64 matches found
Two Hackers Charged with Hacking SEC System in Stock-Trading Scheme
The U.S. authorities have charged two Ukrainian hackers for hacking into the Securities and Exchange Commission's EDGAR filing system and stealing sensitive market-moving reports of companies before their public release. EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online...
Two Hackers Charged with Hacking SEC System in Stock-Trading Scheme
The U.S. authorities have charged two Ukrainian hackers for hacking into the Securities and Exchange Commission's EDGAR filing system and stealing sensitive market-moving reports of companies before their public release. EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online...
Rakuten Securities MARKETSPEED Security Load Dynamic Link Library Vulnerability
Rakuten Securities MARKETSPEED is a foreign exchange-specific trading tool from Japan's Rakuten Securities Rakuten Securities. A security vulnerability exists in the installer in Rakuten Securities MARKETSPEED version 16.4 and earlier. An attacker could exploit the vulnerability to execute...
JVN#78422300: The installer of MARKET SPEED may insecurely load Dynamic Link Libraries
The installer of MARKET SPEED provided by Rakuten Securities, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...
Oracle Financial Services Applications FLEXCUBE Core Banking Component Unauthorized Operation Vulnerability
Oracle Financial Services Applications is a set of Oracle's core banking, online banking and property management financial services software. FLEXCUBE Core Banking is one of the core banking components. A security vulnerability exists in the Securities subcomponent of the FLEXCUBE Core Banking...
“Equi-Facts”: Equifax Clarifies the Numbers for Its Massive Breach
As companies continue to install the vulnerable version of Apache Struts behind the breach, Equifax has filed a clarification statement. The number of impacted U.S. consumers from the infamous 2017 Equifax data breach now totals about 147.9 million, and the breach has touched almost every adult i...
CVE-2018-2807
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications subcomponent: Securities. Supported versions that are affected are 11.5.0, 11.6.0 and 11.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
HYPER SBI Untrustworthy Search Path Vulnerability
SBI SECURITIES HYPER SBI is an online trading tool for stock securities provided by SBI SECURITIES in Japan. An untrustworthy search path vulnerability exists in SBI SECURITIES HYPER SBI 2.2 and earlier versions. An attacker can exploit this vulnerability to gain privileges with the help of a...
JVN#71284826: Installer of HYPER SBI may insecurely load Dynamic Link Libraries
HYPER SBI provided by SBI SECURITIES Co.,Ltd. is a trading tool. Installer of HYPER SBI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...
Three Chinese Hackers Fined $9 Million for Stealing Trade Secrets
Hackers won't be spared. Three Chinese hackers have been ordered to pay $8.8 million £6.8 million after hacking email servers of two major New York-based law firms to steal corporate merger plans in December 2016 and used them to trade stocks. The U.S. District Judge Valerie Caproni in Manhattan...
JVN#82619692: Access CX App fails to verify SSL server certificates
Access CX App provided by NISSAN SECURITIES CO., LTD. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...
FDA, DHS Investigating St. Jude Device Vulnerabilities
The U.S. government has entered into the St. Jude-MedSec-Muddy Waters fray with an investigation into claims St. Jude medical devices are vulnerable to cyberattacks. The Food and Drug Administration and Department of Homeland Security also apparently disapprove of the approach taken by MedSec and...
JVN#40898764: DMM.com Securities FX Apps for Android fail to verify SSL server certificates
Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the informati...
About Apache Struts 2 S2-0 3 2 vulnerability threat monitoring and emergency disposal of the case Bulletin-vulnerability warning-the black bar safety net
4 the end of the month, the Apache struts2 S2-0 3 2 remote code execution vulnerability CNVD-2 0 1 6-0 2 5 0 6, The CVE-2 0 1 6-3 0 8 1, hereinafter referred to as S2-0 3 2 vulnerability, the exploit code is disclosed and in a short time spread rapidly. CNVD Secretariat-National Internet emergenc...
Animals for Toddlers and Kids - Dynamic Code Loading, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Animals for Toddlers and Kids published at the 'play' market has multiple vulnerabilities...
securities.com XSS vulnerability
Vulnerable URL: http://www.securities.com/internal/sitelogon.html?callback=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 81578 Google Pagerank| 7 VIP website status...
用友某系统通用漏洞涉及多家银行、证券、能源行业、企业
简要描述: 用友某系统通用漏洞可以读取配置文件 详细说明: 用友某系统通用漏洞涉及多家银行、证券、能源行业、企业 测试了部分网站,还有大量的网站存在此漏洞 http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?rpc=true http://nc.hbny.com.cn:9090/hrss/dorado/smartweb2.RPC.d?rpc=true http://59.173.0.46:8070/hrss/dorado/smartweb2.RPC.d?rpc=true...
account.rakuten-sec.co.jp Open Redirect vulnerability
Vulnerable URL: http://account.rakuten-sec.co.jp/cgi-bin/btracking?URL=https://www.xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 25.04.2016 Latest check for patch:| 25.04.2016 14:12 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank|...
Hack That Fueled Insider Trading Ring Netted $100M
Hackers based in Ukraine and Russia allegedly broke into servers belonging to several newswires and passed sensitive information onto an underground trading ring as part of what’s being referred to as an unprecedented new level of insider trading. Prosecutors claimed Tuesday that corporate...
Cybersecurity and the Financial Services Industry
2014 is the year that the US Securities and Exchange Commissions Office of Compliance Inspections and Examinations OCIE is turning its focus to cybersecurity, a looming threat to any and all companies that utilize the internet. In case you missed my last post, back in March the OCIE hosted a...