Home Tags Share Price

Tag: Share Price

After Cyber Attack, FedEx Temporarily Halts Trading of Its Shares

An attack at subsidiary TNT Express may disrupt FedEx's push to hit a record-high share price.

Waymo hires Avis to look after its autonomous cars in Arizona

Avis shares are surging as a result.

BlackBerry’s no-phone business model isn’t working out as planned

Stock falls 13 percent in one day after bad sales numbers.

This is how much your share price falls when you get...

The impact of data breaches can be measured in a company's share price and customer churn.

Biz overlords need to give a stuff about what they’re told...

Data breaches smack bottom line, cautions survey Companies that suffer a data breach can expect to see their share price fall by five per cent and watch two to three per cent of customers take their business elsewhere.…

Consulting M&A volumes reach a nine-year high, despite turbulent political backdrop

19/Apr/2017 2016 reached a nine-year high in consulting M&A volumes, according to Equiteq’s Global Consulting Mergers & Acquisitions Report 2017.

Despite deal activity falling in the quarter prior to the US Presidential election and the UK’s Brexit vote, deal volumes were up 1%. Outperforming the S&P 500, the strength of the consulting sector was further demonstrated as the Equiteq Consulting Share Price Index ended 2016 up 14%, a 10-year high.The top consulting segments for deal... Source: RealWire

Tesla is worth more than General Motors or Ford

At more than $311 a share, Wall Street pegs Tesla as the most valuable US automaker.

Symantec doubles down on consumer security by buying LifeLock

Bid to mitigate damage in face of declining anti-virus sales Symantec has bought identity theft protection firm LifeLock for $2.3bn. The deal, announced Sunday, represents a brave bid by Symantec to shore up a consumer security business eroded by dwindling anti-virus sales. Selling Norton consumer security alongside identity protection and remediation services from LifeLock will enable sustainable "consumer segment revenue and profit growth", according to Symantec.

The security giant said it plans to finance the transaction with cash supplemented by $750m of new debt.

The deal – which is subject to LifeLock stockholder approval and US regulatory approval – is not expected to affect Symantec's FY17 results. Symantec's share price dropped marginally on the announcement of a deal that effectively involves it "doubling down" on the consumer security market.

Data breaches and the identity theft that sometimes results are a growing problem but whether the sometimes controversial LifeLock offers a comprehensive defence is far from convincing. LifeLock's identity theft protection system is designed to alert subscribers about fraudulent applications for loans, credit cards or other financial services. The $2.3bn price tag ($24 per share) offered from Symantec represents a 16 per cent premium on LifeLock's Friday closing share price of $20.75, itself a year-long high. LifeLock was also reportedly being pursued by private equity firms Permira, TPG, and Evergreen Coast Capital, as well as Symantec. Symantec sold data storage software firm Veritas to Carlyle Group for $7.4bn earlier this year.
Since then it has purchased Blue Coat for $4.65bn and now LifeLock for $2.3 billion in a bid to redefine itself as a pure play cybersecurity firm. The purchase price looks high even though LifeLock is profitable.

The company's net income for 3Q16 came out at $14.4m on sales of $170.3m. Last year LifeLock was obliged to pay $100 million to settle charges (PDF) of failing to maintain a comprehensive information security program and deceptive advertising.

The court order followed FTC enforcement action against LifeLock for alleged violations of an earlier 2010 order. ® Sponsored: Customer Identity and Access Management

Crooks and kids (not scary spies paid by govt overlords) are...

Troy Hunt talks down the state-sponsored hack threat Interview Despite the hype about state-sponsored hackers, most breaches are actually the result of either criminal activity or "kids messing around", according to breach expert Troy Hunt. Hunt, operator of the breach notification service Have I Been Pwned, noted that many of the current spate of breach disclosures actually stem from attacks that took place in or around 2012. “We’ve seen anything on this scale since Adobe,” Hunt told El Reg. “Motives differ with LinkedIn, for example, designed to make money.
Sony was state sponsored and Yahoo – if we take them at their word – was state-sponsored.” Hunt expressed doubt about Yahoo!'s contention of a state-sponsored attack which led to half a billion accounts being exposed, referencing recent research by InfoArmor that offered up the theory that criminals were behind the attack. “Blaming state hackers has become like a ‘dog ate my homework’ excuse,” he added. El Reg caught up with Hunt for 30 minutes shortly after he spoke about data breaches and other matters at the ScotSoft conference in Edinburgh on Thursday. He said that large datasets such as the LinkedIn cache were commonly dumped online by hackers when when they are “no longer profitable to sell”.

There are exceptions to this rule such as Ashley Madison, where hackers immediately leaked the purloined data as wide as possible in an effort to embarrass and pressurise the business. Hunt criticised TalkTalk as “negligent” over its October 2015 reach and criticised the record £400k fine imposed by data privacy watchdogs at the ICO as insufficient to serve as any deterrent. “TalkTalk was fined 0.02 per cent of revenue, something that will have no impact on its business,” Hunt said. “TalkTalk was hit by a 15 year old kid using free software, not a sophisticated attacker.” TallkTalk was “negligent” in being unable to defend against the attack it suffered, according to Hunt, a Microsoft regional director and MVP for developer security. Some breaches can have an effect on share price.

For example, the share price of Paysafe dipped before recovering after it emerged that Neteller and acquired firm Skrill had suffered a breach. Running haveibeenpwned has given Hunt a singular insight into major data breaches, how hackers operate and the weaknesses they exploit within organisations.
Some cases show that at least some large organisations are beginning to follow industry best practice of password handling.

For example, metadata from the Dropbox breach shows that the organisation was halfway through moving from the ageing SHA1 technology to pcrypt for password hashing. ®

MedSec’s ‘hackable pacemaker’ report autopsy: Bombshell crash claim in doubt

No conclusive evidence of bricked devices, say uni experts Researchers at the University of Michigan (U-M) have poured doubt on one claim by MedSec that St Jude Medical's implanted pacemakers and defibrillators are remotely breakable. Last week MedSec went public with a report saying that life-giving devices sold by St Jude Medical could be wirelessly compromised by hackers – who could either brick the vital equipment or empty their batteries of charge by sending malicious signals from afar. Rather than try to get the issue fixed with the manufacturer, MedSec partnered with investment firm Muddy Waters Capital to short St Jude's stock.

This allowed the pair to cash in when they made their vulnerability findings public and the healthcare company's share price fell. St Jude called the damning MedSec dossier "false and misleading." Now U-M says some of the security shortcomings detailed in the MedSec report aren't as serious as first feared.

The uni researchers attempted to recreate MedSec's attacks and found that in one case so far, the evidence the security firm presented is flawed. "We're not saying the report is false. We're saying it's inconclusive because the evidence does not support their conclusions. We were able to generate the reported conditions without there being a security issue," said Kevin Fu, U-M associate professor of computer science and engineering and director of the Archimedes Center for Medical Device Security. "To the armchair engineer it may look startling, but to a clinician it just means you didn't plug it in.
In layman's terms, it's like claiming that hackers took over your computer, but then later discovering that you simply forgot to plug in your keyboard." MedSec's report includes a photo of error messages on a wireless monitoring station for a defibrillator as evidence that a radio-based attack successfully crashed the implanted widget. When the station's wand is waved over the defibrillator, fault alerts are shown that suggest the gadget has died because there's no live information coming from it.

The dossier reads: In many cases, the Crash Attack made the Cardiac Device completely unresponsive to interrogations from Merlin@home devices and Merlin programmers.
It was therefore impossible to tell whether, and how the Cardiac Devices, are functioning. MedSec strongly suspects they were in many cases “bricked” – i.e., made to be non-functional.
It is likely physicians would explant a device that did not respond to the programmer. In some cases, a Cardiac Device subjected to a Crash Attack was still able to communicate with the programmer, and the information displayed was alarming. According to U-M's team, though, the implanted pacemaker or defibrillators can and will continue operating as normal even if readings to the monitoring station are disrupted. In other words, there's no conclusive evidence that the pacemaker or defibrillator actually stopped working after the radio communications were jammed.
It's more of an annoyance for whoever is using the monitoring terminal than a potentially lethal situation. "We believe the pacemaker is acting correctly," Fu said. Youtube Video "It's obviously not an attempt to recreate the attack," a Muddy Waters spokesperson told The Register. MedSec declined to comment on the matter. In El Reg's view, if the communications are temporarily disrupted it's hard to see how this is a super serious issue. On the other hand, if the radio jamming stops all further communication from the implant to a monitoring terminal, that's going to potentially require surgery to fix, which is not optimal. However, bear in mind, there is no hard evidence that a device is "bricked" – merely MedSec's strong hunch that this has happened. That's what all of last week's screaming headlines were based on. "While medical device manufacturers must improve the security of their products, claiming the sky is falling is counterproductive," Fu noted. "Healthcare cybersecurity is about safety and risk management, and patients who are prescribed a medical device are far safer with the device than without it." The U-M researchers are still going through the MedSec report, so there's room for more discoveries or revisions to their conclusions.
In the meantime, the whole case has raised concerns among many in the computer security industry that the startup's unorthodox tactics may have needlessly terrified patients using St Jude's products. "It's my personal view that ethically it's really hard to understand why people would have to go through this," Sam Rehman, CTO of application security vendor Arxan Technologies, told The Reg. "The whole point of the security industry is to build trust by protecting systems." ® Sponsored: 2016 Cyberthreat defense report

Muddying the waters of infosec: Cyber upstart, investors short medical biz...

Some sharks wear suits and ties Analysis A team of security researchers tipped off an investment firm about software vulnerabilities in life-preserving medical equipment in order to profit from the fallout. Researchers at MedSec Holdings, a cybersecurity startup in Miami, Florida, found numerous holes in pacemakers and defibrillators manufactured by St Jude Medical.
Instead of telling the maker straightaway, the crew first went to investment house Muddy Waters Capital to make money off the situation. MedSec offered Muddy Waters the chance to short sell the stock of St Jude Medical so that when details of the flaws are made public, MedSec and Muddy Waters could all profit.

The more the shares fell, the higher MedSec's profits would be. Muddy duly published details of the flaws earlier today, on Thursday, and sent this doom-laden alert to investors: Muddy Waters Capital is short St. Jude Medical, Inc. (STJ US).

There is a strong possibility that close to half of STJ’s revenue is about to disappear for approximately two years.
STJ’s pacemakers, ICDs, and CRTs might – and in our view, should – be recalled and remediated. (These devices collectively were 46% of STJ’s 2015 revenue.) Based on conversations with industry experts, we estimate remediation would take at least two years.

Even lacking a recall, the product safety issues we present in this report offer unnecessary health risks and should receive serious notice among hospitals, physicians and cardiac patients. We have seen demonstrations of two types of cyber attacks against STJ implantable cardiac devices (“Cardiac Devices”): a “crash” attack that causes Cardiac Devices to malfunction – including by apparently pacing at a potentially dangerous rate; and, a battery drain attack that could be particularly harmful to device dependent users.

Despite having no background in cybersecurity, Muddy Waters has been able to replicate in-house key exploits that help to enable these attacks. St Jude's share price fell 4.4 per cent to $77.50. MedSec claims it used Muddy Waters in order to draw attention to insecurities in St Jude's products and to fund its research efforts admittedly in a rather unorthodox manner. "We acknowledge that our departure from traditional cyber security practices will draw criticism, but we believe this is the only way to spur St Jude Medical into action," said MedSec's CEO Justine Bone on her company blog. "Most importantly, we believe that both potential and existing patients have a right to know about their risks.

Consumers need to start demanding transparency from these device manufacturers, especially as it applies to the quality and functionality of their products." Alternatively they could have simply gone to the device maker, showed them the holes, and got them fixed.
If they wanted to force the manufacturer into action, MedSec could have presented a paper at any one of the many security conferences – as car hackers Charlie Miller and Chris Valasek did in the Chrysler hacking case. Instead MedSec decided to hook up with Muddy Waters and short the stock to earn a tidy profit.

Carson Block, founder of Muddy Waters, took to Bloomberg TV to put the frighteners on folks about the severity of the flaws, which could help depress the share price further and thus boost his profits. "The nightmare scenario is somebody is able to launch a mass attack and cause these devices that are implanted to malfunction," he gushed. But based on his own company's report today into the St Jude devices, that seems unlikely.

The two attack vectors mentioned include a battery draining attack and one that could crash a pacemaker, but both require the attacker to get access to the device's home control unit for about an hour. The report blames St Jude Medical for using off-the-shelf parts in its devices that any hacker could buy and analyze, and for not making a custom operating system with extra security.
It estimates the faults will take years to rectify. Dr Hemal Nayak, a cardiac electrophysiologist at the University of Chicago, recommends in the Muddy report that users turn off their home controllers and says he will not implant any of St Jude Medical's devices. Nayak just happens to be a board member of MedSec. The report claims that it would be theoretically possible to carry out a widespread attack using St Jude Medical's network, but says MedSec didn't try it because that would be morally wrong.
So it seems they publicized that some flaws were merely present instead and cashed in on short selling. Medical device hacking has been demonstrated for years now, so much so that's it's almost considered old hat. Nevertheless, it seems a cunning firm has found a way to make big bucks out of the issue. ® Sponsored: 2016 Cyberthreat defense report

Security FUD and malware outbreaks boost Sophos’ coffers

Targeting the 'underserved mid-market' pays off nicely Revenues at Sophos were buoyed by the growing threat of ransomware and the like to its target mid-market customer base. For the quarter ending 30 June 2016, Sophos recorded revenues of $127.4m, 12.2 per cent up from the $113.5m its business brought in during Q1 2016. Kris Hagerman, chief executive officer, commented: "Our compelling strategy of targeting the underserved mid-market with a complete security offering through the channel that serves them continues to drive positive performance." For the financial year ending 31 March 2017, the Sophos board expects to deliver mid-teens percentage billings growth.
Sophos – which has long been enterprise rather than consumer focused – specialises in marketing cloud-enabled enduser and network security software products and services. Sophos’ share price reached a peak of £242 in early trading on Thursday, up more than 5.9 per cent from its Wednesday closing price of £228.60. Sponsored: Global DDoS threat landscape report