>>> ECB's Nowotny: Market should not expect monthly or bi monthly monetary poli

ECB's Nowotny: Market should not expect monthly or bi monthly monetary policy moves by the ECB, no decision or discussion has been had on corporate bond purchases 
- Corporate bonds could increase the size of the balance sheet but there are still issues outstanding
- Not yet at a point where we could launch QE, inflation expectations are still anchored, ECB should not be too activist on monetary policy
- ECB would need evaluate the legal limits on QE, but there is no pressing need for a legal assessment at this point

>>> US Gapping down

Gapping down
In reaction to disappointing earnings/guidance: NSPH -24.3%, (announces commencement of public offering of common stock; reports upside prelim Q3 sales), LL -13.9%, CREE -13.7%, DDD -10.2%, ANGI -5.9%, VMW -5.3%, BTI -5%, WRLD -3.9%, MDCO -3%, BGS -2.5%, VASC -2.4%, BIIB -2.1%, DTLK -1.4%, BEAV -1.2%, .

Select EU related names showing weakness: TEF -1.5%, LYG -1.4%, SAP -1.4%, UL -1.3%, ALU -1.2%, SAN -1%, NOK -1%, NOK -1%, VOD -0.7%, ASML -0.6%

Select metals/mining stocks trading lower: HMY -2%, RIO -1.6%, MT -1.6%, VALE -0.3%, BHP -0.2%

Select oil/gas related names showing early weakness: SSLT -2.2%, SUSP -2%, STO -1.7%, TOT -1.4%, PBR -1.2%, BP -1.1%, RDS.A -0.7%, SDRL -0.5%

Other news: CALI -20.9% (notified it is not in compliance with Nasdaq Global Market listing requirements), HIMX -13.3% (announced Google has decided not to exercise its previously issued purchase option to make an additional investment into Himax's subsidiary), OCN -7.1% (after ~20% drop on NY DFS news--company confirmed after the close does not yet know how many such letters there were), ASPS -5.2% (after 10%+ move lower on OCN news), FST -2.4% (after 40% move higher yesterday), SSYS -2.4% (in symp with DDD guidance), BUD -1.3% (in symp with disappointing Heinekin (HEINY) earnings), DEO -1.3% (in symp with disappointing Heinekin (HEINY) earnings), TSLA -0.7% (Daimler restructures cooperation with Tesla -- Termination of share-price hedging and sale of 4% stake in Tesla -- Daimler to continue sourcing powertrain for Mercedes-Benz B-Class Electric Drive from Tesla)

Analyst comments: HL -2% (downgraded to Underperform from Mkt Perform at BMO Capital Mkts), CDE -1.4% (downgraded to Underperform from Mkt Perform at BMO Capital Mkts), OMC -0.9% (downgraded to Sell from Neutral at Goldman), KO -0.7% (downgraded to Sell from Hold at Societe Generale), FXCM -0.6% (initiated with a Underperform at Keefe Bruyette) 

>>> US Gapping Up

Gapping up 
In reaction to strong earnings/guidance: UIS +18.7%, IRBT +13.3%, SIX +10.3%, (also increases quarterly dividend to $0.52 from $0.47/share), SMCI +7.6%, AWRE +6.3%, BRCM +5.6%, MANH +4.9%, YHOO +4.7%, NBR +3.9%, SONC +3.5%, DOW +3.3%, CBST +2.3%, GSK +2%, IBKR +1.9%, ISRG +1.8%, HA +1.5%, XRX +1.4%, USB +1.4%, ABT +1.4%, RHI +1.3%, ABB +0.9%, .

M&A news: BTUI +79.7% (Amtech (ASYS) to acquire BTU International in an all-stock transaction)

Other news: BBLU +22.5% (CEO responded to 'false statements and allegations made by the Pump Stopper' in Seeking Alpha), RPRX +14.6% (results from long-term study of Androxal exhibit positive safety profile), ROYL +13.8% (confirms new high rate well), TKMR +12.2% (provides periodic update on TKM-Ebola program), IBIO +8% (cont volatility pre-mkt), NVDQ +7.3% (appoints Mizuho Medical as PINPOINT distributor for Japan), CLF +5.3% (still checking), LXRX +5.2% (Lexicon Pharma and Ipsen (IPSEY) enter into ex-North America/Japan licensing and commercialization agreement for telotristat etiprate), GWPH +4.4% (announces Epidiolex receives Orphan designation from European Medicines Agency for the treatment of Dravet Syndrom), GSAT +4% (cont volatility pre-mkt), CLMT +2.6% (declared quarterly cash distribution of $0.685 per unit, unchanged from prior quarter), FUN +2.1% (following SIX results), NLNK +1.8% (CEO appeared on CNBC's Fast Money; said early halt to IMPRESS trial in pancreatic cancer is possible), GEVA +1.3% ( starts rolling submission of a biologics license application to the FDA For Sebelipase Alfa), YELP +1.3% (ahead of earning later today), JNJ +1.2% (announces major commitment to speed ebola vaccine development and significantly expand production)

Analyst comments: AOL +2.3% (upgraded to Buy from Hold at Evercore), HES +2% (upgraded to Buy from Neutral at UBS), DF +1.9% (upgraded to Overweight from Equal-Weight at Morgan Stanley), GNRC +1.6% (upgraded to Buy from Hold at KeyBanc Capital Mkts), GRPN +1.3% (initiated with a Buy at Brean Capital), CHK +1.2% (upgraded to Buy from Neutral at UBS), STLD +0.9% (upgraded to Outperform from Neutral at Macquarie), CHUY +0.5% (upgraded to Buy at Stifel) 

>>> Boeing beats by $0.18, beats on revs; guides FY14 EPS in

Boeing beats by $0.18, beats on revs; guides FY14 EPS in-line, reaffirms FY14 revs guidance (127.12)

Reports Q3 (Sep) earnings of $2.14 per share, excluding non-recurring items, $0.18 better than the Capital IQ Consensus Estimate of $1.96; revenues rose 7.5% year/year to $23.78 bln vs the $23.05 bln consensus. Backlog increased to a record $490 bln from $440 bln last period, and included net orders for the qtr of $73 bln; added net new orders of 501 commercial airplanes During the quarter, co repurchased 8 mln shares for $1 bln, leaving $5.8 bln remaining under the current repurchase authorization expected to be completed over ~the next one to two years. Co issues mixed guidance for FY14, sees EPS of $8.10-8.30 from prior range of $7.90-8.10 vs. $8.08 Capital IQ Consensus Estimate; reaffirms FY14 revs of $87.5-90.5 vs. $89.62 bln Capital IQ Consensus Estimate. Reaffirms commercial airplanes delivery guidance: Revs of $57.5-59.5 bln on 715-725 airplane deliveries; increased operating margin guidance to ~10.5% from >10% Reaffirms Defense, Space & Security segment: Revs of $30-31 bln; reaffirmed operating margin of ~9.5%

NYT : After JPMorgan Breach, a Greater Push to Fortify Wall

--> another article on security...if states impose legal security requirement for banks or other sector...we should see some more upside for these companies...and a lot of volatility on data breach news...

After JPMorgan Breach, a Greater Push to Fortify Wall Street Banks

This summer’s huge cyberattack on JPMorgan Chase and a dozen other financial institutions is accelerating efforts by federal and state authorities to push banks and brokerage firms to close some gaping holes in their defenses.

Top officials at the Treasury Department are discussing the need to bolster fortifications around a critical area of cybersecurity: outside vendors, which include law firms, accounting and marketing firms and even janitorial companies, according to several people briefed on the matter.

The sweeping effort began before the hacking of JPMorgan, which compromised some of the personal account information of 76 million households and seven million small businesses, the people said. Under discussion is a requirement that the banks put in place more stringent procedures and safeguards to make sure the outside firms have, at the least, basic defenses.

The push by government officials is a stark acknowledgment of the vulnerability of financial institutions to an attack — even after they have spent hundreds of millions of dollars to protect themselves — if one of their vendors is not fully prepared.

The problem is causing some security consultants to privately consider whether the sprawling financial firms with operations across the globe may be "too big to secure." And smaller firms, the consultants say, may simply not have the ability to adequately defend customer information.

The attack on JPMorgan, along with earlier breaches at Target and Home Depot, has made Americans even more wary about security of their personal information. JPMorgan said that the hackers did not infiltrate the bank’s systems through a third party vendor.

Still, in the aftermath of the attack, the issue of data security has gained momentum. At a dinner in New York Tuesday evening that is expected to include the general counsels from JPMorgan, Bank of America and Deutsche Bank, New York State’s top financial regulator, Benjamin M. Lawsky, is expected to emphasize the gathering danger to the financial system when vendors’ security is lax, according to one of the people briefed on the matter. Mr. Lawsky, who will deliver his remarks at the University Club in Midtown Manhattan, is considering a new rule that would require banks to "obtain representations and warranties" from vendors about the adequacy of their controls to thwart hackers, the people said.

As part of that proposal, Mr. Lawsky sent a letter on Tuesday to dozens of banks requesting that the firms provide "any policies and procedures governing relationships with third-party service providers," according to a copy of the letter reviewed by The New York Times. In the letter, Mr. Lawsky says that banks must also outline "the due diligence processes used to evaluate" the security procedures of all vendors.

"It is abundantly clear that, in many respects," Mr. Lawsky said in the letter, "a firm’s level of cybersecurity is only as good as the cybersecurity of its vendors."

Mr. Lawsky’s proposal mirrors some of the discussions underway at the Treasury Department, the people said. In July, Treasury Secretary Jacob J. Lew highlighted the importance of online security to the global financial system in a speech at an investment conference. In that address, Mr. Lew said his deputy, Sarah Bloom Raskin, "would be working with federal and state agencies to reduce cyber-risks to the financial system," but he did not discuss the specific measures being considered.

The Securities and Exchange Commission is conducting an audit of 50 firms to assess their readiness for attacks as well as their relationships with vendors. The Financial Industry Regulatory Authority is conducting its own broad look at how American brokerage firms and asset management firms deal with assaults from hackers and how they oversee their vendors. Other regulators are examining the preparedness of 500 community banks and credit unions for dealing with an attack.

Wall Street’s reliance on third-party vendors has come under fire before, most prominently after the financial crisis, when banks used outside law firms to handle mass foreclosures in what turned out to be a flawed process. Those practices led to a landmark $25 billion foreclosure abuse settlement between the government and five major banks two years ago.

The latest scrutiny of vendors signals a new recognition that cybercrime represents one of the greatest threats to the stability of the financial system. In attack after attack, hackers are rebuffed by financial institutions, only to slip through the cracks at vendors, including some that have virtually no security.

The attack that roiled Target last year and exposed the information of 40 million cardholders and 70 million others came from hackers breaking into the security system of a heating and cooling contractor that was doing work for the retailer. The same overseas hackers that breached JPMorgan’s network also infiltrated the website for the JPMorgan Corporate Challenge, which is run by an outside vendor for the bank on a server maintained by an Internet firm in Ann Arbor, Mich.

JPMorgan discovered the attack on the Corporate Challenge website on Aug. 7, and learned of the far broader breach of its own system about a week later. The attack on the bank’s network — which enabled the hackers to gain a high level of system privileges on more than 90 servers — began sometime in June and went undiscovered by JPMorgan for about two months, said another person briefed on the matter who spoke on condition of anonymity.

The length of the attack — a two-month period when hackers roamed freely through JPMorgan’s systems — has not been previously reported. Two months may seem a long time for largely unfettered access, but security consultants note it is not uncommon for hackers to rummage through a big company’s network for several months before being detected.

Federal authorities say they believe the hackers, some of whom may be from Russia, were not acting with the backing of a foreign government and were motivated solely by profit. JPMorgan said no financial information was taken and it had not seen any evidence of fraud from the information taken in the attacks on its computers and the Corporate Challenge website, which included names, addresses, phone numbers and email addresses.

Still, it remains unclear just how the hackers got into JPMorgan’s network, and the bank has determined that they did not gain access to JPMorgan’s computer systems through the Corporate Challenge website.

"We have no evidence to indicate that attackers compromised a third party to gain access to our network as part of this incident," Patricia Wexler, a JPMorgan spokeswoman said, referring broadly to vendor security.

Still, security consultants and government officials are zeroing in on vendors as they work to choke off access to the global financial system.

"I would put vendor security as a top concern," said John Reed Stark, former chief of the S.E.C.’s Office of Internet Enforcement and a managing director at Stroz Friedberg, a data breach response firm. "I am certainly seeing more and more entities being very rigorous when it comes to their relationships with third parties and cybersecurity."

"In some contracts, companies even contractually secure the right to require, in the event of a breach or compromise, that the vendor conduct an independent risk and security audit at the vendor’s own expense," Mr. Stark said.

The notion of requiring financial institutions to get "reps and warranties" from vendors about their security might make it difficult for smaller firms to sell their wares and services to banks and brokers and harder for smaller financial firms to pay for them. But at the same time, beefing up vendor security could prove an important way to quarantine an attack.

Susan F. Axelrod, executive vice president of regulatory operations at the financial industry’s regulating agency, said financial firms needed to improve their criteria in hiring vendors, continue to monitor the providers for security during the course of a contract and then pay particular attention to what happens when a vendor’s work is done. "The process of terminating a relationship is key," Ms. Axelrod said. "You have to immediately terminate vendor access and passwords."

She suggested that contracts with vendors "deal upfront" with the process of ending a relationship and safeguarding access to a firm’s computer network. By the end of the year, the agency expects to publish what it considers best practices for dealing with vendors and cybersecurity, a product of its review of 18 large to midsize brokerage firms.

Reuters - U.S. government probes medical devices for possibl

Security is one of the big concern, as the number of private datas available "on line" and the evolution of new solutions (payments, health...etc...) Security is a more critic subject for all these clouds/on line companys....we should see the security sector continue to OP and we should see some M&A very quickly...

U.S. government probes medical devices for possible cyber flaws

BOSTON (Reuters) - The U.S. Department of Homeland Security is investigating about two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment that officials fear could be exploited by hackers, a senior official at the agency told Reuters.

The products under review by the agency's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, include an infusion pump from Hospira Inc and implantable heart devices from Medtronic Inc and St Jude Medical Inc, according to other people familiar with the cases, who asked not to be identified because the probes are confidential.

These people said they do not know of any instances of hackers attacking patients through these devices, so the cyber threat should not be overstated. Still, the agency is concerned that malicious actors may try to gain control of the devices remotely and create problems, such as instructing an infusion pump to overdose a patient with drugs, or forcing a heart implant to deliver a deadly jolt of electricity, the sources said.

The senior DHS official said the agency is working with manufacturers to identify and repair software coding bugs and other vulnerabilities that hackers can potentially use to expose confidential data or attack hospital equipment. He declined to name the companies.

"These are the things that shows like 'Homeland' are built from," said the official, referring to the U.S. television spy drama in which the fictional vice president of the United States is killed by a cyber attack on his pacemaker.

"It isn't out of the realm of the possible to cause severe injury or death," said the official, who did not want to be identified due to the sensitive nature of his work.

Hospira, Medtronic and St Jude Medical declined to comment on the DHS investigations. All three companies said they take cybersecurity seriously and have made changes to improve product safety, but declined to give details.

CONNECTED DEVICES

ICS-CERT's mandate is to help protect critical U.S. infrastructure from cyber threats, whether they are introduced through human error, virus infections, or through attacks by criminals or extremists.

According to the senior DHS official, the agency started examining healthcare equipment about two years ago, when cybersecurity researchers were becoming more interested in medical devices that increasingly contained computer chips, software, wireless technology and Internet connectivity, making them more susceptible to hacking.

The U.S. Food and Drug Administration, which regulates the sale of medical devices, recently released guidelines for manufacturers and healthcare providers to better secure medical devices and is holding its first public conference on the topic this week.

"The conventional wisdom in the past was that products only had to be protected from unintentional threats. Now they also have to be protected from intentional threats too," said William Maisel, chief scientist at the FDA's Center for Devices and Radiological Health. He declined to comment on the DHS reviews.

The senior DHS official said the two dozen cases currently under investigation cover a wide range of equipment, including medical imaging equipment and hospital networking systems. A DHS review does not imply the government thinks a company has done anything wrong - it means the agency is looking into a suspected vulnerability to try to help rectify it.

One of the cases involves an alleged vulnerability in a type of infusion pump, a piece of hospital equipment that delivers medication directly into a patient's bloodstream. Private cybersecurity researcher Billy Rios said he discovered the alleged bug but declined to identify the manufacturer of the pump. Two people familiar with his research said the manufacturer was Hospira.

    Rios said he wrote a program that could remotely force multiple pumps to dose patients with potentially lethal amounts of drugs. He submitted his analysis to the DHS.

    "This is a issue that is going to be extremely difficult to patch," said Rios, a former Marine platoon commander who has worked for several Silicon Valley technology firms and recently founded security startup Laconicly.

    Reuters was not able to independently review his research or identify the type of pump Rios studied from Hospira's line, which includes multiple models.

Hospira spokeswoman Tareta Adams, while declining to comment on specifics, said the company is working to improve the security of its products.

"Hospira has implemented software adjustments, distributed customer communications and made a commitment to evaluate other changes going forward, while ensuring we are not adversely impacting the ability of our devices to meet hospital and patient needs, and maintain compliance with FDA product requirements," Adams said in the statement.

MORE AWARENESS

Hospital security officers say there is increasing awareness about cyber threats, and medical centers around the country have been shoring up networks to better defend against hackers.

At the University of Texas MD Anderson Cancer Center, all medical devices will soon need to be tested to make sure they meet security standards before they can be put on the hospital's network, according to Lessley Stoltenberg, the center's chief information security officer.

"I'm pretty concerned," said Stoltenberg. "Coming out of the block, medical devices don't really have security built into them."

The DHS is also reviewing suspected vulnerabilities in implantable heart devices from Medtronic and St Jude Medical, according to two people familiar with the matter.

They said the probe was based in part on research by Barnaby Jack, a well-known hacker who died in July 2013. Jack had said he could hack into wireless communications systems that link implanted pacemakers and defibrillators with bedside monitors.

Medtronic spokeswoman Marie Yarroll said in an email that the company has "made changes to enhance the security" of its implantable cardiac devices, but declined to give specifics "in the interest of patient safety."

St. Jude Medical spokeswoman Candace Steele Flippin also declined to discuss specific products but said the company has "an ongoing program to perform extensive security testing on our medical devices and networked equipment. If a risk is identified, we will issue patches for any known issues."

CHENEY'S DEFIBRILLATOR

Experts said it is important that security vulnerabilities in medical devices are exposed so manufacturers can fix them, but many said there was no need for patients to panic.

"It's very easy to sort of sensationalize these problems," said Kevin Fu, who runs the Archimedes Research Center for Medical Device Security at the University of Michigan.

Still, worries about cybersecurity have made some individuals wary of medical devices with wireless and Internet connections.

In 2007, then-U.S. Vice President Dick Cheney ordered some of the wireless features to be disabled on his defibrillator due to security concerns. When asked if he would recommend other patients do the same, Cheney said not necessarily.

"You've got to look at all eventualities and do whatever you have to safeguard the capabilities of the individual," Cheney told Reuters on Tuesday. "In terms of how it would affect others, I think the president and vice president are in relatively unique circumstances."

Cyber researcher Jay Radcliffe used to be among the hundreds of thousands of diabetics relying on computerized insulin pumps. He said he stopped using his Medtronic pump after he found that he could hack into its wireless communications system and potentially dump fatal doses of insulin into his body.

"I don't feel safe wearing these devices," said Radcliffe, who works for Rapid7, a security software maker. "It's better for me to stick myself with a needle."

Medtronic said it has made security improvements to its insulin pumps, though the company declined to give specifics.

George Grunberger, who has led the insulin pump management task force of the American Association of Clinical Endocrynologists, said he believes the benefits of pumps far outweigh any cyber risks, so he would not advise patients to follow Radcliffe's example.