Tag Archive for: days

Ransomware attack took down R2 trillion investment company for five days

/in


Curo Fund Services is investigating the cause behind the ransomware attack it suffered last week, according to a report from the Sunday Times.

The investment administration provider was unable to access its systems for five days as a result of the attack.

Curo has around R2 trillion in assets under its management. While the money was not at risk, the outage prevented Curo’s financial service provider clients from processing investment-related instructions or offering other services.

Its asset management clients include Old Mutual, Sanlam Investments, and Futuregrowth Assets.

Futuregrowth Assets halted all trading to protect its clients from potential exposure until Curo resolved the crisis five days later.

“Curo forms part of the core value chain within our trade cycle, investment administration, NAV pricing and reporting,” the Sunday Times quoted Futuregrowth Assets as saying.

“Our clients’ investments were safe, but our client flows were impacted, and our ability to report on daily valuations to clients were suspended during this period.”

Futuregrowth has R186 billion in assets under Curo’s management and said that none of its clients’ data or investments were compromised.

Old Mutual has assets worth R1.3 trillion under Curo’s management.

“During this period, the outage affected Curo’s ability to provide us with prices for some of our Old Mutual Unit Trust portfolios,” Old Mutual said.

“We are in the process of applying the updated prices to those portfolios, for those customers who transacted.”

“No individual customer data or investments were compromised as personal client data resides on Old Mutual systems and is not shared with Curo,” it added.

The attack is believed to have occurred on 19 January, and Curo regained full access to its systems the following Monday, 24 January.

The investment administration provider has launched an investigation “to establish the origin, nature and scope of this incident so as to assess any data breaches”.

“We have already implemented additional security measures to protect against further unauthorised access, and we will continue monitoring for any suspicious activity,” the company said.

“Based on…

Source…

British terrorist was hunted by cops days BEFORE he flew to New York

/in


Faiisal Akram, 44, from Blackburn who was the gunman in the hostage situation at a Texas and able to enter the US despite being a career criminal and a religious extremist who was a regular at protests to free Muslim prisoners

Britain and the US were today accused of ‘dropping the ball’ after letting career criminal Malik Faisal Akram fly to New York despite police already hunting for him and his links to a religious sect banned in Saudi Arabia for attempts to ‘purify Islam’.

The Blackburn terrorist, 44, was shot dead in Texas on Saturday night after a 10-hour siege at the Congregation Beth Israel synagogue in Colleyville where he took a rabbi and three of his congregation hostage with a handgun and claiming to be carrying a suicide bomb.

Today it emerged that Akram became known to counter-terrorism police after becoming ‘completely obsessed’ with Islam and displayed extreme and disruptive behaviour at Friday prayers during his most recent spell in prison.

He was also a regular at anti-Israel demonstrations and marches for the release of Muslim prisoners at Guantanamo Bay, having first been put behind bars in 1996 as a juvenile delinquent and going in and out of prison for 16 years until he found religion. 

In 2001 he was banned from his local court, where he was a regular in the dock, for turning up to abuse staff and ranting about 9/11. He was a regular visitor to Pakistan and reportedly a member of the Tablighi Jamaat group, set up to ‘purify’ Islam and banned from Saudi after the kingdom described the group as a ‘gateway to terrorism’.

One US senator, briefed on the case the Department for Homeland Security and a former Pentagon official, told The Daily Telegraph today: ‘Certainly someone let the ball drop.’ 

The security services were today accused of a serious ‘intelligence failure’ after a British Islamist was able to travel to the US – and MailOnline can reveal that about a fortnight ago, police were looking for him at the Manchester home he shares with his six children.  

One of the hostages at the Congregation Beth Israel in, Colleyville, Texas, was released and taken to his family. Authorities have said all hostages are now out and safe after the terrorist was shot

One of the hostages at the Congregation Beth Israel in, Colleyville, Texas

Police are piecing together the terrorist’s final movements after arriving at JFK airport by January 2…

Source…

Burned by Apple, researchers mull selling zero days to brokers

/in


Mounting frustration with the Apple Security Bounty program could have tangible consequences for the tech giant, as some security researchers said they are considering selling their vulnerability discoveries to zero-day brokers and other third parties.

Since Apple launched its bug bounty program to the public in 2019, several security researchers have criticized the program for a variety of issues. The most visible recent example of this frustration came when researcher Denis Tokarev, who goes by the handle “illusionofchaos,” publicly disclosed three apparent zero-day iOS vulnerabilities, along with a scathing critique of Apple’s bug bounty program. In a blog post, Tokarev accused Apple of not properly crediting him for finding flaws and criticized the company’s communication practices.

Soon after, another researcher known as “impost0r” with the not-for-profit reverse-engineering group Secret Club dropped an apparent macOS vulnerability, along with instructions on how to exploit it.

They are not the first to publicly post zero days after being disgruntled with a vendor. Frustrations with the Apple Security Bounty (ASB) are far from new, but recent events have ignited a new wave of criticism against the tech giant.

Researcher frustrations

Several security researchers who either work or have worked with Apple in the past criticize the company for communication and recognition issues in ASB, and a few expressed a willingness to work with third parties such as zero-day brokers following these frustrations.

Apple Security Bounty began in 2016 as an invite-only bug bounty program for researchers to submit vulnerabilities and exploits to Apple in exchange for monetary rewards. In 2019, zero-day submission became publicly accessible.

According to Apple’s website, the maximum payouts for vulnerabilities vary. For anything that enables “unauthorized access to iCloud account data on Apple Servers,” the maximum payout is $100,000. On the high end, Apple will pay up to $1 million for a “zero-click remote chain with full kernel execution and persistence, including kernel PAC bypass, on latest shipping hardware.”

SearchSecurity spoke with several researchers who have submitted bugs to…

Source…

Kaspersky tracks Windows zero days to ‘Moses’ exploit author

/in


New research by Kaspersky Lab shows a rise in APT groups leveraging exploits to gain initial foothold in a target network, including recent, high-profile zero-day vulnerabilities in Microsoft Exchange Server as well as Windows.

The security vendor released its APT Trends Report Q2 Thursday, which documented an uptick in certain activity over the last few months. Researchers found that advanced persistent threat (APT) groups  committed several supply chain attacks in recent months. For example, Kaspersky found the Chinese-speaking APT group it tracks as “BountyGlad” compromised a digital certificate authority in February. According to the report, the group demonstrated an increase in “strategic sophistication with this supply-chain attack.” 

However, one of the most significant trends was a shift in tactics. Kaspersky researchers found that while APT groups mainly use social engineering to gain an initial foothold, Q2 saw an increase in using zero days and exploits. Several of the zero-days, including two Windows vulnerabilities that were patched earlier this year, were traced to an exploit developer Kaspersky has dubbed “Moses.”

“Various marks and artifacts left in the exploit mean that we are also highly confident that CVE-2021-1732 and CVE-2021-28310 were created by the same exploit developer that we track as “Moses”,” the report said.

Both are Microsoft Windows zero days that received a CVSS score of 7.8 and designated as elevation of privilege vulnerabilities.

Kaspersky had previously identified Moses in its APT Trends Report for Q1. According to the Q2 report, “Moses” appears to make exploits available to several APTs, but so far researchers have only confirmed two groups that have  utilized exploits developed by Moses: Bitter APT and Dark Hotel.

Kaspersky researchers David Emm and Ariel Jungheit told SearchSecurity that they are two distinct groups, and it is unclear why Moses presumably worked with them. However, one of the groups’ targets appears to be known.

“In the case of Bitter APT, our telemetry indicates that the exploits have been used against targets inside Pakistan, though they could have been used against targets inside China also,” Emm and Jungheit…

Source…