Author: Leigh

A huge trove of data, containing the personal information of millions of South Africans, including property ownership, employment history, income and company directorships, has been discovered by information security researcher Troy Hunt.

Hunt, the founder of HaveIbeenPwned.com, said the breach contains data of more than 30-million unique South African ID numbers.

The data trove was discovered among a large dump of other breaches, and Hunt could identify it as South African source by the personal address details contained in it. He said that to date he hasn’t seen it offered for sale, but that “it is definitely floating around between traders”.

The date of the database file indicates that the breach took place in March 2017, or perhaps before. The actual data includes information from at least as far back as the early 1990s.

Hunt is now attempting to identify the source of the database and has shared its headers to help get to the bottom of it. The headers can be viewed here.

Some of the data headers seem to indicate that the source may be government, but this is not definitive. It may be that this information is from a commercial entity such as a bank or credit bureau.

Once the owner of the data is identified and informed, Hunt will upload the info to his HaveIbeenPwned service (although he notes that the data only includes around 2,2-million valid e-mail addresses).

By Andrew Fraser for Tech Central 

Nedbank, Telkom, Discovery and Investec are among top South African listed companies with the most exposure to cybersecurity risks.

This is according to a new research report from the Cyber Intelligence Research Group, the results of which are being released on Monday at CyberCon, a cybersecurity conference in Johannesburg.

The Cyber Exposure Index (CEI) was launched in Singapore earlier this month. Over the next few months, indices for eleven major global stock exchanges outside of the US will be released. Following the release of the Singaporean and Finnish indices, the South African index is the third to be published.

In the ICT sector, those scoring a 4 included Telkom, MTN and EOH. Mix Telematics, Vodacom, Huge Group, Mustek, Adapt IT, Blue Label Telecoms and Naspers all scored 3
The CEI scores listed companies on their levels of exposure. South African companies received an average exposure rating of 1.9.

The index aggregates data that is publicly available through the dark and deep Web, or as the result of third-party data breaches. This data is used to identify top listed companies’ vulnerability to hacker group activity, disclosed sensitive information and leaked credentials.

Companies are then scored from 0-5, where 0 indicates no exposure and 5 places a company among the 1% of firms with the most exposure.

While no South African company scored a 5, many household names — from Sasol to Liberty Holdings and from Woolworths to Anglo American — scored a 4.

ICT sector

In the ICT sector, those scoring a 4 included Telkom, MTN and EOH. Mix Telematics, Vodacom, Huge Group, Mustek, Adapt IT, Blue Label Telecoms and Naspers all scored 3. ICT companies scoring at the other end of the scale, with 0, included Alviva Holdings (formerly Pinnacle Holdings) and Labat Africa.

Telecommunications companies have among the highest levels of exposure in South Africa at 13.1%, compared to the global average of 2.4%, according to the researchers.

 

 

South Africa’s global relative cyber exposure by industry, according the Cyber Exposure Index

South African companies have received an average exposure rating of 1.9 in the debut results of the Cyber Exposure Index
The company responsible for the index, Kinkayo, is a Singapore-based cyber intelligence organisation founded by professionals in the cybersecurity field.

The CEI has been developed as a way for companies to gauge their cyber exposure, empower them with the opportunity to identify where their vulnerabilities lie and take decisive action against their risks, it said.

Download the full list here.

Source: Tech Central 

New Gumtree scam uses Uber drivers

A MyBroadband reader recently faced a scam involving Gumtree, Taxify, and his iPhone 7 Plus.

It started when he posted his iPhone 7 Plus 256GB on Gumtree, and received five calls to purchase the device on the first day.

“All of them said they do not use WhatsApp. All said they will send an Uber to collect. All offered to send documents,” he said.

Scammers appear to be trawling Gumtree for high-value items, like an iPhone, then try to steal them by offering to purchase the item, and sending forged documents and notifications.

This is done when potential victims agree to accept an EFT.

The scammer knows which bank the victim uses and sends an SMS stating a deposit has been made into their bank account from a different bank.

This is so they have an excuse for why the money hasn’t cleared if checked. They then send an SMS that looks like a deposit notification from the victim’s bank.

Scam

In the reader’s case, the scammer said he was sending his “friend” to collect the iPhone after he had made the “payment”.

The “friend” turned out to be a Taxify driver, who had little knowledge of the person he was collecting the phone for.

The reader said after handing his device over, he felt something was wrong, and went to the guard house where he stays and got the driver’s number from the sign-in book.

He called the driver, explained he thought the collection was a scam, and the driver returned – cancelling the trip.

The scammer the driver did the pickup for was a cash customer, who then contacted him and offered R1,500, then R3,000, to complete the delivery. The driver declined.

“These criminals are using Uber and Taxify with cash payment options to get the drivers to do the hard work and collect the items from victims,” said the reader.

Fighting cons

Gumtree said fraudulent proof of payment is not new in online marketplaces.

“Although we haven’t seen many cases like this, it seems that Uber or Taxify is another way of making it harder to trace the actual perpetrator,” said Gumtree.

“We urge community members to inform us via our 24/7 contact centre if they encounter a suspicious buyer or seller.”

Gumtree stated that victims or potential victims must also contact the SAPS about any scam incidents.

The company said it will speak to Uber and Taxify to collaborate and combat this activity.

Uber recently introduced new safety features which require cash riders to link a Facebook account to their Uber profile, which it verifies, before using the service.

Called Social Connect, only new sign-ups are currently required to link their Facebook account.

Uber said there is potential for Social Connect to expand to existing users in future.

Taxify did not respond to requests for comment.

Safety features

One way to avoid falling victim to a scam is to use a third-party escrow service, like Shepherd – which is offered by Gumtree in conjunction with Standard Bank.

The service charges 3.95% of the transaction value, with a minimum charge of R30.

Shepherd also charges separately for its shipping service – starting at R100 for items below 2kg, and R169 for items up to 10kg.

“If you opt not to use Shepherd, always check that funds have cleared before handing over goods,” said Gumtree.

By Jan Vermeulen for MyBroadband

Wi-Fi is under attack

A huge vulnerability in Wi-Fi that fundamentally breaks the security we use to protect our wireless networks has just been exposed.

The exploit, revealed on Monday, breaches a newly found vulnerability in WPA2, the security protocol used to safeguard all modern Wi-Fi networks, and researchers say it could violate virtually any Wi-Fi network previously thought to be secure.

“The attack works against all modern protected Wi-Fi networks,” explains the security researcher who discovered the vulnerability, Mathy Vanhoef from Belgium’s KU Leuven university.

“The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.”

By taking advantage of the vulnerability in what is called a key reinstallation attack (KRACK), a hacker could read information supposed to be encrypted on a Wi-Fi network, intercepting potentially sensitive information like credit card numbers, passwords, photos, and messages.

In the worst case, Vanhoef says, it could be possible for someone to use KRACKs to inject and manipulate data on a compromised Wi-Fi network, hijacking devices to inject ransomware or other malware onto systems.

“Wow. Everyone needs to be afraid,” researcher Robert Graham of Errata Security, who wasn’t involved with the discovery, wrote in a blog post.

“It means in practice, attackers can decrypt a lot of Wi-Fi traffic, with varying levels of difficulty depending on your precise network setup.”

The good news in all this is that the hack can’t be executed online: any attacker trying to take advantage of the flaw needs to do so locally, to be within range of the wireless network they’re trying to breach.

That’s because the attack works by fooling a security layer in WPA2 called the four-way handshake, which determines whether devices seeking to join a Wi-Fi network have the right credentials.

When this happens, the handshake is supposed to generate a fresh encryption key to encrypt all subsequent traffic, but KRACKs manage to fool the network into reusing a previously issued encryption key.

“Essentially, to guarantee security, a key should only be installed and used once,” Vanhoef explains.

“Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.”

In the researchers’ testing, the attack worked with varying levels of success against client devices running Apple, Windows, Android, and many other operating systems on compromised networks, and while websites and apps using HTTPS encryption were harder to breach, they weren’t always fool-proof.

Fortunately, the code that makes this attack possible hasn’t been publicly released – so it’s unlikely we’ll see a wave of hackers taking advantage of it straight away, because first they’d need to reverse-engineer how it works.

Before that happens, technology companies – who were given fore-warning of the vulnerability – are already busy patching their systems, and some of these patches are already available, which Vanhoef says we should all grab as soon as possible.

“Changing the password of your Wi-Fi network does not prevent (or mitigate) the attack,” he explains in an FAQ about the new attack vector.

“Instead, you should make sure all your devices are updated, and you should also update the firmware of your router.”

Of great ongoing concern are the many ‘Internet of Things’ (IoT) devices and appliances now in use that are difficult to update or go unsupported by their manufacturers. These include things like Wi-Fi enabled home security cameras and televisions.

The vulnerability is detailed in a research paper available online, which is due to be presented at the ACM Conference on Computer and Communications Security in Dallas in November.

By Peter Dockrill for Science Alert

The rapidly evolving story about Moscow-based Kaspersky Lab’s involvement in helping Russian government hackers steal sensitive National Security Agency materials has taken yet another turn, as The Wall Street Journal reports that the assistance could have come only with the company’s knowledge.

Wednesday’s report, citing unnamed current and former US officials, said the help came in the form of modifications made to the Kaspersky antivirus software that’s used by more than 400 million people around the world. Normally, the programs scan computer files for malware. “But in an adjustment to its normal operations that the officials say could only have been made with the company’s knowledge, the program searched for terms as broad as ‘top secret,’ which may be written on classified government documents, as well as the classified code names of US government programs, these people said.”

The report is the latest to detail a 2015 event in which an NSA worker—described as a contractor by the WSJ and an employee in articles from The Washington Post—sneaked classified materials out of the agency and onto an Internet-connected computer that had Kaspersky AV installed on it. The WSJ, WaPo, and The New York Times have all reported that hackers working for the Russian government were able to home in on the documents with the help of the Kaspersky software.

On Tuesday, the NYT was first in reporting that NSA officials first learned of the help provided by Kaspersky AV from Israeli intelligence officials who had hacked into Kaspersky’s corporate network and witnessed the assistance in real time.

Wednesday’s report is the first to explicitly say the assistance wasn’t the result of a covert hack or the exploitation of an inadvertent weakness but rather likely came with the knowledge of at least one Kaspersky official.

“There is no way, based on what the software was doing, that Kaspersky couldn’t have known about this,” the WSJ quoted a former US official with knowledge of the 2015 event saying. The official went on to explain that the Kaspersky software was designed in a way that it would have had to be programmed to look for specific keywords. Kaspersky employees, the official continued, “likely” would have known such a thing was happening. The evidence, Wednesday’s report said, has now caused many US officials to believe the company was a “witting partner” in locating the materials on the home computer.

In a statement issued Wednesday, Kaspersky officials wrote:

Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question, and the company reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems.
The company has long maintained it has no inappropriate ties to any government, including Russia’s, and vigorously defends against all malware threats.

Meanwhile, Reuters reported that German officials had no evidence to back the reports Kaspersky AV played a role in the theft of the NSA materials and had no plans to warn against the use of the software. Last month, the US Department of Homeland Security took the unprecedented step of banning all federal government agencies and departments from using any Kaspersky goods or services.

The WSJ went on to report that US intelligence agencies spent months studying and experimenting with Kaspersky software to see if they could trigger it into behaving as if it had discovered classified materials on a computer being monitored by US spies. “Those experiments persuaded officials that Kaspersky was being used to detect classified information,” Wednesday’s report said.

By Dan Goodin for ARS Technica 

Cabinet reshuffle #12 for Zuma

Desperation to push through the R1-trillion nuclear deal and “gatvolness” with SACP leader Blade Nzimande’s criticism of his leadership ahead of the ANC’s elective conference are probably the main reasons behind President Jacob Zuma’s most recent Cabinet reshuffle.

The reshuffle, that saw Nzimande chopped from the Cabinet, four ministers changing portfolios and the introduction of loudmouth ANC MP Bongani Bongo as minister of intelligence, is part of Zuma’s fightback campaign to reclaim authority over a deeply fractured governing party.

The axing brings an end to a decade-long bromance between Zuma and the communists, who were at the forefront of lobbying for the corruption charges against Zuma to be dropped and for president Thabo Mbeki to be recalled.

The relationship soured when it became clear that Zuma was never really interested in changing the economic policies of the country to benefit the poor, but rather to enrich himself and his besties, the Guptas.

In recent months, Nzimande has been one of Zuma’s most vocal critics with the SACP, calling for his removal as ANC president.

The SACP-ANC relationship is at an all-time low, with threats by the reds to go it alone in the 2019 election.

Firing Nzimande opened up the opportunity for Zuma to play musical chairs.

His close ally David Mahlobo becomes energy minister; Bongo takes over state security; Ayanda Dlodlo moves to home affairs and Mmamoloko Kubayi takes over the communications portfolio.

Hlengiwe Mkhize moves from home affairs to higher education and the young rising star MP and former Young Communist League leader, Buti Manamela, replaces the controversial Mduduzi Manana as Mkhize’s deputy.

So why did Zuma move his powerful intelligence minister to the energy portfolio?

It does not require rocket science to connect the dots: Zuma needs to push through the nuclear deal with Russia’s Rosatom before his term ends. If a candidate other than Nkosazana Dlamini-Zuma wins the ANC’s presidential election, Zuma could be out as state president as early as January.

Mahlobo has accompanied Zuma on at least one state visit to Russia, to meet President Vladimir Putin. It was always a mystery why Mahlobo, and not the energy minister, had travelled with Zuma, but that question has now been answered.

The Sunday Times reported last month that Mahlobo accompanied convicts Gayton McKenzie and Kenny Kunene – supposedly Zuma’s New Best Friends – to Russia to present themselves as BEE partners to Russian oil and gas company Rosgeo for a R5bn deal. Connect the dots.

The Western Cape High Court’s ruling earlier this year that the tender process for nuclear should start from scratch was a massive setback for Zuma and Putin. Mahlobo has now been trusted with pushing the deal through – and fast.

Remember that Zuma’s favourite son, Duduzane, and the Guptas own Shiva Uranium, who will be one of the chief beneficiaries of a nuclear deal. That is the Zuma pension plan.

Kubayi was supposed to fast-track the deal after Tina Joemat-Pettersson got the boot in March for failing to do so, but she probably moved too slowly in Zuma’s view.

The reshuffle is a sign that Zuma is panicking. South Africa should be on high alert.

By Adriaan Basson for News24

Government wastes R51.1bn in a year

An evaluation of those annual reports submitted to Parliament by national departments and their entities have revealed that R51.1 billion was wasted in the 2016/2017 financial year as a result of irregular, fruitless and wasteful expenditure.

Entities were the biggest offenders, accounting for nearly R35.9 billion, or R70%, of the total.

This staggering amount is sure to increase as the departments of Environmental Affairs, Defence, and State Security have still not tabled their annual reports. Similarly, South African Revenue Service, South African Airways, South African Express, South African National Roads Agency, and Passenger Rail Agency of South Africa have not finalised their annual reports.

Audit results of departments and entities were once again dismal with no fewer than 22 outstanding audit reports, as well as a litany of disclaimed (3), adverse (4) or qualified (28) audit opinions. More than 20% of all audits were either outstanding or failed to meet accounting standards.

Concerningly, the Auditor-General (A-G) raised “going concern” issues with the following entities: Independent Police Investigative Directorate (IPID), the National Health Laboratory Service, PetroSA and the South African Broadcasting Corporation (SABC). The A-G could not provide audit opinions for either the Unemployment insurance Fund or the Compensation Fund.
National departments once again failed to meet their own targets with key ministries among the worst performing:

Similarly, key entities are among the worst performing:

South Africans run the risk of becoming jaded by the governance failures of the ANC government. However, we must never lose sight of the opportunities lost by the R50 billion squandered through irregular, fruitless and wasteful expenditure.

Governance failures come at a great cost to South Africa’s most vulnerable. We cannot rest until every valuable resource is directed at improving the lives of honest, hardworking South Africans.

By John Steenhuisen MP, Chief Whip of the Democratic Alliance

Microsoft keeps hack under wraps

Microsoft’s internal database that it uses to track bugs in its software was reportedly hacked in 2013.

A highly sophisticated hacking group was behind the alleged breach, according to Reuters, which is the second known breach of this kind of corporate database.

Five former employees told the publication about the hack in separate interviews, though Reuters said Microsoft did not disclose the depth of the attack in 2013.

The database in question contained information on critical and unfixed vulnerabilities found in not only the Windows operating system but also some of the most widely used worldwide software, the publication reported.

Microsoft learned of the breach in early 2013 after a hacking group launched a series of attacks against high profile tech companies including Apple, Twitter and Facebook.

The group exploited a flaw in the Java programming language to access employees’ Apple computers, before moving into the company’s network, Reuters said.

Microsoft released a short statement following the attack on 22 February 2013 that said: “As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.

“We found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected, and our investigation is ongoing.”

In an email responding to questions from Reuters, Microsoft said: “Our security teams actively monitor cyber threats to help us prioritize and take appropriate action to keep customers protected.”

A Microsoft spokesperson told IT Pro: “In February 2013 we commented on the discovery of malware, similar to that found by other companies at the time, on a small number of computers including some in our Mac business unit. Our investigation found no evidence of information being stolen that could be used in subsequent attacks.”

This contradicts Reuters’ report, whose sources said that although the bugs in the database had been exploited in hacking attacks, the attackers could have found the information elsewhere.

Reuters said Microsoft didn’t disclose the breach because of this, and because many patches had already been released to customers.

“They absolutely discovered that bugs had been taken,” one source said. “Whether or not those bugs were in use, I don’t think they did a very thorough job of discovering.”

Following the breach, Microsoft improved its security by separating the database from the corporate network and including two authentications to access the information, Reuters reported.

Mozilla had a similar attack in 2015 when an attacker accessed a database which included information on 10 unpatched flaws. One of the flaws was then used to attack Firefox users, which Mozilla told the public about at the time, telling customers to take action.

Mozilla CBO and CLO Denelle Dixon said the foundation released the information about what it knew in 2015 “not only [to] inform and help protect our users, but also to help ourselves and other companies learn, and finally because openness and transparency are core to our mission.”

Reuters wrote that the hacking group has been called Morpho, Butterfly and Wild Neutron but security researchers say it is a proficient and mysterious group and that they cannot determine if it is backed by a state government.

Equifax revelead that a file containing 700,000 UK records was accessed during a data breach in May, giving attackers access to names and contact details. Of that figure, 700,000 accounts had partial credit information and email addresses stolen.

Zach Marzouk for IT Pro 

SA’s fast food industry in crisis

The South African fast food industry has come under severe pressure of late. The management of these fast food retailers keep telling us that in an economy that is not growing as it should, making money is becoming increasingly harder.

These companies should also acknowledge that increased competition in the South African market is becoming ever more prevalent. Recent entrants into the markets include chains such as Chesa Nyama and Pizza Perfect.

Famous Brands

Famous Brands, who owns household brands Steers, Wimpy and Debonairs among others, has seen its share price drop over 40% over the last year. The biggest reason is that investors are extremely negative on their Gourmet Burger Kitchen (GBK) acquisition in the UK. Having paid R2.1bn for GBK, the expectation is for GBK to contribute considerably to bottom line earnings.

Unfortunately, the opposite has happened. GBK only made a profit of R16m before interest and taxation. Management has cited reasons such as investor uncertainty due to Brexit. However, the fast food competition in the UK has also intensified and growing market share is becoming increasingly harder.

Taste

Taste Holdings owns the fast food brands Dominos Pizza, Starbucks and Zebro’s. Outside of food, Taste also has jewellery interest in NWJ, Arthur Kaplan and World’s Finest Watches.

Taste has been trying to become profitable and hopes that the international brands of Starbucks will do exactly that.

For the six months ending August 2017, Taste posted a loss of around R65m. Unfortunately, Starbucks has not yet pulled Taste into profit. Worse yet, Taste’s jewellery division, which has historically made profits, has also posted a loss of R769 000.

Taste needs to turn profitable as the balance sheet is very weak. With debts relatively high, Taste might consider issuing rights to bolster their cash position as the Starbucks roll-out is very cash hungry.

The share price of Taste declined from R2.15 in May to 75 cents recently.

Grand Parade Investments

Recently Grand Parade announced that it withheld dividend payments for 2017. As with Taste, Grand Parade is still rolling out its Burger King, Dunkin’ Donuts and Baskin-Robbins stores. These roll-outs are very capital intensive and are still leading to company losses.

Grand Parade has a profitable gambling interest but is planning to disinvest from those in time as it targets food to be the future of the company.

In March 2017 Grand Parade Investments was trading at R4.00 per share. Currently, the price is trading at R2.71. This is a great entry point for investors as the company is actively deleveraging its balance sheet and has a debt to equity ratio of 16.8%.

Spur

Spur has been a South African household name for years. As all of the other fast food chains, Spur has seen its share price drop considerably. It traded down from R36 per share to around R28 in less than a year. Recent numbers show like for like sales down 9.9% and headline earnings from continued operations declined by 26%.

Spur’s roll-out of the RocoMamas franchise has been extremely successful and has been a great hedge for Spur in a declining environment. RocoMamas increased profits by 34%.

Other brands in the Spur group include Hussar Grill and John Dory’s.

Woolworths

Although not as much fast food, Woolies does offer customers a sit-down and take-away option. The Woolies share price seems to have found some support around the R60 level with investors buying the share a lot cheaper than they did 2 years ago. In November 2016, Woolies was trading at around R104 per share.

Like Famous Brands, Woolworths tried to achieve scale by entering an offshore market. The David Jones acquisition in Australia is providing problems with reported management differences and questions over the price paid for the acquisition.

However, Woolworths does sell superior products to its competitors and will rocket when the South African economy turns and the Australian acquisition gets bedded down properly.

By Kirk Swart for Fin24

Deputy President Cyril Ramaphosa could be the next casualty of a cabinet reshuffle‚ an insider has told news channel eNCA.

James Motlatsi‚ who formed the powerful National Union of Mineworkers with Ramaphosa and others‚ said he had learnt that President Jacob Zuma would use an intelligence report to justify axing Ramaphosa.

“Let me say to you‚ unconfirmed reports are saying that [this will happen] very soon. This issue‚ Cyril even raised it in a meeting. We have been told by other people that the president himself‚ he is saying Cyril is a spy of Western capitalists‚ so we are waiting for that intelligence report to come out for him‚” Motlatsi said.

Zuma used a similar report to oust Pravin Gordhan and Mcebisi Jonas from the finance ministry earlier this year‚ ANC leaders have said.

President Jacob Zuma again defied ANC advice and reshuffled his cabinet. On Tuesday he announced another cabinet shake-up‚ the second this year.

He removed SA Communist Party general secretary Blade Nzimande as education minister and swapped around five other portfolios.

The reshuffle has been condemned by opposition parties.

The SACP said it was a direct attack on the party‚ which has called for Zuma’s resignation.

Motlatse said the exercise was an act of retribution on Zuma’s part.

“It’s political revenge because the SACP‚ not only Blade‚ had already taken a stance that the president should step down. So‚ instead of engaging the SACP‚ he would like to punish the SACP.”

Source: Times Live

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top