Tag Archive for: Brokers

Stock brokers to report cyber threats within 6 hours of detecting them: Sebi

/in


Market regulator Sebi has asked stock brokers and depositories participants to report all cyber attacks, threats and breaches experienced by them within six hours of detecting such incidents.

The incident will also be reported to the Indian Computer Emergency Response team (CERT-In) in accordance with the guidelines issued by CERT-In from time to time, Sebi said in a circular.

Additionally, the stock brokers and depository participants, whose systems have been identified as ‘protected system’ by National Critical Information Infrastructure Protection Centre (NCIIPC) will also report such incidents to NCIIPC.

“All cyber attacks, threats, cyber incidents and breaches experienced by stock brokers/ depositories participants shall be reported to stock exchanges/ depositories and Sebi within six hours of noticing/ detecting such incidents or being brought to notice about such incidents,” Sebi said in the circular.

The quarterly reports containing information on cyber attacks, threats, cyber incidents and breaches experienced by the stock brokers and depository participants and measures taken to mitigate the vulnerabilities, including information on bugs vulnerabilities, threats that may be useful for others, will have to be submitted to the exchanges and depositories within 15 days from the end of every quarter.

Earlier this month,  the capital markets regulator tweaked the cyber security and cyber resilience framework for asset management companies (AMCs) and mandated them to conduct a comprehensive cyber audit at least twice in a financial year.

AMCs have been asked…

Source…

Data Brokers Track Abortion Clinic Visits for Anyone to Buy

/in


If the war in Ukraine and Russia’s still-unfolding atrocities there didn’t offer enough fodder for doomscrolling, this week supplied a new dose of domestic crisis: A leaked Supreme Court draft decision that would overturn Roe v. Wade, demolishing a ruling that has served as a cornerstone of reproductive rights for nearly five decades. And this crisis, too, will play out in the digital realm as much as the physical and legal ones.

WIRED’s Lily Hay Newman responded to the news with a guide to protecting your privacy if you’re seeking an abortion in a near-future world in which Roe has in fact been overturned. As right-wing pundits demand the Supreme Court leaker’s prosecution, meanwhile, we analyzed the laws concerning leaks of unclassified government information like a draft court ruling and found that there’s no clear statute criminalizing that sort of information sharing. And law professor Amy Gajda walked us through the history of Supreme Court information leaks, which stretches back hundreds of years.

As Russia’s war in Ukraine grinds on, we looked at how small, consumer-grade drones are offering a defensive tool to Ukrainians that they’re exploiting as in no other war in history. And further abroad in India, a battle is taking shape between VPN firms and the Indian government, which is demanding they hand over users’ data. Meanwhile, the country’s new “super app,” Tata Neu, has sparked user privacy concerns.

And there’s more. As we do every week, we’ve rounded up all the news that we didn’t break or cover in-depth. Click on the headlines to read the full stories. And stay safe out there.

If Roe‘s precedent ceases to protect people seeking abortions across the United States, the question of who can digitally surveil those seeking abortions and abortion providers—and how to evade that surveillance—will become a civil liberties battle of the highest urgency. This week, Motherboard’s Joseph Cox fired the opening salvos of that battle with a series of stories about data brokers who offer to sell location data that include individuals’ visits to abortion clinics and Planned Parenthood offices, an egregious form of surveillance capitalism with immediate human consequences….

Source…

Burned by Apple, researchers mull selling zero days to brokers

/in


Mounting frustration with the Apple Security Bounty program could have tangible consequences for the tech giant, as some security researchers said they are considering selling their vulnerability discoveries to zero-day brokers and other third parties.

Since Apple launched its bug bounty program to the public in 2019, several security researchers have criticized the program for a variety of issues. The most visible recent example of this frustration came when researcher Denis Tokarev, who goes by the handle “illusionofchaos,” publicly disclosed three apparent zero-day iOS vulnerabilities, along with a scathing critique of Apple’s bug bounty program. In a blog post, Tokarev accused Apple of not properly crediting him for finding flaws and criticized the company’s communication practices.

Soon after, another researcher known as “impost0r” with the not-for-profit reverse-engineering group Secret Club dropped an apparent macOS vulnerability, along with instructions on how to exploit it.

They are not the first to publicly post zero days after being disgruntled with a vendor. Frustrations with the Apple Security Bounty (ASB) are far from new, but recent events have ignited a new wave of criticism against the tech giant.

Researcher frustrations

Several security researchers who either work or have worked with Apple in the past criticize the company for communication and recognition issues in ASB, and a few expressed a willingness to work with third parties such as zero-day brokers following these frustrations.

Apple Security Bounty began in 2016 as an invite-only bug bounty program for researchers to submit vulnerabilities and exploits to Apple in exchange for monetary rewards. In 2019, zero-day submission became publicly accessible.

According to Apple’s website, the maximum payouts for vulnerabilities vary. For anything that enables “unauthorized access to iCloud account data on Apple Servers,” the maximum payout is $100,000. On the high end, Apple will pay up to $1 million for a “zero-click remote chain with full kernel execution and persistence, including kernel PAC bypass, on latest shipping hardware.”

SearchSecurity spoke with several researchers who have submitted bugs to…

Source…

Freight brokers urged to increase security in light of pipeline cyberattack

/in


The cyberattack that temporarily shut down the Colonial Pipeline this month serves as a stark reminder that all industries are prone to security threats. A single attack brought the nation to a crawl. Just think of the damage one could cause your operation.

In today’s data-rich transportation and logistics industry, information flows freely from network to network. This is especially true for freight brokerages, which transact large amounts of information both electronically and in the cloud. 

In light of the recent cyberattack, Jamie Cannon, Reliance Partners’ vice president of third-party logistics (3PL), urges freight brokers to examine their cyber risk and insure themselves against damages resulting from such attacks.

Regardless of size, even companies that aren’t household names find themselves victims of digital sabotage, leaving some with heavy financial losses. Though they seem random in nature, these attacks are very much calculated. 

Freight brokers, according to Cannon, hold treasure troves of knowledge on their customers, including sensitive pricing and payment information from shippers and motor carriers. She attests that this puts brokers at an even greater risk than trucking companies.

It’s still unclear how exactly Colonial Pipeline’s network was infiltrated, but cyberattacks are typically perpetuated by similar methods.  

While firewalls are exceptionally good at preventing unauthorized access to one’s network, many hackers gain entry when the door is opened to them. All it takes is the miscue of one employee to inadvertently welcome a host of bad individuals, ultimately compromising the entire network. 

Cannon said, added that the work-from-home business model has put many companies at risk since networks are being accessed from nonsecure locations. 

Phishing is a common method used by hackers to gain access to company data. This often involves baiting unsuspecting employees with emails that can look quite legitimate. “A lot of people are opening [suspicious] emails. There’s certain emails that they shouldn’t respond to, like urgent gift card or wire transfer requests from someone posing as their CEO or…

Source…