Fin24 recently publishing article with the headline: “Massive Afrihost security flaw exposed”.
The article stated that “a massive security flaw” left the ADSL credentials of users vulnerable. The situation was brought to light by a Durban software expert, Taylor Gibb, who recently posted on Facebook that “Afrihost staff had been able to provide ADSL account credentials to users over the phone, leaving information at risk”.

Afrihost has released the following statement:

1. There was no breach of data at any time

No databases, personal information, payment information or account details have been breached or hacked in any way. The article is based on hypothetical scenarios conceived by the author of the article, who was never (at any time) in possession of the data mentioned.

2. Our clients are not at risk

Since no data was actually obtained, our clients are not at risk at all. We have also now ensured that consultants cannot view encrypted data, so there is no risk to clients whatsoever (based on the scenario in this article).

3. Passwords were never stored in plain text

The writer makes several assumptions regarding the state of personal data, such as passwords being stored in plain text, which are inaccurate. Passwords are encrypted.

4. The information relates ONLY to ADSL usernames and passwords

No payment information, personal information or ClientZone user login information were ever at risk. At absolute worst, the information in question could only be used to login to an ADSL account (and one that allows concurrent logins). Any client could still view their ADSL sessions via their ClientZone and request any unknown numbers be blocked from accessing their account. There would be zero possibility that these details could ever lead to obtaining payment or personal information.

5. Our team of staff are trustworthy

The article only refers to scenarios where a staff member of Afrihost could access vulnerable information. Our staff have no motivation to steal data from our clients, as they receive free internet for both fixed line (DSL or Fibre) and Mobile Data. In many cases, our staff give out their personal accounts to help our clients test their connectivity. While we did trust our staff with access to passwords – this ability has since been removed – this was always subject to identity verification. However, we have removed this feature for our client’s peace of mind and will find new ways to ensure that our clients enjoy the same level of convenience when interacting with our consultants.

We’ve always had to balance our need for increased security and safeguards with our client’s convenience. Changes to our security is in ongoing development at all times, and we had planned to devise a convenient way to roll these out with minimal impact to our clients.

As mentioned, no data was breached, no personal information was compromised and not a single client was adversely affected in any way.

By Sifiso Zulu for EWN

President Cyril Ramaphosa has suspended Tom Moyane as South African Revenue Service (SARS) Commissioner with immediate effect.

The Presidency says Ramaphosa met with Moyane on Monday to inform him of his decision after reports that the now suspended senior tax official refused to resign.

Ramaphosa has cited that developments at SARS under the leadership of Moyane have resulted in a deterioration of public confidence in the institution and public finances being compromised.

Moyane appeared in Parliament recently to answer questions about infighting at SARS including his handling of ex-tax official Jonas Makwakwa’s disciplinary hearing.

Presidency spokesperson Khusela Diko says: “The president has said the actions of Mr Moyane in relations to a number of matters, including his treatment of Mr Makwakwa and his failure to report this issue to the Minister of Finance but also management of it in that regard have brought SARS into serious disrepute and this is what the president was acting against.”

The Organisation Undoing Tax Abuse (Outa) says the suspension of Moyane is a start towards restoring confidence in the revenue service and improving tax morality.

Outa’s Wayne Duvenage says this decision will also improve relations between the finance ministry and SARS.

“We get the reporting lines right between the minister of finance and SARS which was removed when Jacob Zuma was there and he had direct control there. I think we’ll start to see accountability improve, performance improvement and efficiency at SARS and we’ll get back to an efficient organisation that collects taxes well.”

Meanwhile, on Monday night Treasury announced Mark Kingon as acting commissioner for SARS.

Kingon has been serving as acting chief officer of business and individual taxes at the revenue service.

Source: EWN
Image: BusinessLive

Former President Jacob Zuma spent R15.3-million in his battle to avoid prosecution – all funded by the taxpayer.

President Cyril Ramaphosa disclosed this information to the Democratic Alliance on Tuesday‚ in a bid to settle legal action bought by the party over Zuma’s refusal to disclose his legal fees in the so-called Spy Tapes case.

The State Attorney indicated that Ramaphosa intends to disclose this information in Parliament on Wednesday‚ in response to questions from EFF leader Julius Malema.

Malema also wants to know “on what legal provision(s) or policy did the State rely when using state resources to fund the former President’s legal costs?”

Zuma steadfastly avoided answering DA leader Mmusi Maimane’s questions about how much his so-called Stalingrad campaign has cost taxpayers.

And that may be because he has agreed to pay back the money if he’s convicted.

Ramaphosa’s spokesperson Tyrone Seale last week told Financial Mail that the state would continue to fund Zuma’s legal fees if he went on trial for corruption‚ on the basis of an undertaking that was concluded between Zuma and then president Thabo Mbeki in 2006.

“The former President signed an undertaking to refund the state if he is found to have acted in his personal capacity and own interest in the commission of offences with which he was charged.”

It remains unclear whether these costs will include the money spent by Zuma in avoiding prosecution.

Maimane told TimesLIVE on Tuesday evening that the DA would ensure the money was paid back.

“We want to claim it back and we want to ensure that Zuma is personally liable. We will do an analysis of how the determination went,” he said.

By Karyn Maughan for Times Live

Over 27‚000 cryptocurrency investors have fallen victim to one of the biggest Bitcoin scams to hit South Africa, TimesLive reported.

Hawks spokesman Captain Lloyd Ramovha confirmed the commercial crimes unit was investigating complaints against BTC Global‚ a company which asked investors to send their cryptocurrency to an online wallet address.

Many of the victims were South African, but the extent of the scam spread to the US and Australia.

“The amount is over $50 million and could rise as more victims come forward‚” said Ramovha.

He said the company was being investigated for violating the Financial Advisory and Intermediary Services Act, but could not confirm whether it was a Ponzi scheme or if the people behind it are South African.

Victims from South Africa told TimesLive they had invested between R16‚000 and R1.4 million with BTC Global.

BTC Global’s selling point was the skill of its “master trader” Steve Twain, whom many victims believe does not exist.

BTC Global promised investors that if they sent their Bitcoin to its wallet address they would receive guaranteed returns of 14% per week.

Its website now displays a message which states that Steven Twain is missing and calls for victims to stop threatening harm to the admin team.

Source: MyBroadband

Standard Bank has denied that it has opened a bank account associated with the Gupta family.

It was reported earlier on Tuesday that the top-4 bank had agreed to open bank accounts for business rescue practitioners controlling seven Gupta companies.

However, Standard Banks spokesperson Ross Lindstrom has said the bank terminated all dealings with the Gupta family and all entities controlled by it with effect from June 2016, and that that decision still stood.

Earlier, business rescue practitioner Louis Klopper confirmed that Standard Bank had agreed to open a new account‚ with strict conditions limiting access only to Klopper and his partner practitioner‚ Kurt Knoop.

Klopper said this had been a crucial stumbling block to getting the Gupta companies‚ particularly the four mines owned by the family‚ back up and running.

However, in an e-mail to Business Day, Linstrom said on behalf of the bank: “Standard Bank of SA has not opened and will not open accounts with these companies. Any impression created to the contrary was created by an employee that was acting out of mandate.

“Communication between the employee and [Klopper] was not authorised and did not follow the internal processes of the bank. Disciplinary procedures are currently under way.”

The Gupta family has had to make do with facilities at the Bank of Baroda — a relationship that has deteriorated since the bank started to come under pressure from the Reserve Bank over the large number of suspicious transactions the Gupta family were processing.

On February 16 the directors of Gupta-owned Tegeta filed for business rescue‚ placing Optimum‚ Koornfontein and Brakfontein coal mines in Mpumalanga, as well as Shiva Uranium in the North West, under Klopper’s control.

Property investment companies Confident Concepts and Islandsite Investments 180 were also placed under business rescue.

The mines employ roughly 3 000 people‚ most of whom went on strike when salaries were not paid on February 25. The permanent staff‚ about 1 500 people‚ were paid last week.

By Kyle Cowan for Business Day

New Public Enterprises Minister Pravin Gordhan on Tuesday revealed that his immediate focus would be on revitalising state-owned entities (SOEs) and reversing the tide of state capture that has gripped key sectors of the economy.

The appointment of new boards at several public entities, including operational changes, was expected in the next three weeks, Gordhan told members of the Federation of Unions of South Africa (Fedusa) at a conference in Pretoria.

“It won’t be an easy task, nonetheless it is not impossible,” he said, adding that change was expected in state power utility Eskom following the appointment of a new board.

“There is a huge need to restructure the state entities to function in the public interest, not just to serve a few people,” said Gordhan.

The financial management of public enterprises such as Eskom, South African Airways and rail agency PRASA has been blamed for putting pressure on the fiscus, with billions of rands in guarantees extended to the entities to help them stay afloat.

“A good team at Eskom needs to assure South Africans that they would work to keep costs under control,” he said. “Given 3 to 6 months, we will begin to see some positive signs.”

‘Tough ride’

Gordhan, who was named public enterprises minister on February 26, stressed that rooting out corruption and transforming state-owned enterprises was going to be a “tough ride”.

Treasury has issued R350bn in government guarantees to Eskom, of which over R200bn has been utilised, as the troubled state power utility has battled to rein in bulging operating costs.

The poor state of Eskom’s financial affairs has seen its long-term corporate rating downgraded by Moody’s in November to Ba3, a third notch below non-investment grade.

The ratings agency placed Eskom on review for a further downgrade.

Late last month rival ratings agency S&P downgraded Eskom’s long-term debt to ‘CCC+’, the seventh rung of non-investment grade, with a negative outlook.

Gordhan said he anticipated that those involved in state capture would try to “sabotage” efforts of reversing the damage and transforming the state.

“The damage is not something that happened overnight […] we are on a good wave in South Africa and it is possible to re-capture the state and re-orientate these institutions,” he said.

By Sibongile Khumalo for News24

Craig Wright, the self-proclaimed inventor of Bitcoin, is accused of swindling more than $5-billion worth of the cryptocurrency and other assets from the estate of a computer-security expert.

Wright, who claimed in 2016 that he created the computer-based currency under the pseudonym Satoshi ‎Nakamoto, allegedly schemed to use phony contracts and signatures to lay claim to bitcoins mined by colleague Dave Kleiman, another cryptocurrency adherent, who died in 2013, according to a lawsuit filed by Kleiman’s brother.

Kleiman’s family contends they own the rights to more than 1 million Bitcoins and blockchain technologies Kleiman mined and developed during his lifetime and that the assets’ value exceeds $5 billion, according to the Feb. 14 filing in federal court in West Palm Beach, Florida.

“Craig forged a series of contracts that purported to transfer Dave’s assets to Craig and/or companies controlled by him,’’ lawyers for Kleiman’s family said in the complaint. “Craig backdated these contracts and forged Dave’s signature on them.’’

Wright, an Australian who lives in London, couldn’t immediately be reached for comment on the suit, which also accuses the entrepreneur of violating partnership duties to Kleiman and unjustly enriching himself at his colleague’s expense. There is no attorney listed for Wright on the docket.

Wright and Kleiman formed a Florida-based company, W&K Info Defense Research LLC, in 2011 to focus on cybersecurity, according to the court filing. The pair also had earlier worked together on the development of Bitcoin and had extensive mining operations, according to the family’ s lawsuit.

The pair controlled as many as 1.1 million Bitcoins at the time of Kleiman’s death, according to the suit. They were held trusts set up in Singapore, the Seychelles Islands and the U.K., the suit says.

Wright said in a 2016 blog post and interviews that he was the main participant in a team that developed the original Bitcoin software under the pseudonym Satoshi Nakamoto. After skeptics questioned the claims, Wright said that he decided not to present any further evidence to prove that he is the creator of Bitcoin.

In the filing, Kleiman’s brother includes what he says is email traffic between himself and Wright in which the entrepreneur indicates he may have been holding 300,000 of Kleiman’s Bitcoins.

Dave “mentioned that you had 1 million Bitcoins in the trust and since you said he has 300,000 as his part,’’ the computer expert’s brother wrote. “I was figuring the other 700,000 is yours,” he added in the email. “Is that correct?”

“Around that,” Wright wrote back. “Minus what was needed for the company’s use.”

The case is Ira Kleiman v. Craig Wright, No. 18-cv-80176, U.S. District Court for the Southern District of Florida.

Source: MyBroadband

Is this loadshedding, revisted?

Eskom has been dogged by allegations of corruption and mismanagement, and this is showing in its expected financial results over the short and medium term. In addition, two of Eskom’s suppliers of coal – namely, two Gupta mines – have stopped operations due to an inability to pay staff.

As the embattled parastatal’s bills mount, questions surround whether or not there will be enough coal to keep power on this winter.

Eskom’s problems far worse than expected

The Rapport reported that Eskom expects a loss of R8.1-billion in the short term, which is set to balloon to R26,5-billion in the medium term.

These projected losses are the highest a state-owned enterprise has ever experienced in South Africa.

The National Treasury described Eskom’s financial problems as the single biggest risk to the South African economy and public finances.

This echoed the views of finance minister Malusi Gigaba, who said in January that Eskom’s financial woes could collapse the economy.

“There would be no currency, and no economy for the country if Eskom went belly-up,” said Gigaba.

To address the mismanagement at Eskom, Gigaba said in his recent budget speech that the government has strengthened Eskom’s board and management with “highly-capable, ethical, and credible leadership”.

Further allegations of mismanagement
In related news, the Sunday Times reported that former Eskom executive Matshela Koko’s wife has received millions of rand from the power utility.

“Documents in the possession of state capture investigators suggest the money flowed to companies where Koko’s wife, Mosima, is a director,” said the Sunday Times.

The report stated that the money was “channelled through Eskom service provider Impulse International, where Mosima’s 27-year-old daughter, Koketso Choma, was a non-executive director”.

In March last year, the Sunday Times reported that Koko’s stepdaughter received contracts for her company worth R1 billion from Eskom.

The report stated that Choma was appointed as a director at Impulse International in April 2016, after which it received eight contracts from the division of Eskom which Koko headed up.

Third Gupta-owned mine fails to pay workers’ salaries

An employee at Shiva Uranium mine‚ a Gupta-owned company based in Klerksdorp‚ North-West‚ says they have been left in the lurch after the company failed to pay them their salaries last week.

“We have not been paid February salaries. We were told that we would be paid on the 28th. This is very frustrating as most of us live far from work and are struggling to get money for transport‚” said the employee‚ who asked not to be named.

She said the company told them on Friday that the payments were delayed because it does not have a bank. “They also told us that they have an international bank and the funds have to be converted from dollars into rands and that the process takes long.”

Koornfontein coal mine is the second Gupta-affiliated mine not to pay salaries to its workers.

They were also told that the delay was due to Eskom not paying the company.

The country’s commercial banks have cut ties with Gupta-owned companies – citing reputational risk – while the only bank which services the companies‚ Bank of Baroda‚ is to exit South Africa at the end of March.

“We know there is trouble brewing there. They are just not telling us the truth.”

She said most workers have since Friday taken leave because they either do not have money to take public transport or put fuel in their cars.

“I do not know what I would have done had it not been for my partner‚ who has helped out with the kids’ school fees and other household expenses‚” the woman said.

She said the company has denied that it is under business rescue as the workers have heard from media reports.

“We have asked them if they are under distress and they said no. They don’t want us to take action against them and have threatened us with our jobs‚” she said.

Shiva Uranium is the third Gupta-owned company to not pay its employees. Optimum and Koornfontein coal mines have also failed to pay workers their salaries this month.

Workers at Optimum downed tools on Wednesday last week‚ saying they wanted to know whether the mine would be sold following reports that the mine’s owners‚ the Gupta family‚ could no longer be found.

Koornfontein supplies coal to Komati power station‚ Optimum supplies coal to Hendrina power station and Brakfontein supplies coal to Majuba power station.

https://mybroadband.co.za
By NOMAHLUBI JORDAAN for https://www.timeslive.co.za

Takealot guilty of “fake” prices

The Advertising Standards Authority of South Africa (ASA) has found Takealot guilty of selling products at higher prices than what it advertises the goods for.

In a recent sponsored Facebook promotion, Takealot advertised DKNY perfume at R369 – a saving of 62% on the normal price.

When a consumer tried to purchase this product, however, they had to pay over R200 more than the advertised price.

A complaint was lodged with the ASA regarding this practice after Takealot told the client it was “not responsible for advertising appearing on third-party platforms”.

According to the complainant, Takealot told her “its terms and conditions exempt it from liability emanating from its own advertising”.

Takealot responds
Takealot responded to the complaint, stating it is not an ASA member and that the organisation’s rulings are therefore not binding to it.

The online retailer did acknowledge that this was the third complaint of this type brought to the ASA.

It explained there “may be lags in bringing the pricing of third-party advertisers in line with price changes”.

“The product on special had sold out when the complainant claimed the deal, but the advertising had not been changed,” said Takealot.

ASA ruling
The ASA rejected Takealot’s argument that it was not responsible for advertisements from third-party advertisers.

“If Takealot uses third-party advertisers, then it must ensure that checks and balances are in place that such advertisers only display correct information,” said the ASA.

“The reality is that Takealot benefits from the traffic flow to its website and it must take responsibility for the actions of the third-party advertiser.”

The ASA subsequently rejected Takealot’s submission that its advertising is not misleading.

It said consumers are led to believe that advertised products at the discounted rates are available on Takealot, which they are not.

The complaint that Takealot’s advertisement promising a discounted price was misleading was upheld, and it advised the company not to repeat this advertising.

Source: MyBroadband 

A cyberattack caused the Internet disruptions during the Winter Olympics’ opening ceremony on Friday night, Olympic officials and security experts said.

Jihye Lee, a spokesman for the Pyeongchang Organizing Committee, confirmed Sunday that “the technology issues experienced Friday night were caused by a cyberattack.”

Mr. Lee did not elaborate on the cause but said that the attack had been quickly addressed and that systems had been stabilized by Sunday.

The cyberattack took out internet access and telecasts, grounded broadcasters’ drones, shut down the Pyeongchang 2018 website, and prevented spectators from printing out reservations and attending the ceremony, which resulted in an unusually high number of empty seats.

Security experts said they had uncovered evidence that the attack had been in the works since late last year. It was directed at the Pyeongchang Organizing Committee and incorporated code that was specifically designed to disrupt the Games or perhaps even send a political message.

“This attacker had no intention of leaving the machine usable,” a team of researchers at Cisco’s Talos threat intelligence division wrote in an analysis Monday. “The purpose of this malware is to perform destruction of the host” and “leave the computer system offline.”

In an interview, Talos researchers noted that there was a nuance to the attack that they had not seen before: Even though the hackers clearly demonstrated that they had the ability to destroy victims’ computers, they stopped short of doing so. They erased only backup files on Windows machines and left open the possibility that responders could still reboot the computers and fix the damage.

“Why did they pull their punch?” asked Craig Williams, a senior technical leader at Talos. “Presumably, it’s making some political message” that they could have done far worse, he said.

Talos’s findings matched those of other internet security companies, like CrowdStrike, which determined on Monday that the attacks had been in the works since at least December. Adam Meyers, vice president of intelligence at CrowdStrike, said his team had discovered time stamps that showed the destructive payload that hit the opening ceremony was constructed on Dec. 27 at 11:39 a.m. Coordinated Universal Time — which converts to 6:39 a.m. Eastern Time, 2:39 p.m. in Moscow and 8:39 p.m. in South Korea.

Attackers clearly had a target in mind: The word Pyeongchang2018.com was hard-coded into their payload, as was a set of stolen credentials belonging to Pyeongchang Olympic officials. Those stolen credentials allowed attackers to spread their malware throughout the computer networks that support the Winter Games on Friday, just as the opening ceremony was timed to begin.

Security companies would not say definitively who was behind the attack, but some digital crumbs led to a familiar culprit: Fancy Bear, the Russian hacking group with ties to Russian intelligence services. Fancy Bear was determined to be the more brazen of the two Russian hacking groups behind an attack on the Democratic National Committee ahead of the 2016 presidential election.

Beginning in November, CrowdStrike’s intelligence team witnessed Fancy Bear attacks that stole credentials from an international sports organization, Mr. Meyers said. He declined to identify the victim but suggested that the credential thefts were similar to the ones that hackers would have needed before their opening ceremony attack.

On Wednesday, two days before the ceremony, the Russian Ministry of Foreign Affairs made an apparent attempt to pre-empt any accusations of Russian cyberattacks on the Games. In a statement, released in English, German and Russian, the agency accused Western governments, press and information security companies of waging an “information war” accusing Russia of “alleged cyber interference” and “planning to attack the ideals of the Olympic movement.”

This was not the first Olympic opening ceremony that was a target for hackers. In the lead-up to the 2012 London Games, investigators uncovered attack tools and the blueprints to the Olympic stadium’s building management systems on a hacker’s computer.

It appeared that hackers planned to take out the power to the stadium, said Oliver Hoare, who led cybersecurity matters for the London Games. But officials successfully prevented an attack.

By Nicole Perlroth for The New York Times

Platinum:

         

Gold:


Silver:

           

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top