerable as a soft boiled egg, for various reasons.

It’s FireEye that is giving JSPatch the stink eye and providing the warning that it has rendered over 1,000 applications open to copy and paste theft of photos and other information. And it doesn’t end there.

FireEye’s report said that Remote Hot Patching may sound like a good idea at the time, but it really isn’t. It is so widely used that is has opened up a 1,220-wide iOS application hole in Apple users’ security. A better option, according to the security firm, is to stick with the Apple method, which should provide adequate and timely protection.

“Within the realm of Apple-provided technologies, the way to remediate this situation is to rebuild the application with updated code to fix the bug and submit the newly built app to the App Store for approval,” said FireEye.

“While the review process for updated apps often takes less time than the initial submission review, the process can still be time-consuming and unpredictable, and can cause loss of business if app fixes are not delivered in a timely and controlled manner.

“However, if the original app is embedded with the JSPatch engine, its behaviour can be changed according to the JavaScript code loaded at runtime. This JavaScript file is remotely controlled by the app developer. It is delivered to the app through network communication.”

Let’s not all make this JSPatch’s problem, because presumably it’s developers who are lacking.

FireEye spoke up for the open source security gear while looking down its nose at hackers. “JSPatch is a boon to iOS developers. In the right hands, it can be used to quickly and effectively deploy patches and code updates. But in a non-utopian world like ours, we need to assume that bad actors will leverage this technology for unintended purposes,” the firm said.

“Specifically, if an attacker is able to tamper with the content of a JavaScript file that is eventually loaded by the app, a range of attacks can be successfully performed against an App Store application.

Courteys-TheInq

« Previous PageNext Page »