Monday, March 20, 2023

Economist El-Erian: Market Insights...Banking turmoil intensifies

 Pay attention TOP STORIES 

 


Financial Times: US

www.ft.com › ...
6 minutes ago · Markets Insight Mohamed El-Erian · Banking turmoil intensifies the need for better Fed policymaking · A firmer anchor is required to deal with the policy 
 



Mohamed A. El-Erian on Twitter: "Posted earlier: My thoughts on why the "#banking turmoil intensifies the need for better #FederalReserve policymaking: A firmer anchor is required to ...

mobile.twitter.com › elerianm › status
10 minutes ago · Posted earlier: My thoughts on why the "#banking turmoil intensifies the need for better #FederalReserve policymaking: A firmer anchor is required to deal ...

Credit Suisse Hit for Gulf Investors, Erdogan's Election Pitch; MBS' Calculation - Bloomberg

www.bloomberg.com › news › newsletters
12 minutes ago · The slump intensified when Saudi National Bank Chairman Ammar Al Khudairy said “ absolutely not” to Bloomberg TV when asked whether the lender would be open to ...

Swiss Look On in Dismay as Once-Mighty Credit Suisse Craters

www.bloomberg.com › news › articles
29 minutes ago · Mohamed A. El-Erian · @elerianm. ·. Follow. A blunt fact remains when you step back from all the details on @CreditSuisse-@UBS deal #Switzerland's ...

Wall Street opens mostly higher with banks still in focus - Yahoo Finance

ca.finance.yahoo.com › news › asian-sto...
11 minutes ago · UBS acquiring Credit Suisse is 'no bailout' says Swiss finance minister — but top economist Mohamed El-Erian disagrees. 4 hours ago. Reuters ...

Wall Street's Rush for Safety Wanes as Stocks Gain: Markets Wrap

news.yahoo.com › us-futures-rise-dollar-...
20 minutes ago · El-Erian Urges 25 Basis-Point Hike Saying Fed Shouldn't Blink. 1d ago. Bloomberg. Banks' Riskiest Bonds Sink as Credit Suisse Wipeout Jolts Market. 1h ago.

RELATED CONTENT

Why Is Credit Suisse in Trouble? The Banking Turmoil Explained - WSJ

www.wsj.com › articles › why-is-credit-s...
11 minutes ago · Credit Suisse's Death Gives Birth to New Type of Bank Crisis. Solid ratios were no defense against a rapid loss of confidence at the Swiss lender, and the way ...

El-Erian Urges 25 Basis-Point Hike Saying Fed Shouldn’t Blink
Yahoo Finance 23 hours ago
Mohamed El-Erian Says Credit Suisse (CS) UBS Deal Was a Bailout
Bloomberg.com 16 hours ago
Fed blinking in 'front of financial instability' is the 'worst thing they can do,' warns economic adviser
Fox Business 20 hours ago
UBS acquiring Credit Suisse is 'no bailout': Swiss finance minister
Business Insider 7 hours ago
Fed rate hikes destabilized ‘weak’ institutions, individuals, companies: Mohamed El-Erian
Fox News 22 hours ago
Credit Suisse Takeover by UBS Is a Bailout: El-Erian
Bloomberg.com 17 hours ago
El-Erian Calls Credit Suisse Pushback on UBS Offer Unwise
Bloomberg.com 20 hours ago
El-Erian Says Some US Regional Banks Face 'Bumpy' Road Ahead
Bloomberg.com 10 hours ago
El-Erian Urges 25 Basis-Point Hike Saying Fed Shouldn't Blink
Bloomberg.com 23 hours ago
El-Erian Says Fed Pause Would Be 'Wrong Thing To Do'
Bloomberg.com 2 days ago
at No comments:

*** CNBC Developing Story...Market Turmoil > Time to Pause ***

"...Credit Suisse’s demise was a long time coming, with a culmination of years of scandals, multi-billion dollar losses, leadership changes and a strategy that failed to inspire investor confidence. In February, the bank — Switzerland’s second-largest — reported its biggest annual loss since the 2008 financial crisis after clients withdrew more than 110 billion Swiss francs ($120 billion).

In December 2022, Credit Suisse raised some $4 billion in funding from investors, including major Gulf banks and sovereign wealth funds like Saudi National Bank, the Qatari Investment Authority and the Saudi Olayan Group. Norway’s sovereign wealth fund, Norges Bank Investment Management, is also a major shareholder.

SNB’s feeling right now is probably like all shareholders in CS — utter anger that management have let the situation get to this point.
Simon Fentham-Fletcher
CHIEF INVESTMENT OFFICER, FREEDOM ASSET MANAGEMENT

The sharp and sudden downturn that began last week and led to the bank’s emergency sale is partially the fault of Saudi National Bank itself, some argue.

Saudi National Bank chairman Ammar Al Khudiary on Wednesday was asked by Bloomberg if it would increase its stake in the troubled Swiss lender. His reply was “absolutely not, for many reasons outside the simplest reason, which is regulatory and statutory.”

The comment triggered investor panic and sent Credit Suisse shares down 24% during that session, even though the statement wasn’t in fact new; the Saudi bank said in October that it had no plans to expand its holdings beyond the current 9.9%.

“Even though the situation at Credit Suisse was not perfect and investors had a lot of question marks about the future of the bank, SNB didn’t help calm down investors and shot themselves in the foot” with the chairman’s comments, one UAE-based investment banker, who requested not to be named due to professional restrictions, told CNBC.

MARKETS

First Republic shares slide 18% Monday after a credit rating downgrade

PUBLISHED MON, MAR 20 20236:36 AM EDTUPDATED 31 MIN AGO

thumbnail

John Melloy

@JOHNMELLOY

WATCH LIVE

KEY POINTS

S&P cut its credit rating to B+ from BB+ on Sunday after first lowering it to junk status just last week.

The rating remains on CreditWatch Negative, said S&P.

First Republic shares are down sharply this month as the collapse of Silicon Valley Bank caused investors to rethink other banks with large uninsured deposit bases. the banker said.

Panic over Credit Suisse is 'unwarranted,' Saudi National Bank chairman says
WATCH NOW
VIDEO07:47
Panic over Credit Suisse is ‘unwarranted,’ Saudi National Bank chairman says

The Saudi National Bank chairman did attempt to calm the situation the following day, telling CNBC’s Hadley Gamble in Riyadh that “if you look at how the entire banking sector has dropped, unfortunately, a lot of people were just looking for excuses.”

“It’s panic, a little bit of panic. I believe completely unwarranted, whether it be for Credit Suisse or for the entire market,” Al Khudairy said. His comments ultimately failed to stem the bank’s continued rout.

The messy fallout, which spilled over across the entire banking sector, has ruptured market confidence and stoked fears of another global banking crisis. Swiss Finance Minister Karin Keller-Sutter set out to reassure angry taxpayers during a press conference Sunday, stressing that “this is a commercial solution and not a bailout.”

Credit Suisse crisis: The market is in 'seek and destroy' mode, analyst says
WATCH NOW
VIDEO08:19
Credit Suisse crisis: The market is in ‘seek and destroy’ mode, analyst says

“SNB’s feeling right now is probably like all shareholders in CS — utter anger that management have let the situation get to this point,” Simon Fentham-Fletcher, chief investment officer at Abu Dhabi-based Freedom Asset Management, told CNBC.

“For years CS lurched from crisis to regulatory fine and changed management as it emerged in a new path. Finally the bank ran out of time,” he said.

He said that shareholders, specifically large ones like Saudi National Bank, will likely now want to reappraise the way they make investments and “where the stake is as large as it was here, will probably want to start embedding people so they properly understand what is happening inside their investments.”

“This might see a rise in activist shareholders not just wanting a board seat but real eyes and ears,” he added, noting that the last few weeks of market turmoil will undoubtedly put a significant dent in investor desire for risk.

From a risk perspective, Fentham-Fletcher said, “generally I think that we will see a pull back in all risk appetite as confidence has just taken a severe beating, and this combined with the apparent upending of the capital structure rules will undoubtedly make people pause.” 

MARKETS

First Republic shares slide 18% Monday after a credit rating downgrade

thumbnail
John Melloy@JOHNMELLOY
WATCH LIVE
KEY POINTS
  • S&P cut its credit rating to B+ from BB+ on Sunday after first lowering it to junk status just last week.
  • The rating remains on CreditWatch Negative, said S&P.
  • First Republic shares are down sharply this month as the collapse of Silicon Valley Bank caused investors to rethink other banks with large uninsured deposit bases.
at No comments:

Friday, March 17, 2023

Say What?? Vulnerability not detected for 4 years...More unpatched vulnerabilities

  If this can happen inside a federal agency, it likely can happen inside other organizations.

✓ There was an advisory jointly published by the Cybersecurity and Infrastructure Security Agency, the FBI, and the Multi-State Information Sharing and Analysis Center. From last November to early January, the server exhibited signs of compromise. 

The breach is the result of someone in the unnamed agency failing to install a patch that had been available for years. As noted earlier, tools that scan systems for vulnerabilities often limit their searches to a certain set of pre-defined file paths. If this can happen inside a federal agency, it likely can happen inside other organizations.

Anyone using the Telerik UI for ASP.NET AJAX should carefully read Thursday’s advisory as well as the one Progress published in 2019 to ensure they’re not exposed. 

RELATED

  • FBI

    FBI: Ransomware hit 860 critical infrastructure orgs in 2022

    The Federal Bureau of Investigation (FBI) revealed in its 2022 Internet Crime Report that ransomware gangs breached the networks of at least 860 critical infrastructure organizations last year.

    • arstechnica.com

    Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years

    by Dan Goodin - Mar 16, 2023 8:24 pm UTC
    6 - 7 minutes

    Biz & IT / Information Technology

    A code-execution bug with a 9.8 severity rating gave control over agency's network.

    Getty Images

    Multiple threat actors—one working on behalf of a nation-state—gained access to the network of a US federal agency by exploiting a four-year-old vulnerability that remained unpatched, the US government warned.

    Exploit activities by one group likely began in August 2021 and last August by the other, according to an advisory jointly published by the Cybersecurity and Infrastructure Security Agency, the FBI, and the Multi-State Information Sharing and Analysis Center. From last November to early January, the server exhibited signs of compromise.

    Vulnerability not detected for 4 years

    Both groups exploited a code-execution vulnerability tracked as CVE-2019-18935 in a developer tool known as the Telerik user interface (UI) for ASP.NET AJAX, which was located in the agency’s Microsoft Internet Information Services (IIS) web server. The advisory didn’t identify the agency other than to say it was a Federal Civilian Executive Branch Agency under the CISA authority.

    The Telerik UI for ASP.NET AJAX is sold by a company called Progress, which is headquartered in Burlington, Massachusetts, and Rotterdam in the Netherlands. The tool bundles more than 100 UI components that developers can use to reduce the time it takes to create custom Web applications. In late 2019, Progress released version 2020.1.114, which patched CVE-2019-18935, an insecure deserialization vulnerability that made it possible to remotely execute code on vulnerable servers. The vulnerability carried a severity rating of 9.8 out of a possible 10. In 2020, the NSA warned that the vulnerability was being exploited by Chinese state-sponsored actors.

    “This exploit, which results in interactive access with the web server, enabled the threat actors to successfully execute remote code on the vulnerable web server,” Thursday’s advisory explained. “Though the agency’s vulnerability scanner had the appropriate plugin for CVE-2019-18935, it failed to detect the vulnerability due to the Telerik UI software being installed in a file path it does not typically scan. This may be the case for many software installations, as file paths widely vary depending on the organization and installation method.”

    More unpatched vulnerabilities

    To successfully exploit CVE-2019-18935, hackers must first have knowledge of the encryption keys used with a component known as the Telerik RadAsyncUpload. Federal investigators suspect the threat actors exploited one of two vulnerabilities discovered in 2017 that also remained unpatched on the agency server.

    Attacks from both groups used a technique known as DLL side loading, which involves replacing legitimate dynamic-link library files in Microsoft Windows with malicious ones. Some of the DLL files the group uploaded were disguised as PNG images. The malicious files were then executed using a legitimate process for IIS servers called w3wp.exe. A review of antivirus logs identified that some of the uploaded DLL files were present on the system as early as August 2021.

    The advisory said little about the nation-state-sponsored threat group, other than to identify the IP addresses it used to host command-and-control servers. The group, referred to as TA1 in Thursday’s advisory, began using CVE-2019-18935 last August to enumerate systems inside the agency network. Investigators identified nine DLL files used to explore the server and evade security defenses. The files communicated with a control server with an IP address of 137.184.130[.]162 or 45.77.212[.]12. The traffic to these IP addresses used unencrypted Transmission Control Protocol (TCP) over port 443. The threat actor’s malware was able to load additional libraries and delete DLL files to hide malicious activity on the network.

    The advisory referred to the other group as TA2 and identified it as XE Group, which researchers from security firm Volexity have said is likely based in Vietnam. Both Volexity and fellow security firm Malwarebytes have said the financially motivated group engages in payment-card skimming.

    “Similar to TA1, TA2 exploited CVE-2019-18935 and was able to upload at least three unique DLL files into the C:\Windows\Temp\ directory that TA2 executed via the w3wp.exe process,” the advisory stated. “These DLL files drop and execute reverse (remote) shell utilities for unencrypted communication with C2 IP addresses associated with the malicious domains.”

    The breach is the result of someone in the unnamed agency failing to install a patch that had been available for years. As noted earlier, tools that scan systems for vulnerabilities often limit their searches to a certain set of pre-defined file paths. If this can happen inside a federal agency, it likely can happen inside other organizations.

    Anyone using the Telerik UI for ASP.NET AJAX should carefully read Thursday’s advisory as well as the one Progress published in 2019 to ensure they’re not exposed.

    Dan Goodin / Dan is the Security Editor at Ars Technica, which he joined in 2012 after working for The Register, the Associated Press, Bloomberg News, and other publications. Find him on Mastodon at: https://infosec.exchange/@dangoodin

    at No comments:
    Subscribe to: Comments (Atom)