Month: September 2015

SAP Afaria vulnerability puts at risk over 130 million devices and data

Hackers do not miss an opportunity of creating havoc in the lives of unsuspecting technology users. And, when this opportunity comes to them in the form of vulnerability in specific software, they have even more to rejoice about at our cost. Revelation from ace enterprise software maker SAP has once again left users in a lurch and thinking whether there is anything in the tech world that can be termed as 100% safe. SAP’S mobile device management program Afaria, used by over 6300 companies worldwide, connects mobile devices to the company networks and secures the devices from threats and risks. A critical weakness in the form of ‘authorization bypass vulnerability’ has been found in this system that has the potential to offer grounds to hackers to attack the phones of high-level executives in an organization simply by sending a connection request (SMS) to Afaria servers. Once the connection is established, the hacker can easily use the administrator status to wipe the data in particular devices, disable its Wi-Fi, lock it and even learn the location of the user. Yes, this is indeed a scary situation and companies that are using this mobile management system need to pay attention to the security and confidentiality of their devices and data. Here’re a few significant aspects of the SAP Afaria vulnerability: A hacker can send a connection request to the Afaria server...

Read More

Hackers manipulate Xcode; Apple pulls down infected apps from the App Store

Overcoming bigger hurdles give better satisfaction. While this is true in our daily lives, it seems that hackers are presently the ones making the most of this common saying. And bearing the brunt, people on the other side of the fence are iTunes App Store users who’ve unsuspectingly downloaded apps that are laden with malware. This time around, the app developers are also facing the heat as they have been conned into downloading the manipulated version of Apple’s software development kit, Xcode. As per the latest reports, the affected apps were all developed in China. The modus operandi that the cyber crooks applied this time was to lure the app developers into using the Xcode version that they (the hackers) had maneuvered by playing around with the security features. While the legitimate Xcode kit is also available for free, app developers blundered in the pursuit of retrieving the software faster than they could from the original Apple’s website. Although they couldn’t figure out the mistake that time, it was later that they realized that the apps they created were in fact affected and had the potential to steal customers’ iCloud passwords and create even bigger messes due to this. As a first step towards combating the threat, Apple pulled down all the infected apps from its app store. In a statement released to the media, Apple shared that “We’ve...

Read More

Here’s what to expect from the recently launched Google’s Android Pay

Google has recently launched its one-touch payment app, Android Pay, across 1 million locations in the United States. Users having Android-based devices with NFC (near-field communication) technology can use this app to pay for their purchases. With the release of Android Pay, Google enters into direct competition with Apple’s offering –Apple Pay. At a quick glance, here’s what you get to enjoy with Android Pay: Locations where you could shop using Android Pay include retailers such as Whole Foods, Walgreens, Macy’s, GameStop, Staples, etc. It will support debit and credit card from MasterCard, Visa, Discover Financial Services, PNC, and American Express. It will also store loyalty and gift cards on phones with Android software. To keep the transactions secured, the service is supported by ‘tokenisation’ card-security service. This service helps prevent theft instances by replacing credit card details with random unidentifiable numbers at the time when a user attempts to make a purchase using this service. This app will come pre-installed on NFC-enabled phones from carriers like AT&T, Verizon and T-Mobile US. Android Pay will work on phones that run Android 4.4 KitKat or above. Users that are already using Google Wallet will soon receive an update that will morph the app into Android Pay, Google’s latest payment service. Presently, this service is open for all tap-to-pay purchases in the physical stores mentioned above; Google is working on facilitating...

Read More

After hacking Bugzilla, hackers are now targeting Mozilla Firefox users

In the latest incident of data hacking, Mozilla users have had to bear the brunt after the bug tracking and testing tool Bugzilla was infringed. The hackers, after stealing sensitive data from the tool, used it to attack Mozilla Firefox users sending them into panic mode. For the uninitiated, Bugzilla is an open source program that is mostly public except for security-sensitive data that is only restricted for a select few. Through this program, Mozilla tracks bugs in software that trigger the display of unexpected results when a user is using the Firefox browser. To curb the reach of the hackers and to minimize the damage caused to users, Mozilla promptly shut down the account that was infiltrated and a high level investigation has also been initiated. While not much was known about the plans of the hackers and the impact this breach instance has had on the users, it is interesting to note that several other tech giants are also using the Bugzilla program as it is an open source platform. The names of organizations in this list include Red Hat, Apache, Gnome, LibreOffice and Eclipse, among others. In a statement issued by Mozilla officials, they reiterated that “We are updating bugzilla’s security practices to reduce the risk of future attacks of this type. As an immediate first step, all users with access to security-sensitive information have been...

Read More