Connect with us

Trading

IOActive Discloses More Vulnerabilities in Popular Stock Trading Applications at Black Hat USA 2018

Published

on

IOActive Discloses More Vulnerabilities in Popular Stock Trading Applications at Black Hat USA 2018

Security researcher Alejandro Hernandez expands his 2017 research on vulnerabilities found in popular mobile trading, desktop and web stock trading applications

IOActive, Inc., the worldwide leader in research-driven security services, today announced new vulnerabilities the research team has discovered in mobile, desktop and web stock trading applications.

IOActive Senior Security Consultant, Alejandro Hernandez, will be presenting his vulnerability findings at Black Hat Las Vegas on Thursday, August 9th at 11am PT in his talk, “Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies.”

His research expands upon his original 2017 research on mobile trading applications. At Black Hat, Hernandez will discuss how he tested several stock trading and cryptocurrency trading technologies including 16 desktop applications, 30 websites, and 34 mobile applications and discovered major vulnerabilities that can allow malicious actors to gain access to a user’s personal banking information through desktop and web applications, steal money and gain insights into net worth and investment strategies.

Hernandez commented, “I published my original research nearly a year ago, and it’s deeply concerning that some of the same vulnerabilities have still not been fixed.”

Similar to his research last year, Hernandez found that the usernames and passwords can easily be stolen from stock trading networks. This year, he found many vulnerabilities including unencrypted authentication, communications, passwords and trading data, and remote Denial of Service (DoS) that can leave applications useless. In addition, he found issues with weak password policies, hardcoded secrets and poor session management.

“Imagine a stock trader in a coffee shop, using public Wi-Fi. An attacker would be able to easily perform a man-in-the-middle attack and identify or modify the network traffic that is unencrypted,” says Hernandez. “For example, the attacker could see the username and password of the trader’s account and later login through a web browser, link his or her bank account, sell the stocks at market price to liquidate the investments, transfer the money, remove the added bank account and log out.”

“Alejandro’s continued research and discovery of major flaws in stock trading technologies will hopefully be a wakeup call to the financial industry,” said Jennifer Steffens, CEO of IOActive. “They need to implement the strong security controls they already have in place for banking applications and follow industry best practices to properly develop mobile, desktop and web applications, and continuously scan them for vulnerabilities.”

All of the vendors impacted by these stock trading vulnerabilities have been notified. IOActive cannot confirm whether or not they are fixed at this point in time.

Trading

Sterling steadies around $1.40, long positions at one-year high

Published

on

Sterling steadies around $1.40, long positions at one-year high 1

LONDON (Reuters) – The pound hit a new three-year high of $1.4050 in early London trading on Monday, before stabilising around the $1.40 level, as bullish investors bet on the UK’s vaccination rollout bringing about an economic recovery.

Sterling rose to its highest levels since April 2018 when it crossed $1.40 on Friday, having risen 2.4% so far in 2021.

Analysts attributed the recent strengthening to the UK’s relative success in providing COVID-19 vaccinations, which is expected to help Britain’s economy rebound from its biggest contraction in 300 years.

Relief that a no-deal Brexit was avoided at the end of 2020 is also supporting the pound, as is a lessening of fears that the Bank of England could introduce negative interest rates.

Speculators added to their net long position for the third week running in the week to Feb. 16, CFTC positioning data showed. The market is at its most bullish in one year.

At 0839 GMT, the pound was at $1.3992, down 0.1% on the day. Versus the euro, it was up around 0.2% at 86.42 pence per euro, having touched a one-year high earlier in the session EURGBP=D3>.

“The move higher in cable this year has been primarily driven by pound strength rather than US dollar weakness,” wrote MUFG currency analyst Lee Hardman in a note to clients.

“If the highs from April 2018 are taken out it will encourage expectations that the pound is adjusting to a new higher equilibrium now that Brexit risks have diminished,” he said. “Whereas if those highs remain in place, market participants may then start to question whether recent pound strength is overshooting and thereby increasing the risk of a correction lower.”

British Prime Minister Boris Johnson will set out a plan on Monday to release the UK from its third national lockdown.

Some 17.6 million people, over a quarter of the 67 million population, have now received a first dose of a COVID-19 vaccine. The UK is behind only Israel and the United Arab Emirates in vaccines per head of population.

The yield on British government bonds jumped on Monday, boosted by the prospect of heavy U.S. fiscal stimulus and the UK economy reopening.

“Markets are still adjusting to the fact that the Bank of England is unlikely to implement negative rates for now, leading to a narrowing of the US-UK 10-year yield differential,” UBS strategists wrote in a note to clients.

 

Sterling steadies around $1.40, long positions at one-year high 2

(Reporting by Elizabeth Howcroft; Editing by Bernadette Baum)

Continue Reading

Trading

FTSE 100 falls as inflation concerns weigh

Published

on

FTSE 100 falls as inflation concerns weigh 3

(Reuters) – London’s FTSE 100 fell on Monday as higher commodity prices sparked fears of a spike in inflation, while investors awaited Prime Minister Boris Johnson’s plan for a phased easing of business restrictions.

The blue-chip FTSE 100 fell 0.6%, led by declines in consumer staples and industrials stocks.

Oil heavyweights BP and Royal Dutch Shell dipped 0.1% and 0.3%, respectively, despite higher crude prices. [O/R]

Johnson will plot a path out of COVID-19 lockdown on Monday in an effort to gradually reopen the battered $3 trillion economy, aided by one of the fastest vaccine rollouts in the world.

The mid-cap index fell 0.3%, led by declines in financials and industrials stocks.

British Airways-owner IAG rose 1.1% after it said it raised total liquidity by 2.45 billion pounds ($3.4 billion), reaching final agreement for a 2-billion-pound loan, and through a deal to defer 450 million pounds of pension deficit contributions.

Pub operator Mitchells & Butlers shed 0.5% as it reported a plunge in sales due to all its sites having been forced shut under the latest lockdown.

(Reporting by Shivani Kumaresan in Bengaluru; editing by Uttaresh.V)

Continue Reading

Trading

Shares turn cautious as bond yields, commodities surge

Published

on

Shares turn cautious as bond yields, commodities surge 4

By Wayne Cole

SYDNEY (Reuters) – Asian shares turned mixed on Monday as expectations for faster economic growth and inflation globally battered bonds and boosted commodities, while rising real yields made equity valuations look more stretched in comparison.

MSCI’s broadest index of Asia-Pacific shares outside Japan went flat, after slipping from a record top last week as the jump in U.S. bond yields unsettled investors.

Japan’s Nikkei recouped 0.8% and South Korea 0.1%, but Chinese blue chips lost 1.4%.

S&P 500 futures dipped 0.1% and EUROSTOXX 50 futures 0.3%, while FTSE futures fell 0.7%.

Bonds have been bruised by the prospect of a stronger economic recovery and yet greater borrowing as President Joe Biden’s $1.9 trillion stimulus package progresses.

“Yield curves have continued to steepen, as COVID infection rates decline further, reopening plans are discussed and a large U.S. fiscal stimulus package looks likely,” said Christian Keller, Barclays’ head of economics research.

“This in principle signals a better medium-term growth outlook for the U.S. and beyond, as other core yields curves are moving in the same direction,” he added. “Meanwhile, central banks seem set to look through this year’s inflation increase, keeping the curves’ front end anchored.”

Federal Reserve Chair Jerome Powell delivers his semi-annual testimony before Congress this week and is likely to reiterate a commitment to keeping policy super easy for as long as needed to drive inflation higher.

European Central Bank President Christine Lagarde is also expected to sound dovish in a speech later Monday.

Yields on 10-year Treasury notes have already reached 1.38%, breaking the psychological 1.30% level and bringing the rise for the year so far to a steep 43 basis points.

Analysts at BofA noted 30-year bonds had returned -9.4% in the year to date, the worst start since 2013.

“Real assets are outperforming financial assets big in ’21 as cyclical, political, secular trends say higher inflation,” the analysts said in a note. “Surging commodities, energy laggards in vogue, materials in secular breakouts.”

A COPPER-PLATED RECOVERY

One of the stars has been copper, a key component of renewable technology, which shot up 7.7% last week to a nine-year peak. Even the broader LMEX base metal index climbed 5.5% on the week.

Oil prices have gone along for the ride, aided by tightening supplies and freezing weather, giving Brent gains of 22% for the year so far. [O/R]

On Monday, Brent crude futures were up another 66 cents at $63.57 a barrel, while U.S. crude added 51 cents to $59.75.

All of which has been a boon for commodity-linked currencies, with the Canadian, Australian and New Zealand dollars all sharply higher for the year so far.

Sterling reached a three-year top at $1.4050, aided by one of the fastest vaccine rollouts in the world. British Prime Minister Boris Johnson is due to outline a path from COVID-19 lockdowns on Monday.

The U.S. dollar index has been relatively range-bound, with downward pressure from the country’s expanding twin deficits balanced by higher bond yields. The index was last at 90.342, not far from where it started the year at 90.260.

Rising Treasury yields has helped the dollar gain somewhat on the yen to 105.60, given the Bank of Japan is actively restraining yields at home.

The euro was steady at $1.2120, corralled between support at $1.2021 and resistance around $1.2169.

One commodity not doing so well is gold, partly due to rising bond yields and partly as investors question if crypto currencies might be a better hedge against inflation. [GOL/]

The precious metal stood at $1,783 an ounce, having started the year at $1,896. Bitcoin was off 2.2% on Monday at $56,209, but started the year at $19,700.

(Editing by Shri Navaratnam and Jacqueline Wong)

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

Creating a B2B lead generation strategy in the Covid economy 5 Creating a B2B lead generation strategy in the Covid economy 6
Business17 mins ago

Creating a B2B lead generation strategy in the Covid economy

By Petra Smith, Founder and Managing Director of marketing agency Squirrels&Bears The pandemic has transformed the relationship driven B2B environment in...

Estate planning for wealthy celebrities or UHNWIs 7 Estate planning for wealthy celebrities or UHNWIs 8
Investing23 mins ago

Estate planning for wealthy celebrities or UHNWIs

By Sean Sheridan, Client Director, ZEDRA Isle of Man Estate planning often gets pushed aside…sometimes with disastrous knock-on effects for...

British Airways owner IAG says pensions deal, loan help boosts liquidity 9 British Airways owner IAG says pensions deal, loan help boosts liquidity 10
Business1 hour ago

British Airways owner IAG says pensions deal, loan help boosts liquidity

By Sarah Young LONDON (Reuters) – British Airways-owner IAG said on Monday it had raised total liquidity by 2.45 billion...

Fortinet Expands Integration of Cloud Security Offerings with Microsoft Azure to Provide Advanced Protection Fortinet Expands Integration of Cloud Security Offerings with Microsoft Azure to Provide Advanced Protection
Technology1 hour ago

Viewpoint: Autonomous Cloud Security 

By Scott Dodds, CEO Ultima  Moving to the cloud securely remains a significant challenge of flexible working  While the end...

HSBC reshuffles top jobs ahead of strategy update 11 HSBC reshuffles top jobs ahead of strategy update 12
Business2 hours ago

HSBC reshuffles top jobs ahead of strategy update

LONDON (Reuters) – HSBC on Monday reshuffled several of its top regional executive roles, as it prepares to announce full...

Breakdown of Global Trends: The Current State of Female Professionals Working in Accountancy 13 Breakdown of Global Trends: The Current State of Female Professionals Working in Accountancy 14
Business2 hours ago

Breakdown of Global Trends: The Current State of Female Professionals Working in Accountancy

By Sarah-Jane McQueen, General Manager of the accountancy course comparison website CoursesOnline. Accountancy is a strong sector, which is growing on...

Hackers can now empty out ATMs remotely – what can banks do to stop this? 15 Hackers can now empty out ATMs remotely – what can banks do to stop this? 16
Banking2 hours ago

Hackers can now empty out ATMs remotely – what can banks do to stop this?

By Elida Policastro, Regional Vice President for Cybersecurity, Auriga In 2010, the late Barnaby Jack famously exploited an ATM into...

Surging industry expectations drive up German business morale 17 Surging industry expectations drive up German business morale 18
Business2 hours ago

Surging industry expectations drive up German business morale

BERLIN (Reuters) – German business morale rose by far more than expected in February, hitting its highest level since October...

Vodafone's Czech subsidiary held talks on cooperating with utility CEZ 19 Vodafone's Czech subsidiary held talks on cooperating with utility CEZ 20
Business2 hours ago

Vodafone’s Czech subsidiary held talks on cooperating with utility CEZ

PRAGUE (Reuters) – Vodafone’s Czech subsidiary said on Monday it had held talks with state-controlled energy utility CEZ regarding strategic...

Think Local: The Marketing Trend of The Pandemic  21 Think Local: The Marketing Trend of The Pandemic  22
Business2 hours ago

Think Local: The Marketing Trend of The Pandemic 

By Sarah Bryers, Head of Experiential, TMW UNLIMITED’s The term ‘localism’ may not have been used as widely as ‘social...

Newsletters with Secrets & Analysis. Subscribe Now