Our roundup also covers JPMorgan Asset Management’s Project Spark, BidFX's expanded suite, and people moves at LiquidityBook, BNP Paribas and SS&C.
Hackers Are Exploiting Microsoft Exchange Weaknesses
Following media reports of cybersecurity vulnerabilities via the popular Microsoft Exchange Server, the New York State Department of Financial Services (NYDFS) has issued a letter to the financial services industry that “urges all regulated entities with vulnerable Microsoft Exchange services to act immediately.”
The letter from the Cybersecurity Division of NYDFS targets regulated entities and their CEOs, chief information officers, chief information security officers, senior information officers, and data privacy officers.
The problems began March 2 when Microsoft officials “reported that four vulnerabilities were discovered in the Microsoft Exchange servers from 2013 and later (including 2016, 2019),” according to NYDFS officials.
“The vulnerable servers appear to host Web versions of Microsoft’s email program Outlook on their own machines instead of cloud providers. It also appears that the vulnerabilities were being exploited for some time before March 2, and that widespread exploitation of the vulnerabilities is ongoing,” according to the NYDFS.
Multiple media outlets report that the exploitation is ongoing.
“In recent days, thousands of organizations were compromised via zero-day vulnerabilities in Microsoft Exchange Server,” according to the NYDFS letter, dated March 9. “On March 2, 2021, Microsoft made patches available for these vulnerabilities, but many organizations were compromised either before the patches were available or before the patches were applied.”
Financial services firms “should immediately patch or disconnect vulnerable servers, and use the tools provided by Microsoft to identify and remediate any compromise exploiting these zero-day vulnerabilities,” according to the NYDFS. “The U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) has also released a current activity update outlining how to search for a compromise.”
CISA officials recommend immediate patching of the vulnerabilities “and preserving forensics of the cyber event. CISA reported that the threat actors deployed web shells on the compromised servers to establish persistent access to the victim’s network. Web shells can allow attackers to steal data and perform additional malicious actions,” according to the NYDFS. “We therefore recommend carefully considering the steps proposed in the CISA Emergency Directive to identify exploited servers and find web shells.”
Questions to the NYDF should be directed to CyberAlert@dfs.ny.gov
Help from Microsoft can be found here: http://bit.ly/38yk8n9
JPMorgan Pushes for Diversity Among Investment Managers
JPMorgan Asset Management is making an initial $25 million investment in funds managed by diverse emerging managers via the launch of Project Spark, officials say.
The new effort provides “capital to funds managed by diverse, emerging alternative managers, including minority-led and women-led venture capital funds and other private funds,” officials say.
The initial $25 million investment will be for “five or more funds, to be governed by a newly established investment committee comprised of diverse senior executives across J.P. Morgan Asset Management,” according to the firm. “Recent data suggests that just 9 percent of firms in the private equity industry are women or minority led, while just 3 percent of U.S. focused private equity assets are managed by minority-owned firms.”
“Through our investments in funds managed by women and diverse managers, we’re not only providing a capital commitment, but also seeking to create a network between our newly established Project Spark investment committee and the diverse managers in which we invest,” says Jamie Kramer, head of J.P. Morgan Asset Management’s Alternatives Solutions Group and the chair of the Project Spark Investment Committee, in a prepared statement.
LiquidityBook Hires MD for Connectivity Services
LiquidityBook, a software-as-a-service (SaaS-based) provider for both buy- and sell-side traders, reports that Stephanie Minister has joined as managing director (MD) of connectivity services, a newly created part of the firm’s corporate structure, according to a statement.
For the past 15 years, Minister was a project manager for global trading integration at ITG and at Virtu Financial, which acquired ITG in 2019, officials say.
At ITG/Virtue, she “managed all aspects of the firm’s global vendor partner relationships, including business and client requirements, financial commitments, business contracts, project management and FIX integrations,” according to the LiquidityBook statement. “Before that, she held senior sales roles at Instinet, Boston Stock Exchange, and Bridge Information Systems. An industry veteran, she serves as a Governor for the Security Traders Association (STA) and is a past president of Boston STA.”
LiquidityBook was founded in 2005.
BidFX Adds Data & Analytics Support to Product Suite
BidFX, a cloud-based electronic foreign exchange (FX) trading solutions vendor for institutions, is launching an addition to its suite of offerings for financial institutions — BidFX Data and Analytics, officials say.
“With this expansion, banks, hedge funds and asset managers can access tools to manage the collection and cloud storage of client-specific liquidity streams,” BidFX says. The new offerings help firms “monitor composite rates across multiple FX products. This gives institutional players a comprehensive view of the pricing, market impact and liquidity for every transaction.”
The BidFX suite now “streamlines market analysis, liquidity provision, back-testing and more, making it an essential addition to any FX trader’s toolkit,” says Daniel Chambers, BidFX Global Head of Data and Analytics, in a prepared statement.
The BidFX suite includes an execution management system (EMS) platform, risk and compliance modules and transaction cost analysis (TCA), officials add. BidFX is a wholly-owned subsidiary of SGX Group, today announced the launch of.
BNP Paribas Names Head of LatAm Research
Gustavo Arruda
Gustavo Arruda has been appointed head of LatAm research, at BNP Paribas’s Latin America Markets 360 group, officials say. Arruda will lead the group in both strategy and economics, while continuing to cover the Brazilian economy, and he will continue to report to Marcelo Carvalho, head of global emerging markets research, and locally to Jose Munhoz, head of global markets, Brazil, according to a BNP Paribas statement.
Arruda has been at BNP Paribas for almost a decade. Prior to being named head of LatAm research, he was chief Brazil economist and before that he was a senior economist, according to his LinkedIn profile.
SS&C Hires from PWC for New Unit
Gautam Moorjani
SS&C Technologies Holdings, Inc. reports that Gautam Moorjani has joined to lead its Intelligent Automation Solutions unit. He will report to Mike Sleightholme, senior vice president and general manager, according to SS&C.
Moorjani joins from PriceWaterhouseCoopers, where he was a principal and leader for intelligent automation in the financial services advisory practice, according to an SS&C statement. Before PwC, he was chief operating officer at WorkFusion, a machine learning and process automation platform, according to the statement.
The newly formed group will “focus on helping clients with their digital transformation journeys using technologies such as workflow management, machine learning, natural language processing, and robotic process automation,” per the statement.
Need a Reprint?