Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Happy July 4th.
Debate Heats Up as Senator Prepares to Introduce Incident-Reporting Legislation
https://www.nextgov.com/cybersecurity/2021/07/debate-heats-senator-prepares-introduce-incident-reporting-legislation/183063/
Excerpt:
On returning from the July 4 recess, Sen. Mark Warner, D-Va., plans to introduce an updated version of legislation he’s drafted requiring federal agencies, government contractors and certain other critical infrastructure providers to report on cyber intrusions they experience and to assist in their investigation.
Government contractors would risk losing their contracts and non-government contractors would risk fines for failure to comply with the legislation.
==================================================================
It seems that if someone from Wave, BS or SKS had a conversation with Mr. Warner about TPMs, SEDs, and Wave software that contractors could see that cyber intrusions don't have to be in their future!!! A fire code approach could be a great way to protect government contractors and non-government contractors!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Ransomware attack on software manager hits 200 companies
https://www.nbcnews.com/tech/security/ransomware-attack-software-manager-hits-200-companies-rcna1338
Kaseya, an international company that remotely controls programs for companies, said it was attacked by hackers and warned all customers to immediately stop using its service.
==================================================================
And Wave is still not widely used by the market??? After reading the paragraph below and Wave's website, it should become more obvious that organizations from this great Nation, and the rest of the World would be wise to use Wave solutions!!!
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
Cybersecurity lapses keep occurring over and over and over and over and over and over and over and over and over and over again.
Rethink cybersecurity, and use Wave's awesome solutions!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
NSA, FBI warn of ongoing brute force hacking campaign tied to Russian military
https://www.zdnet.com/article/nsa-fbi-warn-of-ongoing-brute-force-hacking-campaign-tied-to-russian-military/
==================================================================
They wouldn't have had to warn of this hacking campaign if these organizations were using Wave VSC 2.0!!! One of the many great reasons to be using Wave VSC 2.0!!!
Better security at less than half the cost!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Hardware Otp Token Authentication Market May Set New Growth Story | Entrust, Fortinet, Symantec, Deepnet Security, Dell
https://manometcurrent.com/hardware-otp-token-authentication-market-may-set-new-growth-story-entrust-fortinet-symantec-deepnet-security-dell/
==================================================================
It's amazing that this OTP Token Authentication is a market that "May Set New Growth Story" when Wave VSC 2.0 can do what it does for the MFA market!!! Holy Cow!!! Wave VSC 2.0 should be the blazing hot security solution for organizations, not OTP - One Time Password products!!! C'mon really?! Please read about the Wave virtual smart card (VSC) below!!
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
Get better security at less than half the cost
Passwords are weak. Tokens are expensive. Don’t compromise on security or price.
Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
What will you do with >50% TCO savings?*
Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.
Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.
When we say “secure”…
…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).
*Actual number may vary. Contact us today to receive more details and a free quote.
Key Features:
• Full lifecycle management of virtual smart cards
• Intuitive interface to create (or delete) virtual smart cards
• Command line option to create and delete virtual smart cards
• Flexible PIN policies
• Helpdesk-assisted PIN reset and recovery
• Generates reports for compliance
• Integrates with Active Directory
• Supports familiar use cases ? Virtual Private Network (VPN)
? Local logon
? Remote logon
? Remote desktop access
? Intranet/Extranet
? Cloud applications
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
Decrease expenses with virtual smart cards
You know what else happens when you take passwords out of the equation? A lot fewer calls to IT. Imagine if you took password resets out of the picture – that frees up a chunk of IT time, lowering your operating expenses significantly.
If your organization currently uses traditional tokens or smart cards, switching to virtual smart cards takes an even bigger burden off of IT – we use the hardware-protected credentials in the TPM to create a virtual smart card, which performs the same functionality as traditional smart cards. That means no need to purchase, deploy, replace or maintain external tokens, smart cards or smart card readers. Because virtual smart cards are already on your machines and can’t be forgotten, lost or stolen, you have lower capital expenses and lower operating expenses.
Wave's is the only management to support virtual smart cards on Windows 7, as well as Windows 8 and 8.1.
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
Low TCO
• Reduce operating expenses by eliminating password reset and shortening deployment times
• Minimize capital expenses by using hardware you already have
• Integrate with Microsoft Active Directory for IT familiarity
Superior User Experience
• No more tokens or smart cards to achieve two-factor authentication
• Eliminate VPN/WiFi/website passwords for faster access to resources
• No add-on software means improved OS performance
Flexibility
• Compatible with Windows 8.1, 8, 7 and Vista operating systems – manage mixed environments from one console
• Create custom management policies to suit your organization’s needs
• User and device authentication from a common console
Seamless Device Authentication
• Access control over wireless (i.e. 802.1x)
• Single sign-on
• VPN authentication (i.e. Microsoft DirectAccess)
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
House Panel Approves DHS Bill with ‘Historic’ Funding for Cybersecurity
https://www.nextgov.com/cybersecurity/2021/06/house-panel-approves-dhs-bill-historic-funding-cybersecurity/182690/
==================================================================
With standards like the Trusted Platform Module (TPM) and Self-Encrypting Drive (SED) built-in to computers and other devices, and Wave being the leader in enabling and managing these hardware security technologies, shouldn't the government be investing in Wave solutions?!!! Especially based on the results of using Wave solutions, and these hardware security technologies!!! The market is sorely missing Wave solutions being embraced!!!
Rethink cybersecurity, and use Wave's awesome solutions!!!
==================================================================
http://www.wavesys.com/wave-alternative
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
LinkedIn’s 1.2B Data-Scrape Victims Already Being Targeted by Attackers
https://threatpost.com/linkedin-data-scrape-victims-targeted-attackers/167473/
A refined database of 88K U.S. business owners on LinkedIn has been posted in a hacker forum.
==================================================================
Users of Wave VSC 2.0, and TPMs would be saving themselves from the results of this bad stuff (scraping) from LinkedIn!!! Wave VSC 2.0 and TPMs are like having life preservers in a boat; they are very affordable yet they can save your life if the boat sinks.
Rethink cybersecurity, and use Wave's awesome solutions!!!
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground
https://threatpost.com/data-700m-linkedin-users-cyber-underground/167362/
Excerpts:
It added, “expert hackers may still be able to track down sensitive data through just an email address. LinkedIn users could also be on the receiving end of email or telephone scams that trick them into sharing sensitive credentials or transferring large amounts of money.”
Then there are brute-force attacks to be concerned about: “Using email addresses provided in the records, hackers may attempt to access users’ accounts using various combinations of common password characters,” researchers warned.
“It is not uncommon to see such data sets being used to send personalized phishing emails, extort ransom or earn money on the Dark Web – especially now that many hackers target job seekers on LinkedIn with bogus job offers, infecting them with a backdoor trojan,” Candid Wuest, Acronis vice president of cyber-protection research, said via email at the time of the first data-scraping incident. “For example, such personalized phishing attacks with LinkedIn lures were used by the Golden Chickens group.”
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
==================================================================
If LinkedIn (Microsoft company) users turned on their TPMs and used Wave VSC 2.0, the attacks of phishing, brute forced, and common passwords wouldn't be a problem. Not only would LinkedIn users be protected for organizations using Wave VSC 2.0, but they also would have all their TPMs enabled which is required for Windows 11!!!
Go with Wave, the leader in Trusted Computing!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
How to enable the trusted platform module (TPM) on your PC if it's supported
https://www.windowscentral.com/how-enable-trusted-platform-module-tpm-your-pc-if-its-supported
==================================================================
If your organization is turning on quite a few of these TPMs, it's probably a lot easier to do it with Wave!!!
==================================================================
http://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Shares of Bankrupt American Airlines Go Sky High for Investors
https://www.wsj.com/articles/SB10001424052702304579404579236260563432596
==================================================================
An interesting article in light of Microsoft making it a requirement to use TPMs for Windows 11!!! Together, anything is possible!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
74% of Q1 Malware Was Undetectable Via Signature-Based Tools
https://www.darkreading.com/vulnerabilities---threats/74--of-q1-malware-was-undetectable-via-signature-based-tools/d/d-id/1341394
=================================================================
And Wave has Wave Endpoint Monitor for those who want to make a positive change by using anti-malware that works!!!
Just Use It!!!
=================================================================
http://www.wavesys.com/malware-protection
Excerpt:
In that case, the signature detection process will not protect you.
http://www.wavesys.com/products/wave-endpoint-monitor
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Windows 11 won't work without a TPM - What you need to know
https://www.bleepingcomputer.com/news/microsoft/windows-11-wont-work-without-a-tpm-what-you-need-to-know/
==================================================================
Microsoft Discloses TPM Chip Requirements For Windows 11
https://www.crn.com/news/applications-os/microsoft-discloses-tpm-chip-requirements-for-windows-11
Excerpts:
Solution provider partners of Microsoft told CRN on Thursday that the move to require TPM is a win for improving security posture among customers.
“Hardening endpoints is probably the single most important thing that IT providers should focus on.”
=================================================================
Wave should be taking off like a rocket!!!
Rethink cybersecurity, and use Wave's awesome solutions!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Why we need a fire code approach to cybersecurity
https://thehill.com/opinion/technology/560043-why-we-need-a-fire-code-approach-to-cyber-security
=================================================================
Obviously, two standards, the TPM and SED that are enabled should be part of a fire code approach. They are already built-in to most enterprise computers and other devices, and have the support of over 100 companies!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Vulnerabilities in Dell computers allow RCE at the BIOS/UEFI level
https://www.helpnetsecurity.com/2021/06/24/vulnerabilities-dell-bios/
An estimated 30 million Dell computers are affected by several vulnerabilities that may enable an attacker to remotely execute code in the pre-boot (BIOS/UEFI) environment, Eclypsium researchers have found.
The vulnerabilities
The vulnerabilities affect 128 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs.
The problem resides in the BIOSConnect feature of Dell SupportAssist, a solution that comes preinstalled on most Windows-based Dell machines and helps users troubleshoot and resolve hardware and software problems.
BIOSConnect helps perform a remote OS recovery or update the firmware on the device, and it does so by connecting to Dell backend services over the internet, downloading the needed software/firmware, and coordinating the recovery/update process.
Unfortunately, as the researchers found, these processes can be subverted to deliver malicious content to a target machine.
Eclypsium uncovered four vulnerabilities.
CVE-2021-21571 stems from the fact that the TLS connection from BIOSConnect to the backend Dell HTTP server will accept any valid wildcard certificate issued by any of the built-in CA’s contained within the BIOSConnect feature. The problem is in the certificate verification code, which is also present in some of the HTTPS Boot configurations.
“This allows an attacker with a privileged network position to impersonate Dell and deliver attacker-controlled content back to the victim device,” the researchers explained.
CVE-2021- 21572, CVE-2021-21573, CVE-2021-21574 are three overflow vulnerabilities, two of which affect the OS recovery process, and one the firmware update process. Each one of these could lead to arbitrary code execution in the pre-boot environment.
Concatenated, these vulnerabilities may allow a privileged network adversary (e.g., executing a Machine-in-the-Middle attack) to gain control of the target device’s boot process and subvert the operating system and higher-layer security controls.
“Because this attack is delivered directly to firmware, it is invisible to most endpoint security software,” noted Jesse Michael, Principal Analyst at Eclypsium.
How to fix this?
The researchers disclosed the existence of the vulnerabilities to Dell in March 2021.
CVE-2021-21573 and CVE-2021-21574 have been fixed on the server side in late May 2021 and require no action/intervention by the device owners.
The CVE-2021-21571 and CVE-2021-21572 vulnerabilities, on the other hand, require Dell Client BIOS updates. Dell is pushing out some of the updates today, and others are planned for July.
Users of Dell computers are advised to check the list of vulnerable device models (available in Dell’s security advisory) and see whether they are affected. If they are, they should apply the BIOS updates via one of the recommended methods.
If implementing the update is impossible, the risk of the vulnerabilitie being exploited can be temporariliy be mitigated by disabling the BIOSConnect and HTTPS Boot features.
Michael also added that, even when CVE-2021-21571 is removed, organizations should make sure that internal systems using HTTPS Boot have certificates fully controlled by the organization (and not by CAs that issue certificates broadly).
Eclypsium researchers will share more details about the discovered vulnerabilities at this year’s DEF CON.
==================================================================
What if an organization was using its TPMs (hardware), and Wave Endpoint Monitor to detect an attack?? The Dell computers would be safer with enabled TPMs and Wave Endpoint Monitor!!! The Dell computers should have Wave Endpoint Monitor in the first place given how it can protect against malware!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
EU Proposes Joint Cyber Unit Amid Rising Attacks
https://www.infosecurity-magazine.com/news/eu-proposes-joint-cyber-unit/
Excerpts:
The European Union (EU) has proposed creating a Joint Cyber Unit to improve the ability to respond to rising cyber-attacks on member states.
The ambition is for the unit to enable a coordinated EU response to large-scale cyber incidents and crises by pooling together nation-state resources and improving knowledge sharing among the relevant bodies.
==================================================================
For responses on cyber incidents, capital resources should also focus on preventative measures that work. There is a better designed (secure by design), already built-in technology that Wave solutions uses that is here now for organizations that could make life much easier for this Cyber Unit by preventing cyber incidents unlike other products!!!
==================================================================
http://www.wavesys.com/wave-alternative
Choose data protection that actually works.
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
It’s time for companies to take a hard look at how they manage secrets
https://www.helpnetsecurity.com/2021/06/23/companies-manage-secrets/
80% of IT/DevOps organizations admit to not managing their secrets well
=================================================================
http://www.wavesys.com/data-protection
To keep data safe, arm your devices.
Security = data protection
When we talk about security, what we really mean is protecting data from theft and misuse. Proprietary information, R&D, corporate strategy, customer names and phone numbers, social security numbers, passwords … All have potential monetary value, and all are targets. Data theft is a growth industry. As an example, tens of thousands of new malware strains pop up daily. With online tools, even a non-technical person can create one in minutes.
The IT perimeter has vanished
Data protection is easy enough when your data is sitting in secure servers. But today, it’s not. The workforce is increasingly mobile. More than 60 percent of corporate data lives not on servers but on laptops, tablets, and other devices (and more and more of those devices are owned by employees). Data is dispersed, constantly moving, and constantly exposed to the Internet and all the malware, viruses, and hackers lurking there.
Wave’s solution: start with the device
The Wave approach to this challenge is to make the IT perimeter irrelevant. Wave turns on and manages the self-encrypting drives (SEDs) and trusted platform modules (TPMs), or security chips, that are already embedded in many of your devices. The upshot is that each and every device is equipped with its own data protection system—while being centrally managed. This gives you unprecedented yet straightforward control over exactly who has access to your data, with what devices, over what networks.
We cost less too. Wave works on your existing hardware, across platforms. That’s because our solutions are based on an open standard that’s already been implemented on 600 million–plus laptops and is now working its way onto mobile devices. Our software is all you need to reach a whole new level of data protection. It’s one of the big reasons why total cost of ownership can be almost half that of a traditional software-based system that doesn’t even work very well.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
U.S. SEC probing SolarWinds clients over cyber breach disclosures - sources
https://www.reuters.com/technology/us-sec-official-says-agency-has-begun-probe-cyber-breach-by-solarwinds-2021-06-21/
Excerpt:
While the letters are focused on the SolarWinds breach, the SEC may develop future policies on the impact of cyber security issues on the markets and on investors, the people said.
==================================================================
Besides preventing cyberattacks, ransomware, malware, phishing and data breaches, another reason to be using Wave's awesome solutions: The SEC!!!
==================================================================
http://www.wavesys.com/wave-alternative
Choose data protection that actually works.
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Former Black Hat hacker warns cyberattacks against US will get ‘exponentially worse and worse'
https://www.foxnews.com/politics/black-hat-hacker-cyber-attacks-against-us-get-exponentially-worse-and-worse
==================================================================
It's amazing the positive change Wave's awesome solutions could have on the market. It could make everyone's lives a lot better!!!
==================================================================
http://www.wavesys.com/wave-alternative
Excerpts:
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Cyber agency says SolarWinds hack could have been deterred by simple security measures
https://thehill.com/policy/cybersecurity/559426-cyber-agency-says-solarwinds-hack-could-have-been-deterred-by-simple
Excerpts:
But the leaders of top cybersecurity groups FireEye and CrowdStrike pushed back against the idea that a firewall could fully have prevented this attack or others.
“We do over 600 red teams a year, and firewalls never stopped one of them,” FireEye CEO Kevin Mandia testified at the same hearing in February. “A firewall is like having a gate guard outside a New York City apartment building, and they can recognize if you live there or not, but some attackers are perfectly disguised as someone who lives in the building and walks right by the gate guard.”
“In theory, it’s a sound thing, but it’s academic, in practice, it’s operationally cumbersome,” Mandia said.
CrowdStrike President and CEO George Kurtz agreed, testifying that “firewalls help, but they are insufficient,” and noting that “they are a speed bump on the information superhighway for the bad guys.”
Wyden at the hearing stood firm in noting that more could be done to strengthen the nation’s cybersecurity.
“The bottom line for me is that multiple agencies were still breached under your watch by hackers employing techniques that experts have warned about for years,” Wyden said.
==================================================================
http://www.wavesys.com/wave-alternative
Choose data protection that actually works.
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
UK Parliamentary Staffers Lost 96 Devices in Past Two Years
https://www.infosecurity-magazine.com/news/parliament-staffers-devices-two/
Close to 100 electronic devices have been lost by Parliamentary staffers in the UK during the last two years, raising fears that sensitive public data has fallen into the hands of malicious actors.
The official data obtained by Parliament Street think tank under Freedom of Information (FOI) legislation revealed that a total of 96 laptops, tablet computers and other electronic gadgets were reported missing by Parliamentary staffers in the calendar years of 2019 and 2020.
The majority of the device loss incidents occurred in 2019, at 53, with the remaining 43 taking place in 2020. Of the 96 lost or stolen devices, 41 were laptops, 36 were tablets, and the reminder included 11 phones and six skype headsets.
Of the 76 devices reported as lost, 11 were on trains, three on a bus, six in a car and even one in a pub.
Of the 20 devices that were stolen, four were from home addresses, one in a hotel and one on the London Underground.
Worryingly, just 18 of the total number of devices reported missing were subsequently located and found.
Edward Blake, area vice president EMEA of Absolute Software, commented on how dangerous losing such devices are. He highlighted that “Devices used to carry out parliamentary duties will contain a goldmine of confidential data that could be lethal if it fell into the hands of cyber-criminals. It’s critical that parliamentary authorities have the necessary systems in place to track missing devices, enabling them to freeze and wipe lost or stolen laptops, protecting public data from fraudsters.
“If a lost laptop ends up in the wrong hands, the organization in question could be facing a far more costly predicament than first anticipated. Sophisticated cyber-criminals can steal the data contained on these devices, access more businesses files, or intercept emails between colleagues, all with relative ease once a device has been compromised.
“Therefore, it is more critical than ever to have a permanent digital connection to every endpoint, as well as the ability to lock, freeze or wipe the device if it is at risk of being compromised.”
Several examples of device loss are prevalent in several major public bodies in the UK. Earlier this year, official figures were published showing that the Department for Business, Energy and Industrial Strategy lost 306 mobile and laptop devices across the calendar years of 2019 and 2020.
==================================================================
http://www.wavesys.com/products/wave-self-encrypting-drive-management
Excerpts:
Easy proof of compliance
Your encryption is only as good as you can prove it to be. To comply with most data protection regulations, your organization has to prove encryption was in place at the time of a potential breach. Wave provides secure audit logs to help you demonstrate compliance.
If you lose a device with a Wave-managed SED, there’s no wondering or guessing. You know encryption was on by default, and you can prove it.
Key Feature:
No compromises
• Encryption is completely transparent to your users—they won’t even notice it's there
=================================================================
http://www.wavesys.com/products/wave-cloud
Excerpts:
No infrastructure, no software …
no more excuses
You know you should be encrypting data on every device in your organization, especially your laptops. Self-encrypting drives (SEDs) are the fastest, easiest and most secure way to do that. But setting up to support and manage SEDs can seem daunting. Even to test them, you need server infrastructure and management software. Right?
Not with Wave Cloud. The world’s first cloud-based service for managing SEDs, Microsoft Bitlocker and OS X FileVault 2, Wave Cloud lets users take advantage of the benefits of SEDs without jumping through the hoops traditionally associated with SED management. Whether you’re doing a small proof-of-concept or full-blown production deployment, Wave Cloud is the fastest way to get there.
Contact Wave Sales and you’re on your way - no servers or software or big capital expenditures.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Signs, Causes and Solutions for Network Data Breaches
https://www.infosecurity-magazine.com/opinions/signs-causes-solutions-network/
Network data attacks are on the rise. Combine the surge in remote working over the past 15 months and the fact human error accounts for almost a quarter (22%) of security breaches, and it’s no surprise that just under half (46%) of UK businesses suffered a breach in 2020.
Despite the warning signs, IT leaders are often guilty of being unprepared for network data breaches. Detection systems can become quickly outdated, and often breaches aren’t flagged until it’s too late. The consequences alone should serve as ample warning to IT leaders – the financial penalties are unforgiving, and customer trust is easy to lose and even more difficult to regain.
It’s critical, then, that organizations possess the ability to not only quickly identify when a breach is about to occur, but also how to respond when the inevitable occurs, allowing them to focus on working towards business goals and building customer confidence.
Nine Overlooked (Yet Extremely Common) Signs Your Network Has Been Breached
Often part and parcel of everyday business activity, it’s crucial that businesses don’t ignore these common, yet often neglected, indicators that a breach is about to, or already has, occurred:
1Unusual login activity
2Unusual file changes and database manipulation
3The appearance of suspicious or unknown files
4Locked accounts and changed user credentials
5Missing funds or assets, such as intellectual property or sensitive data
6Abnormal admin activity
7Reduced internet speed
8Unexpected loss in market share
9Reduced competitive advantage.
For companies whose security concerns are low down in the pecking order, it can take weeks or even months before a breach is discovered. Even more concerning, more often than not, these reticent organizations are so oblivious that news of a breach often comes from third parties, such as security researchers, cybersecurity journalists, law enforcement, or worse of all, a customer themselves.
Getting to the Root of the Problem
Cause and effect. It’s a simple mantra, but by being able to identify the origin of a cyber-breach, businesses are already in an infinitely better position to defend themselves against breaches. We’ve already discussed how basic human error is the root cause of most breaches and, while it’s inevitable that mistakes happen, companies must foster a culture that educates its employees on spotting potential incidents themselves, rather than relying on overstretched and under-resourced security and IT teams. And, if someone misplaces a company device, establish that they should report it immediately so the data can be remotely wiped.
Companies must also strike a balance between granting employees’ freedom and autonomy with work devices, and policing activity to such an extent that employees become resentful and frustrated. Unapproved social media sites and email sharing from unknown sources are both signs that a company is likely to experience an attack, whether that’s in the form of malware, phishing, junk network traffic, or other fraudulent web apps. But, beware of becoming too ‘Big Brother’, it’s likely to cause more harm to employee morale in the long run.
Prevention is Only Part of the Cure
The best CIOs and security managers are those who accept inevitability. They accept that breaches will happen, it’s the nature of the security landscape, the nature of increasingly sophisticated cyber-criminals. Somehow, somewhere, and at some point, they will get in. But that doesn’t mean that companies shouldn’t implement as many preventative measures as possible. And it also doesn’t mean that they shouldn’t have fail safes in place to quickly identify and react when an attack does occur.
Prevention is only one ingredient of a successful approach to tackling cybercrime and ensuring data protection. The most effective way to identify breaches early is to use tools that are constantly scanning the network for discrepancies, anomalies and suspicious behavior.
=================================================================
If your organization uses Wave solutions, data breaches are far from inevitable!!! It's with Wave solutions that prevention works effectively (see excerpts below) before ever thinking about resorting to 'identifying breaches'!!! Use better security, use Wave's awesome solutions!!!
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Novel Phishing Attack Abuses Google Drive and Docs
https://www.infosecurity-magazine.com/news/novel-phishing-attack-abuses/
Enterprising cyber-criminals have found a way to create convincing phishing emails which abuse Google Docs and Drive functionality to bypass security filters, according to Avanan.
Researchers at the email security vendor claimed this is the first time such techniques have been used to piggyback on a popular service like Google’s.
The email that victims receive contains what appears to be a legitimate Google Docs link, Avanan explained in a blog post.
Clicking through takes the user to a Google Docs page hosting what appears to be a Word doc.
“This Google Docs page may look familiar to those who share Google Docs outside of their organization. This, however, isn’t that page. It’s a custom HTML page made to look like that familiar Google Docs share page,” Avanan explained.
“The attacker wants the victim to ‘Click here to download the document’ and once the victim clicks on that link, they will be redirected to the actual malicious phishing website where their credentials will be stolen through another web page made to look like the Google Login portal.”
The attack itself is fairly simple to execute. A malicious coder creates an HTML web page designed to resemble a Google Docs sharing page and uploads it to Google Drive.
Then they simply right-click to open in Google Docs, before embedding and publishing it to the web. Google does most of the hard work, including generating a link that will render the full HTML file, Avanan explained.
The vendor claimed a similar technique had been used to spoof a DocuSign document, taking the user to a fake DocuSign login page.
Using Google Docs in this way, attackers have a good chance of bypassing static link scanners that many legacy security products use, Avanan argued. An AI-based tool capable of spotting suspicious behavior should perform better.
Phishing remains the top threat vector for today’s cyber-criminals. Of the 62.6 billion cyber-threats detected by Trend Micro last year, over 91% were sent via email.
Hank Schless, senior manager of security solutions at Lookout, argued that phishing attacks like these could seriously impact corporate cybersecurity.
“Threat actors know that stealing legitimate login credentials is the best way to discreetly enter an organization’s infrastructure. Since most organizations use either Google Workspace or Microsoft 365 as their main productivity platform, attackers build phishing campaigns that specifically exploit those services,” he added.
“Once the attacker has those login credentials and can log into the cloud platform they’ve chosen to build their campaign around, there’s no limit to what data they could exfiltrate.”
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
==================================================================
Using Wave VSC 2.0 could SAVE an organization!!! Wave VSC 2.0 can protect against phishing, and novel phishing like that in the above article can be stopped by Wave!!! A great defense like Wave's should be a must have for organizations!!!
==================================================================
Rethink cybersecurity, and use Wave's awesome solutions!!!
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
DoD Leaders Identify Cybersecurity as ‘Vulnerable’ Area for US
https://www.meritalk.com/articles/dod-leaders-identify-cybersecurity-as-vulnerable-area-for-us/
The United States has some of the most significant cyber capabilities in the world, but Department of Defense (DoD) leaders today agreed that cybersecurity is an area where the United States is “vulnerable” and still has “a lot more work to do” when it comes to developing cyber capabilities.
Testifying before the Senate Committee on Appropriations today, Secretary of Defense Lloyd Austin and Chairman of the Joint Chiefs of Staff Gen. Mark Milley agreed that cyber is a “new domain” for DoD, but they are rapidly developing cyber capabilities to protect against cyberattacks from adversaries.
To help this effort, President Biden’s FY 2022 Defense Budget proposes $10.4 billion devoted to cybersecurity, cyberspace operations, and cyber research and development.
“The domain of cyber as a domain of war, as a domain of competition with adversary nations, is a relatively new domain, and we are building those [cyber] capabilities,” Milley said. “We have the most significant cyber capabilities in the world – that doesn’t mean it’s perfect. And we witnessed what happened with the hackers in Colonial Pipeline, and we have to do much, much more.”
Some of those cyber capabilities include the U.S. Cyber Command, and Milley also said “each of the service branches has cyber organizations inside it. We’ve got defensive and offensive cyber protection teams.”
As for cyber funding just for the uniform branches, Milley estimated Biden’s budget will put about $2.4 billion into increasing cyber capabilities for the uniform branches. However, he emphasized there is still much more to be done and called for continued investment in the cyber realm.
“There is a lot more work to do. There’s no question about it,” Milley said of the cyber domain. “And this [cyber] is an area in which we are vulnerable, and we need to continue to invest.”
Austin agreed that the Unites States needs to “ensure that we can protect our networks” and said the military is just “one element of a larger government effort” to do so.
“We have the ability to engage adversaries in kind of a forward manner, and at the source of the mischief, and we have the ability to sustain contact with potential adversaries,” Austin said. “So, we’re doing three things: protecting our DoD networks, adding to the overall effort that the government has in terms of defense against cyberattacks, and also remaining engaged with adversaries forward deployed.”
=================================================================
When you read an article like this, it shows just how much of a positive impact Wave could have on the government and DOD!!! Wave's solutions could improve the government's cyber posture quite dramatically on a very reasonable budget (half the cost)!!! If Steven Sprague and Bill Solms were working in tandem for Wave, the government could see the real benefits in choosing Wave!!! There is no 'I' in team, and Wave had and has a great team!!! imo.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Apple CEO Cook: Android has 47 times more malware than iOS
https://www.phonearena.com/news/cook-says-that-android-has-47-times-more-malware-than-ios_id132904
=================================================================
It looks like Android (ie. Samsung) and organizations could really use Wave Endpoint Monitor!!! Given the agreement Wave had with Samsung and the article below, it looks like Android and organizations could use awesome malware protection in WEM!!!
=================================================================
http://www.wavesys.com/buzz/pr/wave-endpoint-monitor-delivers-powerful-weapon-battle-against-advanced-persistent-threats
Wave Endpoint Monitor Delivers a Powerful Weapon in the Battle against Advanced Persistent Threats
Monitors PC Health, Detects Anomalous Behavior & Ensures a Higher Level of Trust in the Endpoint
Lee, MA -
September 11, 2012 -
Wave Systems Corp. (NASDAQ:“WAVX”) today announced the general availability of Wave Endpoint Monitor (WEM), the only solution that detects malware by leveraging capabilities of an industry standard security chip onboard the PC. WEM provides increased visibility into endpoint health to help protect enterprise resources and minimize the potential cost of advanced persistent threats such as rootkits.
Rootkit attacks are particularly harmful in their ability to hide in host systems, evade current mainstream detection methods (such as anti-virus programs or whitelisting at the operating system level) and their capacity to replace legitimate IT system firmware. Such attacks occur before the operating system (OS) loads, targeting the system BIOS and Master Boot Record (MBR), and can persistently infect higher-level system functions including operating systems and applications.
“APTs facing enterprises today are more complex, nefarious and sophisticated than ever before,” said Richard Stiennon, Chief Research Analyst at IT-Harvest and author of Surviving Cyberwar. “Malware hiding in a device’s BIOS will go undetected by traditional anti-virus programs operating at the OS level, creating a strong need for a solution that can identify an attack as it happens. Because Wave’s approach is rooted in hardware-based technologies, rootkits and other malware can be spotted before the OS even starts.”
Wave Endpoint Monitor captures verifiable PC health and security metrics before the operating system loads, by utilizing information stored within the Trusted Platform Module (TPM), a security chip located on the motherboard of all business PCs. If anomalies are detected, IT is alerted immediately with real-time analytics. Capabilities of Wave Endpoint Monitor include:
• Securely reports PC integrity measurements for central reporting and analysis
• Ensures data comes from a known endpoint
• Alerts IT administrators to anomalous behaviors, which can be linked to the presence of malware
• Provides configurable reporting and query tools
• Ensures strong device identity through the use of hardware-based digital certificates
• Remote provisioning of the TPM
“Today’s security threat environment calls for industry-proven solutions to collect and analyze pre-operating system health information and to ensure endpoints are known and trusted,” said Steven Sprague, CEO of Wave Systems. “Since advanced persistent threats can sometimes appear as normal traffic, new rootkits often go unnoticed for long periods of time and cause severe damage in the form of infected systems and data loss. Wave Endpoint Monitor allows IT to utilize the hardware security you’ve already bought and deployed to ensure PC health from the start of the boot process while creating a higher level of trust in your endpoints.”
Wave has successfully piloted WEM with several government groups for the past six months.
The National Institute of Standards and Technology (NIST) has also recognized the importance of BIOS integrity and has issued initial guidelines for protecting a computer's BIOS in SP 800-147 and SP 800-155 (draft).
Wave Endpoint Monitor, plus Wave’s EMBASSY Remote Administration Server (ERAS) with full central management of all enterprise TPMs, supports all platforms with version 1.2 TPMs and is now available for purchase.
=================================================================
Rethink cybersecurity, and use Wave's awesome solutions!!!
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Senators draft bill that would require many entities to report cyber breaches within 24 hours
https://www.cnn.com/2021/06/16/politics/bill-report-cyber-breach-24-hours/index.html
=================================================================
It doesn't make any sense that we are not using hardware security (SEDs and TPMs activated) en masse!!! Overall, current cybersecurity (software only) is not working! Why not make activated hardware security the law; it's proven to work, and then we wouldn't have to worry about how soon we have to report cyber breaches because there would be much fewer if any to report!!!
Rethink cybersecurity, and use Wave's awesome solutions!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Football Fever Puts Password Security at Risk
https://www.infosecurity-magazine.com/news/football-fever-password-security/
Security experts have urged users to think more carefully about their password choice after spotting as many as one million based on simple football-related words.
Authentication firm Authlogics manages a Password Breach Database — a collection of previous stolen or cracked credentials which that allows it to spot trends and offer industry advice.
It claimed that of the one billion passwords in the trove, over 1.1 million are linked to the beautiful game. These are led by the password “football” (353,993), followed by “Liverpool” (215,842), “Chelsea” (172,727), “Arsenal” (151,936) and “Barcelona” (131,090).
The problem for these users is two-fold: not only are such credentials relatively easy to guess or crack, but if they’re reused across multiple accounts, including corporate ones, it could expose them to credential stuffing.
This is the practice of using automated software to try large numbers of previously breached log-ins simultaneously across multiple accounts, hoping that some will work.
Authlogics cited Google research which claims that over half (52%) of users reuse the same password on multiple accounts, with only a third (35%) using a different credential for all log-ins.
“If your password has been breached on one account, and you are one of the 52% of people who reuse their passwords regularly, you might find other accounts which were not breached also compromised,” Authlogics warned.
“If someone is aware of the amount of passwords that are associated with football, and are able to use social engineering tactics to discover which team an individual supports, they can make a good, educated guess as to their password to not just one, but multiple accounts.”
Password managers can help here by storing and recalling unique and robust credentials for each website and online account. Multi-factor authentication (MFA) is also recommended to bolster authentication security.
Authlogics recommended combining letters, numbers and symbols to increase password strength — even if football-mad users want to include their favorite team in their log-ins.
==================================================================
This article represents another big reason why organizations should be using Wave VSC 2.0 (MFA)!!!
Better security at less than half the cost!!!
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
=================================================================
Rethink cybersecurity and use Wave's awesome solutions!!!
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Most Ransomware Victims Are Hit Again After Paying
https://www.infosecurity-magazine.com/news/most-ransomware-victims-hit-again/
Some 80% of global organizations that have paid a ransom demand experienced another attack, often at the hands of the same threat actors, according to a new study from Cybereason.
The security vendor polled 1,263 cybersecurity professionals in multiple verticals across the US, UK, Spain, Germany, France, the United Arab Emirates, and Singapore to compile its latest report, Ransomware: The True Cost to Business.
It confirmed what law enforcers and commentators have been saying for some time – victim organizations should, if possible, avoid paying their extorters. Some 46% of respondents, rising to 53% in the UK, said they believe the same threat group attacked them the second time.
However, this can be difficult to ascertain definitively given the large number of affiliate groups working with the same malware strains. A Sophos report this week revealed that no two REvil affiliates work in the same way.
Not only does paying a ransom encourage copycat crimes, but there’s no guarantee of a swift return to business-as-usual. Cybereason found that in nearly half (46%) of cases, the victim organization regained access to data following payment, but some or all of it was corrupted.
The report also laid bare the potentially devastating consequences of a successful ransomware attack. Two-thirds (66%) of respondents said they suffered significant revenue loss, over half (53%) said their brand suffered, and a third (32%) lost leadership through dismissal or resignation.
In some cases, an attack can have an existential impact: 29% said they were forced to eliminate jobs following an incident. A quarter (25%) of respondents claimed it led to the organization’s closure.
Big-name organizations from Colonial Pipeline to JBS have recently admitted to paying multimillion-dollar sums to their attackers to mitigate potentially severe customer disruption.
However, Cybereason CEO, Lior Div, was clear about which approach corporate victims should take.
“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks,” he argued.
“Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organisations to stop disruptive ransomware before they can hurt the business.”
=================================================================
With all the marketing resources at ESW and Wave, I'm surprised that we hear of articles like this one. These organizations have obviously not heard of Wave or ESW or they would be using Wave's awesome solutions to stop ransomware from happening again. The opportunities for Wave, ESW, and future customers are enormous!!!
=================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
http://www.wavesys.com/products/wave-self-encrypting-drive-management
http://www.wavesys.com/products/wave-endpoint-monitor
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
SSD market to reach $51.5 billion in revenue by 2025: IDC
https://www.zdnet.com/article/ssd-market-to-reach-51-5-billion-in-revenue-by-2025-idc/
Excerpt:
Demand for PCs has skyrocketed and the IDC said higher SSD demand is also reflected in the enterprise market, where companies are making investments in both cloud and traditional IT.
=================================================================
Given the current size of the SSD market, and that SSDs have the capability of being SEDs, Wave could be providing a tremendous amount of organizations help to activate and manage their SEDs!!!
=================================================================
The links below have content that is very enlightening!!!
http://www.wavesys.com/products/wave-cloud
The fast, risk-free way to deploy SEDs.
http://www.wavesys.com/products/wave-self-encrypting-drive-management
=================================================================
Rethink cybersecurity, and use Wave's awesome solutions!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
UK tells UN that nation-states should retaliate against cyber badness with no warning
https://www.theregister.com/2021/06/11/uk_ungge_cyber_norms_submission/
==================================================================
The contents of this article brings the world potentially a step closer to World War III especially when nation-states can disguise where their cyber attacks are coming from. It's unclear why either Wave has not shown its technology to allied countries or why countries continue with their present cybersecurity (and not Wave's) which gives them a lack of confidence in it as indicated by this article.
Rethink cybersecurity and use Wave's awesome solutions!!!
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
http://www.wavesys.com/products/wave-self-encrypting-drive-management
http://www.wavesys.com/products/wave-endpoint-monitor
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
REvil Hits US Nuclear Weapons Contractor: Report
https://threatpost.com/revil-hits-us-nuclear-weapons-contractor-sol-oriens/166858/
Excerpt:
The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems.
==================================================================
Do you select your cybersecurity with a truly watchful eye? Select unique and awesome cybersecurity in Wave solutions so cyber attacks as critical as in the article above don't happen to your organization!!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Confirm the identity of user and device.
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
McDonalds says data breach targeted South Korea and Taiwan operations
https://thehill.com/policy/cybersecurity/557967-mcdonalds-says-data-breach-targeted-south-korea-and-taiwan-operations
Excerpts:
McDonald’s said that it was the target of a data breach affecting its markets in South Korea and Taiwan.
The burger chain told The Hill in a statement that it worked with third parties to conduct an investigation to identify unauthorized activity on its network.
The company said it was able to quickly close off access after the identification, but “a small number of files were accessed, some of which contained personal data.”
The hack was first reported by The Wall Street Journal, which also noted that the company’s U.S. markets were targeted.
According to the newspaper, the breach disclosed business contact information for U.S. employees and franchisees, as well as some information about restaurants.
==================================================================
McDonald's wouldn't have had to "conduct an investigation to identify unauthorized activity on its network," if it used Wave solutions. Please see an explanation for this below.
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Confirm the identity of user and device.
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
If McDonalds is having this problem, just think how many companies/organizations that Wave could also be helping with their solutions!!!
Rethink cybersecurity, and use Wave's awesome solutions!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
54% of all employees reuse passwords across multiple work accounts
https://www.helpnetsecurity.com/2021/06/10/employees-reuse-passwords-across-multiple-work-accounts/
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
Excerpts:
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
What will you do with >50% TCO savings?*
Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.
Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.
*Actual number may vary. Contact us today to receive more details and a free quote.
================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
=================================================================
The opportunity to help out the world with Wave VSC 2.0, and Wave solutions is enormous based partly on the above article!!!
Rethink cybersecurity, and use Wave's awesome solutions!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Hackers breach gaming giant Electronic Arts, steal game source code
https://www.bleepingcomputer.com/news/security/hackers-breach-gaming-giant-electronic-arts-steal-game-source-code/
Excerpts:
Hackers have breached the network of gaming giant Electronic Arts (EA) and claim to have stolen roughly 750 GB of data, including game source code and debug tools.
Stolen EA data worth $28 million
The attackers claim to have access to all of EA's services, telling customers willing to pay $28 million for the stolen data that they will also gain "full capability of exploiting on all ea services," as first reported by Motherboard.
EA also has over 450 million registered players worldwide and posted GAAP net revenue of $5.5 billion for the fiscal year 2020.
==================================================================
How many times has this got to happen (attackers stealing data from organizations' networks) before organizations wise up, and say look Wave has awesome solutions that work effectively, lets make a better choice and choose Wave?!!! Prepare your organization with Wave solutions, and avoid the ransomware and data breaches that could massively damage your organization!!!
Ride the 'Tsunami of Success' in 2021!!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Mysterious Custom Malware Collects Billions of Stolen Data Points
https://threatpost.com/custom-malware-stolen-data/166753/
=================================================================
Use Wave Endpoint Monitor against custom malware. Wave Endpoint Monitor and Wave solutions get the job done!!!
=================================================================
http://www.wavesys.com/malware-protection
Excerpts:
In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you.
A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
Wave’s solution: start with the device
If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.
=================================================================
http://www.wavesys.com/products/wave-endpoint-monitor
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
==================================================================
Rethink cybersecurity, and use Wave's awesome solutions!!!
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Unauthorized access accounts for 43% of all breaches globally
https://www.helpnetsecurity.com/2021/06/08/unauthorized-access-breaches/
==================================================================
http://www.wavesys.com/wave-alternative
Excerpt:
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
=================================================================
http://www.wavesys.com/compliance ***-interesting reading!!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
Rethink cybersecurity and use Wave's awesome solutions!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
One password allowed hackers to disrupt Colonial Pipeline, CEO tells senators
https://www.investing.com/news/commodities-news/colonial-pipeline-ceo-tells-senate-cyber-defenses-were-compromised-ahead-of-hack-2526379
NEW YORK (Reuters) - The head of Colonial Pipeline told U.S. senators on Tuesday that hackers who launched last month's cyber attack against the company and disrupted fuel supplies to the U.S. Southeast were able to get into the system by stealing a single password.
Colonial Pipeline Chief Executive Joseph Blount told a U.S. Senate committee that the attack occurred using a legacy Virtual Private Network (VPN) system that did not have multifactor authentication in place. That means it could be accessed through a password without a second step such as a text message, a common security safeguard in more recent software.
"In the case of this particular legacy VPN, it only had single-factor authentication," Blount said. "It was a complicated password, I want to be clear on that. It was not a Colonial123-type password."
The panel was convened to examine threats to critical U.S. infrastructure and the Colonial attack, which shut key conduits delivering fuel from Gulf Coast refineries to major East Coast markets. Cyberattacks also hit U.S. meatpacking plants owned by JBS, showing the breadth of infrastructure facing cyber threats.
The Colonial Pipeline hack demonstrated that much of the company's infrastructure remains highly vulnerable and the government and companies must work harder to prevent future hacks, senators said during the hearing.
Security experts call the use of a single-factor login system a sign of poor cybersecurity "hygiene." They recommend two-factor authentication, which requires a secondary measure like a mobile text or hardware token, and most major companies require this across all internal applications.
Senators questioned Blount about the company's preparations and the timeline for responding to the ransomware attack, which shut the line for days and led to a spike in gasoline prices, panic buying and localized fuel shortages.
"I'm alarmed this breach ever occurred in the first place," said Senator Gary Peters, the committee's chairman. "Make no mistake: if we do not step up our cyber security readiness, the consequences will be severe."
The FBI attributed the hack to a gang called DarkSide. Some senators suggested Colonial had not sufficiently consulted with the U.S. government before paying the ransom against federal guidelines.
Blount said he made the decision to pay ransom and to keep the payment as confidential as possible because of concern for security.
"It was our understanding that the decision was solely ours to make about whether to pay the ransom," he said.
Blount said Colonial did not have a plan in place to prevent a ransomware attack, but did have an emergency response plan. The company notified the FBI within hours.
Blount said Colonial has invested over $200 million over the last five years in its IT systems. When pressed to answer how much Colonial has spent to keep its pipeline cyber secure, Blount repeated that amount. A company spokesperson later clarified the $200 million was for IT overall, which includes cyber security.
On Friday, U.S. Deputy Attorney General Lisa Monaco urged companies to tell federal authorities whether they paid ransom to cyberattackers, information that can help investigators.
Blount said even after getting the key from the hackers, the company is still recovering from the attack and is bringing back seven finance systems that have been offline since May 7.
On Monday, the Justice Department said it had recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline.
Colonial Pipeline previously had said it paid the hackers nearly $5 million to regain access. The value of the cryptocurrency bitcoin has dropped to below $35,000 in recent weeks after hitting a high of $63,000 in April.
As a result, the government recovered about 60 of the 75 bitcoin paid, but the value has dropped, falling short of the total dollar amount Colonial paid.
Bitcoin seizures are rare, but authorities have stepped up their expertise in tracking the flow of digital money as ransomware has become a growing national security threat and put a further strain on relations between the United States and Russia, where many of the gangs are based.
=================================================================
If Colonial had Wave solutions, this disaster wouldn't have happened!!! And at less than half the cost, Wave VSC 2.0 would have protected against this and so much more!!! Please see the Wave Virtual Smart Card link below for its awesome capabilities!!!
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
Get better security at less than half the cost
Passwords are weak. Tokens are expensive. Don’t compromise on security or price.
Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
What will you do with >50% TCO savings?*
Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.
Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.
When we say “secure”…
…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).
*Actual number may vary. Contact us today to receive more details and a free quote.
Key Features:
• Full lifecycle management of virtual smart cards
• Intuitive interface to create (or delete) virtual smart cards
• Command line option to create and delete virtual smart cards
• Flexible PIN policies
• Helpdesk-assisted PIN reset and recovery
• Generates reports for compliance
• Integrates with Active Directory
• Supports familiar use cases ? Virtual Private Network (VPN)
? Local logon
? Remote logon
? Remote desktop access
? Intranet/Extranet
? Cloud applications
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
TeamTNT attacks IAM credentials of AWS and Google Cloud
https://www.scmagazine.com/home/security-news/cloud-security/teamtnt-attacks-iam-credentials-of-aws-and-google-cloud/
==================================================================
Why not protect the credentials by storing them in TPMs (hardware security) or use Wave VSC 2.0? Wave could activate and manage the TPMs!!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
=================================================================
Rethink cybersecurity, and use Wave's awesome solutions!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
US truck and military vehicle maker Navistar discloses data breach
https://www.bleepingcomputer.com/news/security/us-truck-and-military-vehicle-maker-navistar-discloses-data-breach/
Excerpt:
Navistar International Corporation (Navistar), a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered on May 20, 2021.
=================================================================
SO MANY RANSOMWARE AND DATA BREACH ARTICLES HAVE HAD - 'UNKNOWN ATTACKERS HAVE STOLEN DATA FROM ITS NETWORK'!!! THIS HAS COST ORGANIZATIONS MILLIONS and CAUSED COUNTLESS PROBLEMS and HEADACHES!!!
USE THE WAVE ALTERNATIVE and WAVE SOLUTIONS SO THIS DOESN'T KEEP HAPPENING!!! Please see Wave contact below for more information!
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
http://www.wavesys.com/wave-alternative
Choose data protection that actually works.
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Organizations have seen an increase in device encryption
https://www.helpnetsecurity.com/2021/05/31/device-encryption-increase/
Excerpt:
32% of organizations have seen an increase in device encryption in the past year, according to a Vanson Bourne survey.
==================================================================
If the world is to be protected from cyber attacks, a lot more organizations need to have their Self-Encrypting Drives (SEDs) activated. Wave can help with the activation and management of TPMs (Trusted Platform Modules) and SEDs!!! Not using them is like not using seatbelts or airbags!!! Activating SEDs and TPMs, and using Wave's solutions could provide better data protection as well as save lives!!!
==================================================================
http://www.wavesys.com/products/wave-cloud
The fast, risk-free way to deploy SEDs.
No infrastructure, no software …
no more excuses
You know you should be encrypting data on every device in your organization, especially your laptops. Self-encrypting drives (SEDs) are the fastest, easiest and most secure way to do that. But setting up to support and manage SEDs can seem daunting. Even to test them, you need server infrastructure and management software. Right?
Not with Wave Cloud. The world’s first cloud-based service for managing SEDs, Microsoft Bitlocker and OS X FileVault 2, Wave Cloud lets users take advantage of the benefits of SEDs without jumping through the hoops traditionally associated with SED management. Whether you’re doing a small proof-of-concept or full-blown production deployment, Wave Cloud is the fastest way to get there.
Contact Wave Sales and you’re on your way - no servers or software or big capital expenditures.
Manage the entire range of endpoint encryption technologies
Wave Cloud is the world’s only cloud service that manages SEDs and software encryption in a single console. Its hybrid management approach is the best way to secure your legacy endpoints today with OS-native full disk encryption, while phasing in self-encrypting drives on your latest-generation assets.
Key Features:
Flexibility
• Compatible with Windows 8.1, 8, 7 and Vista operating systems; and OS X 10.8 and 10.9 (for OS X FileVault 2)
• Manage mixed environments from one console
Easy security compliance
• Active monitoring, logging, and reporting of all user and device events associated with SEDs
• No infrastructure to buy or set up - fast, easy compliance
Data protection
• The only cloud-based management solution that gives you drive initialization, user management, drive locking, and user recovery for all Opal-based, proprietary, and solid-state SEDs
• Secure user recovery using challenge/response
• User-based SSO after recovery
• Control for external SEDs
• S3 sleep support
Simplicity
• Fast deployment of SEDs and OS-native software encryption—no need to buy, build, and test (or maintain) server infrastructure
• Easy-to-use web interface
• Deploy many drives at once with policy-based management
• Windows password synchronization and single sign-on (SSO)
• Features and maintenance patches are continually updated, so you’re always running the best, most secure version of the service
• One-click initialization/provisioning
• Your subscription covers everything—no up-front charges, no support charges
No compromises
• Wave Cloud is every bit as secure as our on-premise SED management product
• All the same monitoring, logging, and reporting you need for compliance
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
White House sends out memo to private sector on cyberattack protections
https://thehill.com/policy/cybersecurity/556625-white-house-sends-out-recommendations-to-private-sector-on-protections
==================================================================
It's shocking that TPMs and SEDs (built-in hardware security) get no mention in the help to protect against cyber attacks by the White House!! Here we have two standards that have stood the test of time, and the TCG supporting them with 150 companies as members, and many companies are unaware of these protections or that they should be turning them on so that they have effective cybersecurity. NOW is the right moment to be made aware before there are more disasters!!! Wave has technology that can help!!!
Rethink cybersecurity, and use Wave's awesome solutions!!!
=================================================================
http://www.wavesys.com/wave-alternative
Choose data protection that actually works.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE