Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
8 Bankrupt Companies That Came Back
https://www.investopedia.com/articles/personal-finance/051115/7-bankrupt-companies-came-back.asp
These companies filed for bankruptcy and emerged stronger than ever
When a company is on the brink of failure, it will often file for Chapter 11 bankruptcy protection. This allows the company to undergo a reorganization of its business affairs, debts, and assets.[1]? Sometimes businesses are successful at restructuring, while other times, they end up liquidating assets and closing up shop permanently.
Enron, WorldCom, and Lehman Brothers are some well-known examples of bankrupt companies that never came back. But there are companies that have managed to re-emerge from bankruptcy in better shape than before they went bust. These spectacular comebacks are from companies that either went bankrupt or came nail-bitingly close to doing so.
Key takeaways
•Filing for Chapter 11 bankruptcy allows a company to restructure its debts.
•In some cases, companies are able to emerge from bankruptcy stronger than ever.
•General Motors, Texaco, and Marvel Entertainment are three of many companies that have emerged from bankruptcy successfully.
1. Apple
It's hard to believe that one of the world's largest companies by market capitalization was once in dire straits. While never actually filing for bankruptcy, Apple (AAPL) was on the verge of going bust in 1997. At the last minute, arch-rival Microsoft (MSFT) swooped in with a $150 million investment and saved the company.
People have speculated that Microsoft only did this because it was worried that regulators would regard it as a monopoly without the competition from Apple in the marketplace.[2
Please read the rest of the article at the link above.
=================================================================
BETTER SECURITY AT LESS THAN HALF THE COST!!!
http://www.wavesys.com/
http://www.wavesys.com/contact-information
]
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
The Netflix Password-Sharing Crackdown Has Begun
https://gizmodo.com/the-netflix-password-sharing-crackdown-has-begun-1846460641
Bad news for streamers mooching their Netflix access.
Netflix is testing a feature seemingly meant to curb password-sharing between users who are not members of the same household. An image of an email message prompting its user to sign up for “your own Netflix for free today” was shared on Twitter and reported by multiple outlets that confirmed the test. In the Netflix prompt shared on Twitter, the service states that if you do not “live with the owner of this account, you need your own account to keep watching.” That policy is included in Netflix’s terms of use.
“This test is designed to help ensure that people using Netflix accounts are authorized to do so,” a Netflix spokesperson told the Hollywood Reporter.
Interestingly, the service seems to be baiting these users to subscribe with the offer of a 30-day free trial of the service. Netflix formally nixed its free trial offer last year, though it does offer free upgrades to higher plans during the first month after a user signs up for or rejoins Netflix. For example, if you signed up for the standard plan, Netflix may boost you to the premium plan for a trial period. The benefit here is trialing features like HD or UHD streaming (which are only available on the standard and premium plans, respectively), simultaneous viewing on multiple devices, or additional devices to keep downloads on for offline viewing.
But it appears the company is making free trial exceptions for people it knows are using its service but aren’t paying for it. That’s probably wise on Netflix’s part. After all, users being asked to pay a minimum of $9 and a maximum of $18 per month for a service they have managed to access for free for years will be a tough pill to swallow—particularly if they’re already subscribed to multiple other services.
According to a survey of 1,546 U.S. adults from LendingTree released today, 4 in 10 respondents were found to be using someone else’s credentials to stream. Additionally, the survey found that Netflix was the most popular account to “borrow,” with 52% of respondents reporting that they used Netflix with someone else’s login.
Netflix runs trials quite frequently for everything from linear viewing to timer-based viewing, and the company often says that tests don’t always lead to a wider rollout of the feature or tool. The same may be true for the trial it’s currently running around password-sharing, which isn’t the best security practice anyway. But I’m sure I’m not the only one hoping—praying, really—that password crackdowns aren’t the next new thing in streaming.
=================================================================
Wavexpress was a technology that was ahead of its time, and future subscribers might find such a service straightforward, refreshing, and highly entertaining. Owning a library of movies may be one of the options that moviegoers would want at home. Wavexpress provides the security for that and puts less stress on the overall infrastructure!!! The article above may open up the market for Wavexpress!!!
=================================================================
http://www.wavesys.com/
Millions in Covid relief funding to be used for federal cybersecurity efforts
https://www.cnn.com/2021/03/10/politics/millions-covid-relief-funding-cybersecurity/index.html
Excerpt:
"Where we want to go, is really move that far earlier in the process, so that we are continuously executing this sort of threat hunting activity, and can identify adversary activity, ideally, within a very short time period after an initial intrusion occurs," he said.
==================================================================
Only allowing known and approved devices access to your network along with Wave's other solutions could cancel the need for 'threat hunting activity!!' How well is that working or going to work anyway?? Spending the funds on Wave would be a wiser move!!!
==================================================================
BETTER SECURITY AT LESS THAN HALF THE COST!!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Proposed Bill Would Allow Americans to Sue Foreign Cyber-Actors
https://www.securityweek.com/proposed-bill-would-allow-americans-sue-foreign-cyber-actors
A bill introduced in the House of Representatives this week could allow United States citizens to seek monetary damages if cyber-attacks by foreign threat actors harm them in any way.
Referred to as the Homeland and Cyber Threat Act, or the HACT Act, the legislation is the reintroduced version of a bill initially introduced in August 2019.
The bill was reintroduced by Reps. Jack Bergman (MI-01), Colin Allred (TX-32), Brian Fitzpatrick (PA-01), Jaime Herrera Beutler (WA-03), Joe Neguse (CO-02), and Andy Kim (NJ-03).
Per the bill, Americans would be able to make claims in federal or state courts if they are in any way affected by cyber-attacks that foreign states have conducted against them.
The HACT Act seeks to eliminate the immunity of foreign states, officials, and government employees, in courts in the United States, when Americans seek money damages against a foreign state “for personal injury, harm to reputation, or damage to or loss of property,” the bill reads.
Activities the legislation refers to include unauthorized access to a computer in the United States or to confidential, electronic information stored in the country, as well as the use of malware or other harmful applications to infect computers in the United States.
The bill also seeks to cover the unauthorized use or leak of information stolen from those activities and the provisioning of material support for threat actors who engage in those types of activities, including by officials of foreign states.
“Cyberattacks against American citizens are only increasing and Congress should give Americans the tools they need to fight back against foreign attacks. This legislation does just that by giving Americans the ability to hold foreign governments accountable for damage done by cyberattacks,” Rep. Allred commented.
=================================================================
There could be a clause in the bill that those who want to sue would have been required to have their TPMs and SEDs activated and used software such as Wave's to activate and manage them. That could massively cut down on cyber attacks, worldwide lawsuits, and create a strong incentive to smartly use hardware enabled security!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Debunking Three Myths about Hardware Security
https://www.nextgov.com/ideas/2021/03/debunking-three-myths-about-hardware-security/172507/
The federal government should consider hardware-enabled security approaches.
Because cyber criminals have proven over time that they are capable of circumventing the wealth of software-based security solutions intended to stop them, federal agencies need to consider taking an entirely different path: one which opts for hardware-enabled alternatives.
In doing so, they’ll embark upon what looks like the next revolution in cyber defense: Shipments for hardware supporting digital authentication and embedded security will reach 5.3 billion by 2024, doubling the number of shipments in 2019. Overall, the hardware security modules market will exceed $2 billion by 2027, up from about $828.3 million two years ago. True, traditionalist thinkers in government restrict these advancements to uses such as the safeguarding of classified networks via cross-domain solutions. They also contend that hardware is too expensive, impractical and difficult to deploy broadly as a security tool.
But they are wrong.
With state-sponsored attacks targeting a much larger range of victims than classified networks, it’s critical to come up with more formidable tactics to counter them. That’s where hardware can perform an essential role—especially once we debunk the following three myths which are holding back a widespread transformation.
Myth #1: Hardware Security is Too Niche
Reality: Yes, chip designers have deployed hardware security by baking protection features into their products, which means this form of defense has been relevant to only those who invest millions to make their own chips.
But emerging architectures using what are called field-programmable gate array, or FPGA, silicon chips are presenting a compelling case for broader adoption. FPGA chips are integrated circuits which security teams program strictly by using specific physical FPGA pins. Subsequently, the teams ensure that the ability to reprogram the chip is limited to those who are authorized to access a well-protected privileged management environment. Attackers are kept from doing so because they cannot physically transmit data to the pins.
Myth #2: Hardware Security is Difficult
Reality: Despite being hardware devices, FPGA chips make it easy to enhance security functionality because teams can use them to program and reprogram protective measures without the need for physical changes. Yet, as opposed to complex and flexible software-based tools that give adversaries abundant opportunities to exploit, hardware-designed controls are relatively simplistic and narrow. They will do what they are originally told to do, and nothing else, i.e., they are “too dumb” to be hacked.
As a result, FPGAs present an ideal combination: Features that are better positioned to ward off attacks, while allowing updates much in the same way agencies apply software updates.
Myth #3: Hardware Security is Expensive
Reality: This is the biggest myth of all. Here’s why:
•Hardware reduces the cost of operations. It leverages lower-level computational techniques compared to the Turing machines on which we run software. Simpler computational models greatly eliminate bugs and, even if bugs exist in the hardware, it’s much harder for an adversary to exploit them. In contrast, software is all about taking on the significant costs and burdens of performing constant patches. This, in turn, reveals the fundamental weakness of software—that hackers latch upon inevitable mistakes to potentially take unlimited control over systems and platforms. Hardware brings the peace of mind which comes from no longer depending upon endless “hurry up and patch!” cycles.
•It lowers the cost of development. Indeed, developers produce software “on the quick and cheap.” But the end product often isn’t very good. To get it right, agencies need to spend a lot of money. In the cross-domain space, for example, the National Cross Domain Strategy Management Office oversees design and implementation requirements for solutions so every “i” is dotted and “t” is crossed—standards that cannot be achieved without spending huge amounts on every software product. While hardware generally involves a higher entry cost, it’s less expensive to develop while obtaining much more effective controls. How so? Because it avoids the enemy of software security—incredibly complex platforms. In addition, the comparatively few mistakes typically do not lead to financially damaging compromises because, again, hackers find it much more difficult to exploit them.
•It lowers the cost of equipment. This may sound absurd … It’s actually cheaper? But dedicated hardware really is often less expensive than commodity servers. It is also becoming increasingly commoditized, with component options to include small, low-cost devices.
Clearly, government agencies are not going to transform overnight from traditional security strategies. But, more than ever, they’re recognizing that sticking with same software-based approaches amounts to sprinting on a treadmill and getting nowhere while cyber criminals are zooming ahead of them in race cars.
In other words, rapid advancements in attack methods require a completely redefined game plan. Simply stated: Security software is difficult and few get it right. To pursue an alternative that is easy to develop, reprogram and oversee while refusing to allow enemies inside the gates, government leaders must turn to hardware.
=================================================================
This is an interesting article in light of TPMs and SEDs being hardware security already BUILT-IN to computers and devices and they are ubiquitous!!! They are standard and should be treated like a seat belt or airbag in the requirement of their use!!! Insurance companies and other organizations could save a lot of money by using and requiring hardware enabled security like TPMs and SEDs and Wave software by Wave Systems!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
European Banking Authority hit by Microsoft Exchange hack
https://au.news.yahoo.com/european-banking-authority-hit-microsoft-115850435.html
Excerpts:
The cyber-attack had exploited a vulnerability in Microsoft's Exchange email system - or sometimes used stolen passwords - to look like someone who should have access to the system, Microsoft said.
Then, it would take control of the email server remotely - and steal data from the network.
==================================================================
With Wave and Wave VSC 2.0, the attackers wouldn't be able to remotely have access to the system because of the device authentication as Methinks pointed out in post #246510!!!
==================================================================
BETTER SECURITY AT LESS THAN HALF THE COST!!!
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software
https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/
==================================================================
VMware very strongly suggests TPM for all servers in tightened vSphere security guide (post #246461). Were there activated TPMs in Microsoft's email servers?? Activated TPMs could be a huge security help for computers, servers and other devices in the World's cyber infrastructure!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Ransomware is a multi-billion industry and it keeps growing
https://www.bleepingcomputer.com/news/security/ransomware-is-a-multi-billion-industry-and-it-keeps-growing/
Excerpt:
Typically, the actors spent 13 days inside the compromised network before deploying the encryption process. During this period, they would move on the network and increase their control, identify and remove backups for increased impact.
==================================================================
WAVE SOLUTIONS CAN KEEP THESE RANSOMWARE ATTACKERS FROM BEING INSIDE YOUR NETWORK. PLEASE READ BELOW:
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Cybersecurity and IT Remain Top Concerns on GAO’s High-Risk List
https://www.nextgov.com/cio-briefing/2021/03/cybersecurity-and-it-remain-top-concerns-gaos-high-risk-list/172393/
Agencies showed some slight progress on IT issues, though cybersecurity took a step backward in the latest report.
==================================================================
The government must not have used Wave solutions across the board because cybersecurity wouldn't be taking a step backward with Wave's solutions. Instead of the holes in software that FireEye's CEO mentioned in a recent interview that are such a big problem why not use stronger built-in hardware ie. SEDs and TPMs to fortify systems around the world!!! They need to be activated and managed and Wave and other companies can do that. And SEDs and TPMs are backed by many well renowned companies in the Trusted Computing Group. It could change cybersecurity from a sore spot to a bright spot!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Password Reuse at 60% as 1.5 Billion Combos Discovered Online
https://www.infosecurity-magazine.com/news/password-reuse-60-15-billion/
A security vendor discovered nearly 1.5 billion breached log-in combos circulating online last year and billions more pieces of personal information (PII), with password reuse and weak hashing algorithms commonplace.
SpyCloud’s 2021 Credential Exposure Report was compiled from the vendor’s human intelligence efforts to recover stolen data from criminal networks early in the breach lifecycle.
Some 854 breach incidents, up a third from 2019, leaked on average 5.4 million records each.
Poor password security is still rife: for users with more than one password stolen last year, SpyCloud found that 60% of credentials were reused across multiple accounts, exposing them to credential stuffing and other brute force tactics.
For the 270,000 .gov emails recovered, password reuse was even higher, at 87%.
Nearly two million passwords contained “2020” while almost 200,000 featured COVID-related keywords like “corona” and “pandemic.”
As usual, the most common password was “123456,” followed by “123456789” and “12345678.” “Password” and “111111” also appeared more than 1.2 million times each.
However, in some cases, the blame lay with the organizations tasked with protecting their customers’ personal data and logins. SpyCloud found that a third (32%) of breached passwords used the weak MD5 algorithm and 22% used SHA1. In addition, only 17% of passwords were salted.
The security firm also recovered over 4.6 billion pieces of PII including names, addresses, birthdates, job titles and social media URLs. This trove featured 1.3 billion phone numbers, the most common piece of PII found.
The findings represent a major security risk for both individual consumers and businesses, given that many credentials and email addresses are being used across corporate and personal spheres.
“These staggering numbers indicate a continued threat for account takeovers, identity theft and fraud at a time when people have been spending more time online during the COVID-19 pandemic,” said David Endler, co-founder of SpyCloud.
“Criminals didn’t stop for the coronavirus. In fact, attackers have been able to use the disruption of the pandemic to their advantage.”
=================================================================
Please see excerpts below for how organizations can avoid the problems in the above article!!!
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
NSA Pushes Zero Trust Principles to Help Prevent Sophisticated Hacks
https://www.nextgov.com/cybersecurity/2021/03/nsa-pushes-zero-trust-principles-help-prevent-sophisticated-hacks/172373/
Excerpt:
The guidance notes that while a traditional approach relies on validating passwords, which the SolarWinds hackers exploited to gain initial access in many cases, a Zero Trust approach would also validate devices themselves. If an attacker were to use stolen credentials but a device that is not known, "the device fails authentication and authorization checks and so access is denied and the malicious activity is logged,” NSA said.
==================================================================
That last excerpt is what Wave VSC 2.0 already does!! Why wait months for better security when Wave VSC 2.0 has it now!!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Cybersecurity Firm SentinelOne Plans for IPO at Possible $10 Billion Value
https://www.bloomberg.com/news/articles/2021-02-26/cybersecurity-company-sentinelone-is-said-to-prepare-for-ipo
=================================================================
Is SentinelOne's artificial intelligence really better than Wave solutions at protecting organizations? If Wave were put on the market after the Cybersecurity Wave of 2021 begins, shouldn't it fetch a value of greater than 10 billion with its better security!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Windows 10 Secure Boot update triggers BitLocker key recovery
https://www.bleepingcomputer.com/news/microsoft/windows-10-secure-boot-update-triggers-bitlocker-key-recovery/
==================================================================
http://www.wavesys.com/products/wave-self-encrypting-drive-management
Enterprises choose Wave to manage SEDs
Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.
SEDs are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to encrypt. They also perform this encryption in the hardware of the drive, so you don’t end up with the performance issues software full-disk encryption is infamous for. SEDs are available as HDD or SSD, and are sold by most major drive manufacturers.
Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.
Easy proof of compliance
Your encryption is only as good as you can prove it to be. To comply with most data protection regulations, your organization has to prove encryption was in place at the time of a potential breach. Wave provides secure audit logs to help you demonstrate compliance.
If you lose a device with a Wave-managed SED, there’s no wondering or guessing. You know encryption was on by default, and you can prove it.
No vendor lock-in
SED technology was created and standardized by a consortium of the best in the infosec industry, a standards body called the Trusted Computing Group (TCG). This means you can buy your drives wherever you want, from whatever vendor you want—any SED built to the TCG’s Opal specification can be managed by Wave.
No SEDs yet? No problem.
If your organization hasn’t yet deployed SEDs, you can skip the process of retro-fitting and simply incorporate SEDs on all new laptops as part of your regular refresh cycle. In the meantime, the same Wave console can manage BitLocker and SEDs, so you can protect the devices you have now with BitLocker and add those with SEDs as they are deployed. And if you’re using Wave’s cloud platform, you can also support OSX FileVault2.
Pick your platform
Wave SED management is available via the cloud or on-premise servers. Ask us for more details about which platform is right for your deployment.
Key Features:
Easy security compliance
• Active monitoring, logging and reporting of all user and device events
Data protection
• Local changes are prohibited
• Drive locking is supported in sleep or standby (S3) modes
• Manage clients inside or outside the firewall and on non-domain machines
Simplicity
• Everything is automatically encrypted—users don’t have to identify which data is sensitive
• Windows password synchronization and single sign-on
• Add or remove users remotely
• MMC snap-in is familiar and easy—less administrator training
• Role management allows delegation of tasks with customized or predefined roles.
No compromises
• Encryption is completely transparent to your users—they won’t even notice it's there
• Customizable pre-boot message at authentication screen
=================================================================
http://www.wavesys.com/products/wave-cloud
No infrastructure, no software …
no more excuses
You know you should be encrypting data on every device in your organization, especially your laptops. Self-encrypting drives (SEDs) are the fastest, easiest and most secure way to do that. But setting up to support and manage SEDs can seem daunting. Even to test them, you need server infrastructure and management software. Right?
Not with Wave Cloud. The world’s first cloud-based service for managing SEDs, Microsoft Bitlocker and OS X FileVault 2, Wave Cloud lets users take advantage of the benefits of SEDs without jumping through the hoops traditionally associated with SED management. Whether you’re doing a small proof-of-concept or full-blown production deployment, Wave Cloud is the fastest way to get there.
Contact Wave Sales and you’re on your way - no servers or software or big capital expenditures.
Manage the entire range of endpoint encryption technologies
Wave Cloud is the world’s only cloud service that manages SEDs and software encryption in a single console. Its hybrid management approach is the best way to secure your legacy endpoints today with OS-native full disk encryption, while phasing in self-encrypting drives on your latest-generation assets.
Key Features:
Flexibility
• Compatible with Windows 8.1, 8, 7 and Vista operating systems; and OS X 10.8 and 10.9 (for OS X FileVault 2)
• Manage mixed environments from one console
Easy security compliance
• Active monitoring, logging, and reporting of all user and device events associated with SEDs
• No infrastructure to buy or set up - fast, easy compliance
Data protection
• The only cloud-based management solution that gives you drive initialization, user management, drive locking, and user recovery for all Opal-based, proprietary, and solid-state SEDs
• Secure user recovery using challenge/response
• User-based SSO after recovery
• Control for external SEDs
• S3 sleep support
Simplicity
• Fast deployment of SEDs and OS-native software encryption—no need to buy, build, and test (or maintain) server infrastructure
• Easy-to-use web interface
• Deploy many drives at once with policy-based management
• Windows password synchronization and single sign-on (SSO)
• Features and maintenance patches are continually updated, so you’re always running the best, most secure version of the service
• One-click initialization/provisioning
• Your subscription covers everything—no up-front charges, no support charges
No compromises
• Wave Cloud is every bit as secure as our on-premise SED management product
• All the same monitoring, logging, and reporting you need for compliance
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Cybercrime groups are selling their hacking skills. Some countries are buying
https://www.zdnet.com/article/cybercrime-groups-are-selling-their-hacking-skills-some-countries-are-buying/
Excerpt:
This cyber-criminal operation provides malicious hacking operations, such as phishing, malware or breaching networks, and gets paid for their actions, while the nation state that ordered the operation receives the information or access it requires.
==================================================================
Phishing, malware, and breaching networks are 3 malicious hacking operations that Wave solutions could do a superior job in protecting organizations against all three!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
North Korean hackers target defense industry with custom malware
https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-defense-industry-with-custom-malware/
==================================================================
The defense industry/DOD could benefit in a BIG WAY by using Wave Solutions - Wave Endpoint Monitor to detect this custom malware, and Wave VSC 2.0 to only allow known and approved devices access to the defense industy/DOD's networks!!!
Better security at less than half the cost!!!
==================================================================
http://www.wavesys.com/malware-protection
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.
APT's extent seems wider each week. News stories about targeted attacks on organizations appear weekly. Even more stories do not appear, as some malware is not detected for very long periods of time. Some malware described as "cutting edge" has code components that have been available for 3 and 4 years, thus dating their undetected time of life in the wild. With online tools, even a non-technical person can create one easily. And there are more ways than ever for malware to spread: the Internet, personal computing devices, downloads, email, social media sites. Government agencies recognize it as a growing threat. Early detection is the highest priority in this Cyberwar. In 2011 NIST published guidelines for establishing a chain of trust for the basic input/output system (BIOS), which initializes a computer when it boots up. This critical system is one of malware’s more consequential targets and an area specifically protected by Wave Systems in its products and in its thinking.
Wave’s solution: start with the device
If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.
=================================================================
http://www.wavesys.com/products/wave-endpoint-monitor
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Phishing campaign alters prefix in hyperlinks to bypass email defenses
https://www.scmagazine.com/home/security-news/phishing/phishing-campaign-alters-prefix-in-hyperlinks-to-bypass-email-defenses/
Threat hunters say they’ve seen a concerted rise in the use of a phishing tactic designed to bypass traditional email defenses by subtly changing the prefixes (a.k.a. schemes) of malicious URLs in hyperlinks.
In other words, rather than a URL beginning with “http://” it instead starts with “http:/\”. Yet the rest of the URL remains the same. “The URLs don’t fit the ‘known bad’ profiles developed by simple email scanning programs, allowing them to slip through undetected,” explains a blog post today from the GreatHorn Threat Intelligence Team.
Email recipients generally won’t immediately notice the issue either because the malicious link is hidden behind a call-to-action button such as “Click Here.” Or “Play Audio.” However, even if they were to check out the authenticity of the link before clicking, it’s possible users would still not notice the very minute change in the prefix.
The trick works because the double slashes in URL addresses are entirely extraneous, and do not play an actual role in directing users to a given website. “Whether you place the // or make it a /\, the URL takes you to the same destination because nothing is actually being communicated within this part of the protocol,” said Kevin O’Brien, GreatHorn co-founder and CEO, in an email interview.
Explaining further, O’Brien said the attackers are essentially taking advantage of a loophole that exploits differences in how email defenses treat URLs and how web browsers interpret URL hyperlinks: “Traditional defenses are looking for strict adherence to the http spec, which says a valid URL is prefixed with either https:// or http://,” he said. “But browsers are forgiving and assume you meant to do // when you accidentally type /\ , so they fix it for you and automatically convert it to http:// which takes you to the destination.”
“The browser will say, ‘Oh, I know what you meant’ and take you there.”
URL alteration has long existed as a trick of phishing scammers, and there were differing viewpoints among experts as to just how new this technique is. GreatHorn told SC Media this particular tactic was only previously seen in small “one-off scams,” until a sudden surge in this technique that began in October 2020 and escalated further in January 2021.
“Cybercriminals will develop a new technique and after using it themselves, will either sell a phishing kit in dark web forums or other cybercriminals will identify the technique and leverage it for their own nefarious activities,” said O’Brien. “It appears that this technique has been rapidly adopted across a wide network in recent months.”
According to the company, a high-volume credential phishing campaign leveraging this technique has especially targeted Office 365 users, with notable high rates of incidents against companies in the following verticals: pharmaceutical, lending, general contracting and construction management, and telecom/broadband.
Some of the phishing emails impersonated a voicemail-over-email service as a lure, and used additional deception tactics including spoofed display names and the use of open redirection domains. Users who clicked on the call-to-action button were taken to a lookalike landing page where they were asked to shared their credentials.
James Hoddinott, M3AAWG technical messaging committee co-chair, said URL manipulation tactics “have existed for quite a while, especially since email clients supporting HTML became popular.” But Josh Douglas, vice president of product management and threat intelligence at Mimecast, said this particular campaign takes URL manipulation “a step further because typically this has been thought of as only a web security issue; however, email and web activities are very closely intertwined."
“Some systems may never detect these types of deception attacks because they think of security as an isolated case of detection vs an ecosystem of sharing,” said Douglas. “They also only look at it in the context of their domain vs email knowing about web, and web knowing about email.”
That’s why having well-integrated email and web security systems that support each other is important. “Security teams should be heavily focused on tiered defense, with email and web security systems that can share information and cross-validated deceptions like the one outlined,” Douglas explained.
Other recommendations offered up by experts included security awareness training for employees, using browser isolation with email, and implementing a more robust advanced email security solution with features such as machine vision and artificial intelligence that can help identify and block credential theft attempts.
As for traditional email scanners, “The use of multiple filtration strategies should be applied by the scanners,” said Hoddinott. “Even with this manipulation, a domain and URL path are easily recognized by the filtration system.” Additionally, “reputation systems and string matching can be employed whether or not the scheme, port, or even HTTP authentication parts are used by the attacker.”
=================================================================
WHEN EMAIL DEFENSES DON'T PICK UP NEWLY DISGUISED PHISHING LINKS, IT'S GREAT TO HAVE WAVE SOLUTIONS TO PROTECT AGAINST PHISHING!!!
BETTER SECURITY AT LESS THAN HALF THE COST!!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Hacking Campaign Fuels Calls for Information Sharing Mandate
https://www.nextgov.com/cybersecurity/2021/02/hacking-campaign-fuels-calls-information-sharing-mandate/172254/
Excerpts:
Sen. Ron Wyden, D-Ore., argued that presenting the hacking campaign as highly sophisticated may be letting hacked entities off the hook. He has unanswered questions about agencies’ use of appropriately configured firewalls and whether those compromised were following the guidance of the National Institute of Standards and Technology and the National Security Agency.
“The impression that the American people might get from this hearing is that the hackers are such formidable adversaries that there was nothing the American government or our biggest tech companies could have done to protect themselves,” he said. “My view is that message leads to privacy-violating laws and billions of more taxpayer funds for cybersecurity. It might be embarrassing, but the first order of business has to be identifying where well-known cybersecurity measures could have mitigated the damage caused by the breach.”
==================================================================
http://www.wavesys.com/wave-alternative
Excerpts:
Choose data protection that actually works.
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
=================================================================
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
LOOK AT WHAT WAVE POINTED OUT ABOVE ABOUT FIREWALLS SEVERAL YEARS AGO!!! AND THEN THERE IS WHAT Sen. Ron Wyden SAID ABOUT FIREWALLS. TRY SOLUTIONS THAT ARE SIMPLER AND MORE EFFECTIVE, USE WAVE SOLUTIONS!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
SolarWinds Attackers Lurked for 'Several Months' in FireEye's Network
https://www.darkreading.com/threat-intelligence/solarwinds-attackers-lurked-for-several-months-in-fireeyes-network/d/d-id/1340239
Top execs from FireEye, SolarWinds, Microsoft, and CrowdStrike testified before the US Senate Intelligence Committee today on the aftermath - and ongoing investigations - into the epic attacks.
The attackers who infiltrated SolarWinds Orion's software build and updates had spent "several months" embedded in FireEye's network before the security firm spotted them, Kevin Mandia, CEO of FireEye told a congressional committee today.
"The attacker wasn't alive every single day" on our network, Mandia told the US Senate Intelligence Committee in response to a question about the attack timeframe on FireEye's network. "They were on our systems for three hours on one day, a week would go by, and a couple of hours another day. We weren't a full-time job for [them] .. because they had broken into another 60-plus if not 100 organizations. There were several days of activity before we detected them."
Mandia, along with Microsoft president Brad Smith, CrowdStrike president and CEO George Kurtz, and SolarWinds' new CEO Sudhakar Ramakrishna, testified before the US Senate Intelligence Committee today in a hearing on the so-called SolarWinds cyber espionage attack campaign that US intelligence officials say is most likely the handiwork of Russian nation-state actors.
Conspicuously missing from the panel today was Amazon Web Services (AWS), which declined the Senate's invitation to testify, a snub that appeared to rile several Senators on the committee. Sen. Richard Burr (R-N.C.), pointed out that the attack was waged inside the US, and some secondary command-and-control nodes were hosted on AWS's infrastructure.
Mark Warner, D-Va., chair of the committee, noted that companies "who chose not to participate so far: we're going to give them another chance."
AWS did not respond to an inquiry from Dark Reading for this article.
It's still unclear how many other companies, including software firms, may have been targeted and hit in the attacks. FireEye's Mandia noted that the attackers behind the massive campaign walked off with plenty of stolen information, and they'll be back.
"This group has been around for a decade or more" and they target specific individuals in the government or do work on government projects, he said. They had a plan, data "collection requirements," and were focused on their mission. While their attack tools and tactics will change, their targets won't, he said. "They've already moved on to whatever is next and we've gotta go find it. They're going to be ever-present and we have to play defense ... and we have to close the security gap better next time."
Meanwhile, a report by The Washington Post today said the Biden administration is preparing sanctions against Russia for the attacks: a nod that would solidify the intelligence agencies' initial reports that the attacks "appeared" to be out of Russia. Security vendors FireEye, CrowdStrike and others have been hesitant to ID Russia as the perpetrator.
"It's potentially one of the most serious breaches we've seen and know" about, Warner said. "It was exfiltration [of data], but it could have been exponentially worse. We need to recognize the seriousness of that."
Worse as in destructive, but the execs said there was no sign of anything other than cyber espionage at this point. Even so, the attack raises concerns for US IT infrastructure when software companies get infiltrated and compromised as a foothold into their customers' networks, the ultimate targets.
Kiersten Todt, managing director of the Cyber Readiness Institute, and former member of the Obama administration's national cybersecurity commission, says there's likely much more about the attacks that remain unknown. "I do think there's a lot more we don't know. How much more that's dangerous or impactful is unclear," she says. "And how much we don't know that's going to make a difference? That's the question."
Microsoft's Smith also noted the unprecedented scope of the attacks, and the difficulty in connecting "the dots" to see the full picture of the attacks. That goes to the challenges faced today in information-sharing between government and the private sector of cyber threats. "The nature of threat intelligence is always about connecting the dots, so the more dots you have the more likely you are to see a pattern and reach a conclusion," he said. "One of the challenges is the dots are so spread out in a variety of private companies."
"There should be some level of information-sharing in an appropriate way back to those of us in the private sector who are first responders," he said.
==================================================================
WAVE SOLUTIONS ARE THE GREAT PROBLEM SOLVERS OF CYBERSECURITY THAT ORGANIZATIONS COULD BENEFIT FROM IN A BIG WAY!!! THE NEXT ARTICLE COULD HELP SPEED UP THE RECOGNITION OF WAVE!!!
==================================================================
Microsoft president asks Congress to force private-sector orgs to publicly admit when they've been hacked
https://www.theregister.com/2021/02/24/microsoft_solarwinds_congress/
==================================================================
The excerpt below sure could have helped out FireEye, and those effected companies in the first article.
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
These hackers sell network logins to the highest bidder. And ransomware gangs are buying
https://www.zdnet.com/article/these-hackers-sell-network-logins-to-the-highest-bidder-and-ransomware-gangs-are-buying/
Stealing and selling RDP credentials has risen over the last year - and cyber criminal middlemen are making a profit by putting businesses at risk from ransomware and other attacks.
Please see below for how Wave can help!!!
=================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
Excerpts:
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
==================================================================
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Emmanuel Macron pledges €1bn for cybersecurity after hospital ransomware attacks
https://www.healthcareitnews.com/news/emea/emmanuel-macron-pledges-1bn-cybersecurity-after-hospital-ransomware-attacks
Two French hospitals returned to paper systems after being targeted by hackers.
==================================================================
A world (in France) that had activated self-encrypting drives (SEDs) and trusted platform modules (TPMs) along with Wave solutions could have saved itself a lot of heartaches, headaches and a lot of money. The rest of the world could benefit in a BIG WAY by having Wave and activated SEDs and TPMs!!!
==================================================================
When attackers hold your data for ransom, the solution below from Wave can prevent that from happening!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
Better security at less than half the cost!!!
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Biden calls for creating 'rules' on cyber, tech to combat China and Russia threats
https://thehill.com/policy/cybersecurity/539598-biden-calls-for-creating-rules-on-cyber-tech-to-combat-china-and-Russia
=================================================================
Activated SEDs and TPMs along with Wave solutions could protect organizations from MANY cyberattacks, and SEDs and TPMs are ALREADY BUILT-IN to devices. Biden should be made aware of the article below, and the very positive impact that activated SEDs and TPMs could have on the World's cybersecurity if they were part of the rules.
https://investorshub.advfn.com/boards/read_msg.aspx?message_id=159638980
==================================================================
http://www.wavesys.com/
Cybersecurity spending for critical infrastructure to reach $105.99 billion in 2021
https://www.helpnetsecurity.com/2021/02/16/cybersecurity-spending-critical-infrastructure/
Cybersecurity spending in critical infrastructure has been little impacted by the COVID-19 pandemic, save for some reshuffling on where that spend is most needed. The effect has been mostly in increased demand for secure remote connectivity.
Most of the cybersecurity spending announced by governments has not changed significantly however, with most maintaining similar funding planned in previous years, with an average Year-on-Year growth rate between 5% and 10%.
According to a report by ABI Research, cybersecurity spending for critical infrastructure (CI) will increase by $9 billion over the next year to reach $105.99 billion in 2021.
Secure connectivity has become a key focus
The primary challenge of the COVID-19 pandemic has been for CI operators to ensure that systems and services keep running smoothly, despite an increasingly remote workforce. As such, greater emphasis has been placed on ensuring that infrastructure operations can be securely monitored and managed remotely by authorized personnel.
“There is no denying that secure connectivity has become a key focus, not least with the revelations late last year of the SolarWinds Orion hack, which has brought into sharp focus the need for better vetting of services offered by third party contractors and remote update processes.
“The scale of the intrusion clearly illustrates how vulnerable systems can be when they have weak links, and how easily threat actors can infiltrate and escalate privileges once access has been gained.
“The implications for national security are significant, and critical infrastructure operators and governments worldwide are now re-evaluating and re-assessing the risks as they relate to remote management,” says Michela Menting, Digital Security Research Director at ABI Research.
The brunt of security spending is still first and foremost focused on IT networks, systems, and data security from a defensive perspective. “This is where the primary threats are focused, and operators are keenly aware of the potential ramifications of a breach there.
“However, increasing efforts are being placed on offensive security investments to better prepare response mechanisms, as well as securing operational technologies as operators in many sectors go through digital transformation and start evolving toward smart and connected IoT infrastructures,” Menting explains.
Many sectors bound by regulations
Progress is nonetheless slow, as many sectors are bound by regulations which can make it difficult to change quickly. In addition, new security processes require time for testing and validation before being greenlit for use, ensuring they don’t compromise the integrity or proper functioning of existing processes.
While security spending is significant in defense, financial services, and in information and communication technologies (ICTs), it still lags in the more industrial sectors such as energy, water and waste management, as the risks related to physical threats is significant.
Some initial traction is nonetheless driving transport, public security and healthcare, all in line with digital transformation efforts in those industries and notably from smart city developments.
“By and large, security spending in critical infrastructures is wide and varied, and diverges significantly among regions due to policy and regulation but is overall embracing cybersecurity much more holistically as connectivity and digitization continue to play increasing roles in everyday operations,” Menting concludes.
=================================================================
http://www.wavesys.com/compliance
What is compliance?
Organizations must meet industry-wide government requirements for data management, including storage, archiving, encryption, and retrieval. These requirements are intended to prevent data theft and preserve consumer privacy. They often mandate specific controls, corporate compliance programs, audits, public disclosures (“notice of breach”), and stiff penalties—from fines to prison time—for noncompliance.
If your organization falls victim to a security breach and you can’t prove that you were in compliance when it happened, you will be considered negligent. In addition to fines or criminal prosecution, you could face lawsuits, negative publicity, and loss of business.
Here are some of the primary areas of regulation:
Corporate accounting: SOX
Health care: HIPAA and HITECH
Credit and debit transactions: PCI
Government: FISMA and VPAT
Europe: DPA
The regulations are overwhelming and costly
Compliance is a major concern because of the increasing number and complexity of the regulations, as well as the expense they can entail—in the form of investment in new technologies and management. In the United States alone, there are more than 8,500 state and federal regulations concerning records management and notice of breach, plus voluntary standards. A 2011 study of multinational companies found the average cost of compliance to be more than $3.5 million.
Wave’s solution: start with the device
The Wave approach to the compliance challenge is twofold:
First, we offer serious security that’s confirmed, not assumed. Regulators won’t take your word for it. We use your existing hardware to more or less equip each and every device with its own data protection system. That can mean both strong two-factor authentication and automatic encryption.
This gives you unprecedented yet straightforward monitoring of and control over exactly who has access to your data, with what devices, over what networks. Detailed logs record it all—and show that you were in compliance at any given time. Proving compliance to an auditor can be as easy as clicking “print.”
Second, we keep it simple to keep costs down. Again, we start with the devices you already have. We can do that because our products are based on an open standard that’s already been implemented on 600 million–plus laptops and is now working its way onto mobile devices. Our software may be all you need to tame the compliance monster.
Our products are also designed to make managing your security—and your compliance—refreshingly straightforward. Usually, you can do all your management, monitoring, and reporting through a single console. Preconfigured security policies mean you can be in compliance as soon as our software is installed. It all adds up to less time, less staff.
For these reasons, total cost of ownership for Wave can be almost half that of a traditional software-based system that may not even prove you are in compliance—never mind protect your data.
==================================================================
If security was properly secure (by Wave solutions), organizations wouldn't have to worry about offensive operations!!!
==================================================================
http://www.wavesys.com/
Better security at less than half the cost!!!
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Breaches Cost US Healthcare Organizations $13bn in 2020
https://www.infosecurity-magazine.com/news/breaches-cost-healthcare-13/
Last year saw a double-digit surge in the volume of healthcare data breach incidents in the US, with over 26 million people affected, according to Bitglass.
The cloud security firm’s seventh annual Healthcare Breach Report was compiled from US Department of Health and Human Services records of breached protected health information (PHI).
It revealed that incidents increased by over 55% on 2019 figures to reach 599 breaches in the sector, impacting over 26.4 million people.
The vast majority (67%) were down to “hacking and IT incidents” stemming from external attackers. This category also accounted for larger breaches than the others, amounting to over 91% of compromised records.
Loss or theft of endpoint devices came next, accounting for over 584,000 individuals affected, followed by unauthorized disclosure of data by internal parties or systems (763,000). The “other” category of miscellaneous breaches and leaks impacted over 584,000 patients.
Although the number of victims dropped slightly from the 27.5 million recorded in 2019, the average cost per breached record increased from $429 to $499 over the period. That means healthcare organizations were on the hook for $13.2bn as a result of breaches last year. The sector also comes top of IBM's Cost of a Data Breach list, with an average of over $7.1m per breach.
“The vast majority of healthcare organizations process and store protected health information (PHI) such as Social Security numbers, medical history and other personal data. It is no surprise that these entities would be targeted by malicious cyber-criminals seeking to access sensitive data for monetary gain,” said Anurag Kahol, CTO of Bitglass.
“The exceedingly high number of hacking and IT incidents highlight the shifting strategies of malicious actors. As healthcare organizations continue to embrace cloud migration and digital transformation, they must leverage the proper tools and strategies to successfully protect patient records and respond to the growing volume of threats to their IT ecosystems.”
Healthcare organizations across the US and beyond have also had to contend with a surge in ransomware attacks, many of them also stealing sensitive data, as cyber-criminals sensed that hospitals would be distracted by the fight against COVID-19.
==================================================================
Wave solutions by Wave Systems would cost a small fraction of that $13bn cost, and US Healthcare Organizations would finally get cybersecurity that works effectively!!!
The excerpt below should be embraced by all of the US Healthcare Organizations and many other organizations as well. Along with Wave's other solutions, it could save their sensitive data from falling into the wrong hands!!!
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
http://www.wavesys.com/
Better security at less than half the cost!!!
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Masslogger Swipes Microsoft Outlook, Google Chrome Credentials
https://threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
=================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
=================================================================
Better security at less than half the cost!!!
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Compromised Credentials Show That Abuse Happens in Multiple Phases
https://www.darkreading.com/attacks-breaches/compromised-credentials-show-that-abuse-happens-in-multiple-phases/d/d-id/1340179
The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.
Long before a credential breach becomes public, threat actors in many cases already have been using the stolen username and passwords in different ways, a new study has revealed.
F5 Networks recently analyzed open source information on credential-spill incidents in recent years and discovered that stolen credentials go through five separate phases of abuse from the moment a threat actor first acquires the credentials to when they are subsequently disseminated among other threat actors. The company's analysis showed that half of all organizations take about 120 days — or four months — to discover a credential breach. And even then, it is only after a third party has informed them about their data being discovered on the Dark Web.
F5 researchers discovered that a lot typically goes on with the credentials in the interim. During the first stage, in the immediate days and weeks following a credential breach, the criminals responsible for the data theft tend to use the stolen information in a stealthy and purposeful manner, says Sander Vinberg, threat research evangelist at F5.
The focus often is on using the credentials to try and establish persistence on a network, or to try and take over key accounts, conduct reconnaissance, and harvest whatever additional information they can. "They are monetizing the data, but they are monetizing it very carefully and with clear objectives in mind." This is when the potential for long-term damage is the greatest, Vinberg says.
The second stage kicks when the original attackers begin sharing the stolen credentials with others in the community. As the data becomes more widely available on the Dark Web, credential-stuffing attacks begin ramping up sharply. The increased activity usually lasts only about one month because it usually results in the credential theft being discovered.
As word of the breach starts spreading and users start changing passwords in the third stage, script kiddies and other amateur threat actors rush to use the stolen username and password pairs in credential-stuffing attacks on large Web properties. "This is the stage when the most economic damage is done," Vinberg says. "The greatest risk to organizations is regulatory and financial penalties."
By the fourth phase, the stolen credentials no longer have premium value but are still being used in attacks at a higher rate than during the first phase. The fifth stage is when attackers repackage spilled credentials and try to continue to use them.
As part of its research, F5 conducted a historical analysis using data from a large set of spilled credentials that become available for sale on a Dark Web forum in early 2019. Researchers from F5 compared credentials in that dataset against usernames used in credential-stuffing attacks against four of its Fortune 500 customers, two of which were banks, one a retailer, and the other a food and beverage company.
F5's analysis showed that when attackers first had access to spilled credentials, they used it on average between 15 and 20 times per day in attacks against the four organizations. By stage three, the credentials were being used up to 130 times a day, and by the fourth stage it had dropped back again to around 28 times per day. "The overarching conclusion is that credential stuffing is a very large problem," Vinberg says. "It manifests in different ways, but at this stage, no one can afford to downplay the risk it represents."
A Widely Acknowledged Problem
Several others have documented the growing danger of credential-stuffing attacks as well — especially in the months since the global COVID-19 pandemic began. In one study, released last November, researchers from Arkose Labs found that of the 1.3 billion attempted fraud attacks it observed in the third quarter of 2020, some 770 million involved credential-stuffing techniques. Another study, by Digital Shadows, found more than 15 billion stolen or otherwise exposed credentials available for sale in Dark Web markets. The company found credentials for everything from domain administrator accounts to bank accounts, adult-site logins, and video game and video streaming accounts readily available at prices ranging from a few thousand dollars to around $2 for access to file-sharing sites.
One silver lining that F5's study uncovered was a steady decrease in the average and median number of credentials exposed per incident compared with 2016. Though the overall number of credential compromise incidents itself more than doubled — from 51 in 2016 to 117 last year — the average number of records per incident dropped from over 63.4 million to around 17 million. When mega-breaches were excluded from the calculation, typical credential compromise incidents involved around 2 million records in 2020 compared with 2.7 million in 2016.
Vinberg says the data suggests that the largest organizations — those with the largest number of credentials — have gotten better at protecting the data. "Enormous breaches are becoming less common but midsize organizations are continuing to get breached," he notes.
F5's data shows that poor password protection practices continue to be a big contributor to the problem. Some 13.3% of credential compromise incidents and more than 42% of exposed credentials between 2018 and 2020 involved passwords stored in plaintext. When organizations did make an attempt to protect passwords, they often used MD5 hashes, a method that F5 describes as being widely discredited.
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
Decrease expenses with virtual smart cards
You know what else happens when you take passwords out of the equation? A lot fewer calls to IT. Imagine if you took password resets out of the picture – that frees up a chunk of IT time, lowering your operating expenses significantly.
If your organization currently uses traditional tokens or smart cards, switching to virtual smart cards takes an even bigger burden off of IT – we use the hardware-protected credentials in the TPM to create a virtual smart card, which performs the same functionality as traditional smart cards. That means no need to purchase, deploy, replace or maintain external tokens, smart cards or smart card readers. Because virtual smart cards are already on your machines and can’t be forgotten, lost or stolen, you have lower capital expenses and lower operating expenses.
Wave's is the only management to support virtual smart cards on Windows 7, as well as Windows 8 and 8.1.
==================================================================
http://www.wavesys.com/
***- BETTER SECURITY AT LESS THAN HALF THE COST!
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
***-BETTER SECURITY AT LESS THAN HALF THE COST!
Rampant password reuse puts companies and customers at risk
https://www.helpnetsecurity.com/2021/02/15/password-reuse-risk/
25.9 million business account credentials and over 543 million breach assets tied to employees in the Fortune 1000 are readily available on the criminal underground, SpyCloud reveals.
Password reuse risk
“Year after year, studies show that the use of weak and stolen credentials is the most common hacking tactic for cybercriminals, yet 76 percent of employees at the world’s largest companies are still reusing passwords across personal and professional accounts,” said Chip Witt, VP of product management for SpyCloud.
“People don’t seem to realize just how often their credentials end up in criminal hands or how stolen passwords can be used to access other accounts they think are safe.”
Regardless of security guidelines that warn against such behavior, many employees, even at the executive level, are using corporate credentials as personal logins for other accounts. When those third-party sites are subject to data breaches, reused employee logins provide criminals with easy access to corporate systems and networks.
Analysis within report is broken down by data type and sector (as defined by Fortune) to reveal the scope of breach exposure facing the largest U.S. companies across different industries.
Key findings
•The credentials of 133,927 C-level Fortune 1000 executives are available for sale on the dark web.
•At 552,601 per company, employees in the telecommunications sector have by far the highest average number of exposed credentials.
•13,897 technology sector employees’ corporate or personal systems appear to be infected with credential-stealing malware.
•In addition to corporate credentials, breaches regularly expose a wealth of personally identifiable information (PII) that enables bad actors to bypass security measures, take over accounts, and compromise enterprise networks. Over 281M PII assets of Fortune 1000 employees are available to cybercriminals.
•Despite constant warnings about the high risk of using weak passwords, “123456” and “password” are still the most commonly used among employees.
•At 85 percent, the media industry has the highest rate of password reuse. Media professionals also show an affinity for using certain passwords that would be inappropriate to publish here.
“Especially with millions of people still working from home, enterprises must be able to trust the identities of the employees, consumers, and suppliers accessing their networks,” continued Witt.
“The best way to prevent accounts from being taken over is to identify compromised credentials quickly after a breach and mitigate before criminals have time to use them. That requires a comprehensive, continuously updated database of breach data that security leaders can use to keep corporate accounts safe.”
=================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
Get better security at less than half the cost
Passwords are weak. Tokens are expensive. Don’t compromise on security or price.
Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
What will you do with >50% TCO savings?*
Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.
Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.
When we say “secure”…
…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).
*Actual number may vary. Contact us today to receive more details and a free quote.
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Post Office Announces New Digital ID Solutions
https://www.infosecurity-magazine.com/news/post-office-new-digital-id/
The Post Office in the UK has announced it will expand the use of digital identity technology in partnership with software company Yoti.
The government-owned retail postal service will roll out a range of products both online and in-branch, providing consumers with a range of choices as to how they verify themselves via modern technology. The collaboration is designed to make Post Office transactions more simple and secure going forward.
Among the products to be introduced is a free-to-use Post Office digital identity app that will combine customers’ personal data and biometrics to create a secure, reusable ID on their device. This will launch in the Spring. There will also be a trial of in-branch digital ID services for those customers who do not have access to a smartphone or prefer face to face interactions, starting in July.
In addition, the solutions may make it easier to carry out vital tasks such as opening bank accounts, applying for jobs and accessing medical services, removing the need to carry around driving licenses or other physical documentation. Under the agreement, online businesses will able to use Post Office and Yoti identity verification services for fraud detection, e-signatures and customer authentication services, using secure biometric face matching and liveness detection.
Just last week, the UK government unveiled plans to govern the future use of digital identities in order to build trust in these technologies.
Nick Read, chief executive at the Post Office, commented: “Post Office is embracing new technologies and this partnership will enhance our reputation as the trusted go-to destination for identity solutions. Whether it’s proving your identity on a smartphone or face-to-face with a Postmaster, we will make transactions faster and simpler than ever before.”
“I am delighted that Post Office and Yoti are joining forces to expand our identity services. We have an ambitious strategy to deliver a unique offer to the market that integrates digital and physical identity verification at scale benefitting both individuals and businesses.”
Robin Tombs, CEO at Yoti, added: “I’m proud to announce Yoti’s partnership with the Post Office, together we’ll make it simpler and safer to prove who you are and know who you’re dealing with, anywhere in the UK.”
=================================================================
The U.S./UK could use the TPM, Wave Knowd and Wave for digital identity for better security for the Post Office and more!!!
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
=================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
http://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
New BendyBear APT malware gets linked to Chinese hacking group
https://www.bleepingcomputer.com/news/security/new-bendybear-apt-malware-gets-linked-to-chinese-hacking-group/
=================================================================
http://www.wavesys.com/malware-protection
Excerpt:
Wave’s solution: start with the device
If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.
http://www.wavesys.com/products/wave-endpoint-monitor
Excerpts:
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
Key Features:
Easy security compliance
• Comports with NIST guidelines for BIOS integrity
Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
• Real-time alerts for zero-day detection of APTs
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
What is a TPM?
https://securityboulevard.com/2020/10/what-is-a-tpm/
A TPM, also known as a Trusted Platform Module, is an international standard for a secure cryptoprocessor and is a chip found on the computer’s motherboard. The function of a TPM is to generate encryption keys and keep a part of the key inside the TPM rather than all on the disk. This is helpful for when an attacker steals the disk and tries to access the contents elsewhere. The TPM provides hardware-based authentication so if the would-be attacker were to try and remove the chip and place it onto another motherboard, or try to tamper with the motherboard to bypass the encryption, it would deny access.
What is the Difference Between HSM and TPM?
For the most part hardware security modules (HSM) and TPMs are similar in function and are used for encryption, but there are two notable differences that can be made between the two. A hardware security module is typically an external device while TPMs are chips that are embedded into the motherboard. The other difference is that you can easily add an HSM to a computer or network, while a TPM is usually not considered feasible to add after the computer is in use.
Does My Computer Have a TPM?
Off-the-shelf computers have a TPM soldered onto the motherboard, however, if you are building your own computer then you can easily buy one as an add-on module for a relatively cheap price. Installing a TPM in your computer is very simple, just find the port on your motherboard (if it supports a TPM module) and plug it in.
Can You Remove a TPM chip?
This depends on the type of computer you owned. Like previously stated, if you purchased your computers off-the-shelf then the TPM is typically soldered onto the motherboard, meaning that removal of the TPM would damage both the TPM and motherboard rendering both useless for the attacker. However if you had the TPM as an add-on and installed it yourself, it can easily be removed, but the encrypted contents would still be safe as the TPM uses hardware-based authentication meaning that it can’t be used when affixed onto another motherboard.
Can You Clear a TPM?
Yes, all you need to do is go into your security center app. However, it is not recommended as it can lead to data loss and you would lose all created keys associated with the TPM. If you must clear your TPM, then it is strongly recommended to have a backup and recovery for any data that is stored in your TPM.
Can a TPM be Hacked?
For the most part, TPMs are secure, however a new attack found by Christopher Tarnovsky found a way to break chips that carry a TPM by essentially spying on them like a phone conversation. This attack was used on Infineon Technologies AG flagship model, which is regarded as one of the top makers of TPM chips.
So does that make TPMs a liability? Well, not exactly. This attack was so resource heavy that Tarnovsky stated that unless you are a multi-million dollar corporation, this attack just isn’t worth it and is incredibly difficult to pull off in a real-world environment.
Key Attestation
A key attestation with a TPM is like a signature where it proves the origin of the certificate to the certificate authority to acknowledge that the TPM that is making the request is the same TPM that the certificate authority trusts. Key attestation is important because it allows the private key to not only be stored on the disk, but another key to be isolated and stored inside the TPM on that device so that you can benefit from a higher level of security due to the non-exportability of the TPM key.
Trusted Platform Module with Certificates
Using a TPM as your only protection against attackers is not recommended, as although a TPM protects your files from a physical attack, the ever-present threat of the infamous MITM attack can still grant access to your files. SecureW2 uses certificates to prevent over-the-air attacks and our management portal also supports security key attestation, as our software client can attest to the location a private key has been generated on a security key, or any other device with a TPM. Our industry-leading PKI makes it easy to configure BYOD and managed devices for 802.1x authentication and self-enrollment for certificates in just a few clicks.
We have affordable options for organizations of every size. Check out our pricing here.
The post What is a TPM? appeared first on SecureW2.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
VMware very strongly suggests TPM for all servers in tightened vSphere security guide
https://www.theregister.com/2021/02/11/new_vsphere_7_security_guidance/
Excerpts:
The most eye-catching part for The Register is the very strong suggestion that it’s time to only run servers that run Trusted Platform Module (TPM).
“TPM 2.0 is an inexpensive way to get some very advanced security out of VMware vSphere and ESXi, and we feel strongly that you should not be acquiring new hardware without these.”
==================================================================
http://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Remote Hacker Caught Poisoning Florida City Water Supply
https://www.securityweek.com/remote-hacker-caught-poisoning-florida-city-water-supply
Hacker Remotely Increased Sodium Hydroxide Levels in City’s Water from 100 Parts Per Million to 11,100 Parts Per Million.
U.S. law enforcement agencies are investigating a remote compromise of a Florida city's water plant, warning that the hackers tried to poison the water supply serving approximately 15,000 residents.
The hack was spotted on February 5th -- and neutralized -- in real time by staff at the plant that supplies water to Oldsmar, a small city close to Tampa, Florida.
Local Sheriff Bob Gualtieri said (video below) an unknown adversary hacked into the plant remotely and attempted to elevate levels of levels of sodium hydroxide by a factor of more than 100.
Sodium hydroxide, also known as lye, controls the acidity in potable water but elevated levels maliciously added to water supply can cause physical harm to the public.
Details of the compromise are scarce but local officials made it clear the city's water supply was never affected.
During an explanation on Monday, Sheriff Gualtieri said the hack was first spotted in real time earlier in the morning by a staffer who noticed the remote connection to the plant. The remote attacker reportedly used TeamViewer, a legitimate application used for remote access, to take control of the terminal.
The Sheriff said the remote access itself wasn't unusual but just after lunch on the same day Sheriff Gualtieri said the attacker returned and the plant operators watched as the hackers took control of the mouse and started operating the computer system.
The attacker spent about three to five minutes in the control software and jacked up the amount of lye from 100 parts per million to 11,100 parts per million.
Once the attacker left, the plant operators immediately reverted the change. “At no time was there a significant adverse effect on the water being treated. The public was never in danger,” he claimed.
Cybersecurity experts have long warned that hackers could cause serious damage to organizations by targeting exposed human-machine interfaces (HMIs), and the incident in Oldsmar is another reminder of how vulnerable such systems across the nation's critical infrastructure can be.
"This was not the first attack on water or utilities, and lucky there was a human in the loop to prevent disaster," Ron Brash, Director of Cyber Security Insights at Verve Industrial, told SecurityWeek. "The warning bell should be sounded, but CISOs (or those in charge) are lucky because they are in a very defensible position. In fact, I believe this is a call for organization’s to double down on the cybersecurity basics, assess their asset & infrastructure, and validate controls on their 'crown' jewels."
While this incident may be rare, Brash reminds there are countless other municipalities that are likely in a similar situation. "Remote access has great operational benefits, but it also a great risk (think high likelihood of being attacked). In this case, its very likely that adequate controls preventing non-authorized users from gaining access were absent, or misconfigured. Regardless, this municipality was very lucky."
In early 2020, the Israeli government issued an alert to organizations in the water sector following a series of cyberattacks aimed at water facilities, and advised water and energy firms to immediately change the passwords of internet-accessible control systems, reduce internet exposure, and ensure that all control system software is up to date. Just weeks later, a group of Iranian hackers posted a video showing how they managed to access an industrial control system at a water facility in Israel.
=================================================================
It would make sense for Wave to put out a message easily explaining (the message is below) that organizations/municipalities could keep unknown and unapproved (non-authorized) devices from accessing their network by using Wave solutions. This would be GREAT for so many organizations!!! It could save lives and a lot of money!!!
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Safety first: Will insurance companies stall or accelerate cybersecurity progress?
https://www.scmagazine.com/home/security-news/data-breach/safety-first-will-insurance-companies-stall-or-accelerate-cybersecurity-progress/
Excerpt:
Every time a driver buckles up or an airbag is deployed we see the powerful influence of the insurance companies who insisted those measures become mandatory. Now, those insurers are poised to drive cybersecurity investment by insisting that organizations meet certain criteria to qualify for coverage.
==================================================================
If cyber insurers read the article from the TCG below, they could find that seatbelts and airbags are similar to self-encrypting drives (SEDs) and trusted platform modules (TPMs), and their importance to reducing claims and potentially saving lives. Please read the article below and pass this important information along to those who should have it. A lot of people are unaware of TPMs and SEDs, and their use could be highly beneficial to people and organizations so insurance companies could make them mandatory and change that.
==================================================================
"Use the security you already bought," says Trusted Computing Group at the Endpoint Security eSummit 2020
http://www.itnewsonline.com/Realwire/Use-the-security-you-already-bought-says-Trusted-Computing-Group-at-the-Endpoint-Security-eSummit-2020/24915
Beaverton, OR, USA, November 19, 2020 – Securing devices against rising security threats is critical to mitigate risks in today’s world of remote working and virtual meetings but can be challenging due to tight budgets. Unfortunately, many businesses fail to utilize the Trusted Computing features that are included in their PCs and other devices, leaving billions of devices vulnerable to threats, said Steve Hanna of Trusted Computing Group’s Technical Committee at the Endpoint Security eSummit today.
Speaking virtually at the Endpoint Security eSummit, Hanna highlighted that businesses cannot afford to forgo the security already bought and present in devices. All modern Windows PCs include a Trusted Platform Module (TPM) that can be used with built-in Windows features to prevent hackers from accessing information on the device. However, TPMs must be used to provide value – and this is something that gets overlooked by many.
“Forgetting to use your TPM is the equivalent of locking your car and leaving the keys in the door: it weakens your security and leaves your data vulnerable to theft,” Hanna added. “Users and administrators should take the time now to learn about the TPM and how they can use it. Otherwise, they are just wasting the money they spent on their PC!”
All modern Windows PCs are fitted with a TPM module; a standard component that protects the cryptographic keys used to encrypt hard drives and authenticate users so that hackers cannot gain access.
Beyond the TPM, most modern storage devices are Self Encrypting Drives (SEDs), whose hardware can encrypt the drive’s contents so that thieves can’t read any sensitive information stored on the device, even if they can get their hands on the device. Whilst TPMs and SEDs do not absolutely prevent security breaches, they provide strong hardware security capabilities that can be used to keep data more secure and protect user identity.
“The only thing stopping users from using the hardware security they already have is their lacking knowledge of how to use it,” continued Hanna. “Operators and authorities such as the National Cyber Security Centre are taking steps to promote the use of such measures, but it isn’t easy. TCG has made it our mission to make people aware of the capabilities of their own devices and help them use those capabilities more easily. TCG developed the standards for the TPM and SED. People have already purchased these devices. They should use them!”
Without utilising such built-in security systems, users are at risk of attacks. In 2018, losses due to such cybersecurity threats reached $8 billion – a 79% increase over the previous year. Such cases can be easily prevented by adopting readily available security, but are rising faster than user awareness.
“In an age of digital transformation, where computers have become even more essential, the emergence of never-before-seen vulnerabilities can be advantageous to criminals and costly to users,” Hanna concluded. “Threats to personal and corporate data are among the most common and invasive in the world of cybersecurity and preventing them has become a major concern as data pools expand – but the solution has been at the user’s fingertips all along.”
The Endpoint Security eSummit, organized by the CyberRisk Alliance, is taking place online on 18th November 2020. If you are interested in arranging a briefing with Steve Hanna about his presentation ‘Using the security you already bought – Trusted Computing’, please contact tcg@proactive-pr.com.
About TCG
TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. More information is available at the TCG website, www.trustedcomputinggroup.org. Follow TCG on Twitter and on LinkedIn. The organization offers a number of resources for developers and designers at develop.trustedcomputinggroup.org.
CONTACT:
Proactive PR
+44 (0)1636 704 888
Email: press@trustedcomputinggroup.org
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords
https://www.forbes.com/sites/barrycollins/2021/01/30/britains-smartest-peoplemensafail-to-secure-passwords-properly/
==================================================================
Spotify Hit With Another Credential-Stuffing Attack
https://www.darkreading.com/attacks-breaches/spotify-hit-with-another-credential-stuffing-attack/d/d-id/1340083
==================================================================
PayPal users targeted in new SMS phishing campaign
https://www.welivesecurity.com/2021/01/04/paypal-users-targeted-new-sms-phishing-campaign/
==================================================================
Mensa, Spotify and PayPal are three organizations that could highly benefit from Wave Knowd!!!
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
http://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
New guidelines from NIST on how to avoid cyberattacks from a nation-state
https://www.fedscoop.com/nist-800-172-cybersecurity-guidelines/
Excerpt:
Much of the advice includes practices that should already be in place for federal contractors, such as using strong passwords, multi-factor authentication and automated tracking of unauthorized users on a network.
==================================================================
automated tracking of unauthorized users on a network??? Didn't Wave have a better idea in not allowing unknown and unapproved (unauthorized) devices access to the network?! It would be better advice on how to stop nation-states!!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Microsoft warns of increasing OAuth Office 365 phishing attacks
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-increasing-oauth-office-365-phishing-attacks/
Excerpt:
Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned.
==================================================================
Now if users simply used Wave VSC 2.0 and not OAuth, the user wouldn't have these consent phishing or phishing problems as Wave VSC 2.0 protects against phishing!!! And compared to what is in the article Wave VSC 2.0 would work much better!!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
=================================================================
It's time for Wave VSC 2.0, and Wave's other solutions!!!
Catch the Cybersecurity Wave in 2021!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Hackers steal StormShield firewall source code in data breach
https://www.bleepingcomputer.com/news/security/hackers-steal-stormshield-firewall-source-code-in-data-breach/
Excerpt:
This leak is particularly concerning as StormShield SNS devices are commonly used by the French government, defense agencies, and the European SMB market.
Hi VH!
==================================================================
http://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
=================================================================
Are organizations safe with firewalls? Wave solutions have shown to be better security, and using the Wave alternative would be a smart choice for organizations' cybersecurity!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Data Drought Slows Advance of AI in Cybersecurity
https://www.wsj.com/articles/data-drought-slows-advance-of-ai-in-cybersecurity-11612434602
It’s early days, but both government and business want to solidify their cyberwalls with AI. Yet training AI models requires reams of just the right sort of data
Artificial intelligence shows promise in fortifying cybersecurity, but programs are still in early stages and a scarcity of the data needed to train models is slowing progress, researchers and cyber specialists say.
Within the U.S. government, many applications of AI are still in exploratory phases, said Matt Hayden, who until January was an assistant secretary for cyber, infrastructure, risk and resilience at the Department of Homeland Security.
“We’re kicking the tires, trying to see where some of these advantages lie. We aren’t mature enough as a department yet to take it on as a whole-of-government approach,” Mr. Hayden said on a virtual conference Wednesday organized by Ai4 LLC.
Other speakers at the conference said the situation in the private sector is at a similarly early stage. Anna Trikalinou, a security research scientist at Intel Corp. , said the chip maker has a number of efforts under way, including a partnership with Microsoft Corp. to use AI to analyze and classify malware variants by examining their coding.
Zachary Hanif, senior director of machine learning at Capital One Financial Corp. , said the company is examining how AI could be used in cybersecurity through internal research and by partnering with vendors.
“Larger enterprises are probably understanding how it fits into their doctrines,” Mr. Hanif said. “Individual contributors and researchers are actively pursuing and leading the field as the tip of the spear, so to speak.”
Among the issues hindering faster adoption is a lack of available data to train AI models, said Charlie Greenbacker, head of federal and strategic technology programs at cybersecurity firm Snorkel AI Inc., who also spoke at the conference.
“Anyone who does anything in AI will tell you the biggest problem is usually training data,” he said.
Machine learning and other forms of AI rely on vast quantities of data to inform their algorithms and teach them how to differentiate between objects, behaviors and other elements. Facial-recognition algorithms, for instance, might analyze millions of photographs before they can begin to distinguish facial features. Likewise, an algorithm designed to detect and identify road signs will need to churn through a similarly large volume of data.
While libraries of training data exist for those applications, cybersecurity can be complex, and the data required to train an algorithm to spot hackers could be specific to a given company’s systems. Acquiring data in bulk can be difficult, Mr. Hanif of Capital One said, as it can touch on intellectual property or other material that companies generally prefer to keep in-house.
Getting hold of data from successful attacks to train models is even more difficult, Mr. Greenbacker said.
“If ... you want to train models on publicly available cyber data, you’re pretty much out of luck since most organizations don’t want to share highly sensitive data like that, whether for operational reasons or it’s just embarrassing,” he said.
While many companies are still in the nascent stages of exploring AI, so too are hackers, Ms. Trikalinou of Intel warned. Cybersecurity professionals will need to leverage machine learning and similar technologies soon to keep ahead of attacks, she said.
“I see AI playing a critical role in advancing the security domain both from the defensive side and from the other side,” she said. “So I think this is something that we really, really need to pay attention to—right now.”
=================================================================
Is the government and private sector relying on the future of AI when the Wave alternative is already here for better protection!!! It sounds like AI in cybersecurity is a ways off when Wave solutions already could solve many problems that AI can't or won't be able to!!!
=================================================================
http://www.wavesys.com/wave-alternative
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Agent Tesla Trojan ‘Kneecaps’ Microsoft’s Anti-Malware Interface
https://threatpost.com/agent-tesla-microsoft-asmi/163581/
==================================================================
http://www.wavesys.com/malware-protection
What is malware?
Malware is a general name for software that installs on your organization's computers and creates damage. It includes computer viruses, worms, Trojans, spyware, adware, rootkits, Advanced Persistent Threats and more. These malicious programs could be created by a tenacious adversary, or by financially motivated criminals and inserted into your organization's computers. They may lie there undetected for months or secretly do things like log your keystrokes, steal your passwords, harvest your address book, observe where you go on the Internet, report sensitive data to distant servers, or even wipe or encrypt your data. Recent high profile malware attacks on utilities and countries, even, introduced contaminated software reported to alter the working of physical devices, like uranium enrichment centrifuges, oil rig equipment and water pumps. Malware can be introduced through a web download, an email attachment or even a USB external device for networks that are not connected to the internet.
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.
APT's extent seems wider each week. News stories about targeted attacks on organizations appear weekly. Even more stories do not appear, as some malware is not detected for very long periods of time. Some malware described as "cutting edge" has code components that have been available for 3 and 4 years, thus dating their undetected time of life in the wild. With online tools, even a non-technical person can create one easily. And there are more ways than ever for malware to spread: the Internet, personal computing devices, downloads, email, social media sites. Government agencies recognize it as a growing threat. Early detection is the highest priority in this Cyberwar. In 2011 NIST published guidelines for establishing a chain of trust for the basic input/output system (BIOS), which initializes a computer when it boots up. This critical system is one of malware’s more consequential targets and an area specifically protected by Wave Systems in its products and in its thinking.
Wave’s solution: start with the device
If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.
Which other attack vector should you watch? One common vector that is used to attack even the most secure networks is physical devices – connected to USB, FireWire or SD. Our Data Protection Suite AV scanner allows you to block any unscreened device from connecting to any machine in the organization, until it has been scanned for known malware.
==================================================================
http://www.wavesys.com/products/wave-endpoint-monitor
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
An open standard means Wave works with everything
Wave Endpoint Monitor works on your existing hardware, across platforms. That’s because our solutions are based on an open standard that’s already been implemented on many laptops and is now working its way onto mobile devices. We’re talking about those TPMs. We just don’t think that expensive new equipment and vendor lock-in are great selling points.
Be proactive on compliance
No new regulations here—yet. But government agencies recognize malware as a growing threat. In 2011, NIST published guidelines for basic input/output system (BIOS) integrity measurement, the BIOS being what initializes a computer when it boots up. When this critical system is malware’s target, the consequences are big. The guidelines describe what’s needed to establish a chain of trust for the BIOS: Has it been tampered with? NIST actually looked to Wave for feedback on this document (see the acknowledgments). We know what’s needed, because Wave Endpoint Monitor is already doing it.
Key Features:
Easy security compliance
• Comports with NIST guidelines for BIOS integrity
Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
• Real-time alerts for zero-day detection of APTs
• Get Windows 8 Malware protection now—WEM covers previous versions of Windows
Simplicity
• Uses standards-based security that’s in every PC you own
• Measurement notifications and reports can be customized for your processes and work flows
• Centralized, remote activation and management of your TPMs
• E-discover which PCs in your organization are enabled for endpoint monitoring
No compromises
• Ensure host integrity—without expensive hardware or excessive administrative overhead
================================================================
After reading malware protection and Wave Endpoint Monitor on Wave's website and above, organizations should find using Wave Endpoint Monitor to be a great idea!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Social Media Oversharing Exposes 80% of Office Workers
https://www.infosecurity-magazine.com/news/social-media-expose-80-oversharing/
Over 80% of British and American employees overshare on social media, potentially exposing themselves and their organization to online fraud, phishing and other cyber-threats, according to Tessian.
The email security vendor polled 4000 UK and US professionals and interviewed 10 hackers specializing in social engineering to compile its latest research: How to Hack a Human.
It revealed that half of respondents share names and photos of their children, 72% mention birthdays and even more (81%) update their job status on social media.
Even worse, over half (55%) admitted they have public profiles on Facebook, and only one third (32%) have a private Instagram account.
An overwhelming majority (84%) post on social media every week and over two-fifths (42%) do so every day.
The report highlighted numerous ways scammers can use this readily available online information to target individuals; for example, by spoofing a senior exec in a new company they have just revealed as joining.
“Most people are very verbose about what they share online. You can find virtually anything,” explained MyCrypto security and anti-phishing expert, Harry Denley. “Even if you can’t find it publicly, it’s easy enough to create an account to social engineer details or get behind some sort of wall. For example, you could become a ‘friend’ in their circle.”
Even out of office messages, if they contain too much information, could be used against the individual, by giving the green light to a hacker to impersonate them online, Tessian warned.
The vendor claimed its own analysis reveals that social engineering attacks and wire fraud attacks both increased by 15% during the last six months of 2020, versus the previous six. Some 88% of respondents said they had received a suspicious email in 2020.
The vendor’s CEO, Tim Sadler, argued that the vast volume of personal information being shared online is making cyber-criminals’ jobs much easier.
“While all these pieces of information may seem harmless in isolation — a birthday post, a job update, a like — hackers will stitch them together to create a complete picture of their targets and make scams as believable as possible,” he added.
“Remember, hackers have nothing but time on their hands. We need to make securing data feel as normal as giving up data. We also need to help people understand how their information can be used against them, in phishing attacks, if we’re going to stop hackers hacking humans.”
=================================================================
A great time for Scrambls to help out here in a big way!!!
=================================================================
Protect Corporate Use of Social Media and Cloud Services with Scrambls for Enterprise
Encrypt Postings and Shared Files to Ensure Privacy and Compliance
http://www.wavesys.com/buzz/pr/protect-corporate-use-social-media-and-cloud-services-scrambls-enterprise
Lee, MA -
December 4, 2012 -
Scrambls for Enterprise launched today, giving organizations a means for their employees to safely collaborate over social media sites like Twitter® and Facebook, and share files with cloud services like Dropbox™ and Salesforce.com®. Scrambls protects data that is often overlooked in corporate security initiatives – information shared online via social media, files stored in the cloud and data in motion.
Employees are free to leverage existing social media infrastructures to enter status updates, Tweets, blog posts, files and more, without jeopardizing security or privacy. Scrambls for Enterprise encrypts data before it ever leaves a user’s computer or smartphone. Posts and files can only be viewed by those the enterprise grants permission to—everyone else sees scrambled text.
“Social media and cloud services are expanding the way business is done, but enterprises need greater control of the information they share across the public web,” commented Steven Sprague, scrambls co-creator and CEO of Wave Systems. “These services are often self-discovered by employees who use them to share critical information. Enterprises need to take responsibility for this new flow of data, and scrambls provides the privacy, security and audit controls similar to what you’d see with corporate email accounts.”
The power of scrambls lies in the permissions granted to group members. To read a post or descramble a file, the service automatically applies the permission to make it readable again for only those individuals granted access. Business administrators set the policy and manage the groups. Add or remove people from the groups at any time to change who can read messages and files, even after they’ve been published on the web.
“Scrambls can open up new business opportunities with use cases for every type of vertical market,” continued Sprague. “In healthcare, a private and protected channel for communication leads to better care and service. It’s easy for doctors, social workers and caregivers to have sensitive discussions about the care of a family member in real time using popular tools like Twitter or Facebook. Those conversations remain private with scrambls.”
Deploying scrambls in the Enterprise
The scrambls enterprise console gives employees, managers and IT staff the ability to manage accounts. You first create groups for access either by email addresses or through the existing corporate lists that enterprises already use (Active Directory, corporate email domains, etc.). Add more detailed rules as needed, like an expiration date for a file, or a password that can be used to view a blog post. Deploy the client install or have users download it, and they’re ready to scramble. It’s as simple as that!
Scrambls privacy and security can be added to an organization’s internal applications as well through a software developer kit. The SDK enables third-party apps and sites to integrate directly with scrambls to leverage the same groups for security, privacy and control.
Scrambls for Enterprise is available with special trial and introductory pricing for a limited time. Contact sales@scrambls.com for more information on securing social media and cloud services in your organization. A free consumer download is also available at www.scrambls.com.
About Scrambls
Scrambls is a Cloud security and privacy service developed by Wave Systems Corp. (NASDAQ: WAVX) that makes online sharing simple and safe. All you need is the scrambls plug-in added to your browser toolbar, or a scrambls-enabled application. Scrambls lets you decide what the privacy policy will be for each communication that you share. Scrambls makes Cloud sharing smarter, with security and control over what you are sharing and with whom you are sharing it.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
China Steals Personal Data of 80% of US Adults
https://www.infosecurity-magazine.com/news/china-steals-personal-data-of-80/
The Chinese government may have stolen personal data from 80% of adults in the United States, according to a 60 Minutes report that aired yesterday on American television and radio network CBS.
In the report, former director of the US National Counterintelligence and Security Center, Bill Evanina, warned that the PRC is actively working to gather and exploit Americans' DNA and other health information.
Evanina described how Chinese company BGI Group had approached six different states with offers to construct and operate coronavirus testing labs. The company accompanied the offers with promises to "make additional donations" to the states.
Suspicious of the offer and what the data collected may be used for, the former security official warned the states not to accept the Group's proposal.
“We put out an advisory to not only every American, but to hospitals, associations, and clinics," said Evanina. "Knowing that BGI is a Chinese company, do we understand where that data's going?"
He added: "Current estimates are that 80% of American adults have had all of their personally identifiable information stolen by the Communist Party of China."
The 60 Minutes report described the quest to obtain and control humanity's biodata—and, in turn, control health care's future—as the new space race. The PRC has publicized its ambition to lead the world in DNA science and technology public in a manifesto.
"They have something called Made in China 2025," said former biochemist turned FBI Supervisory Special Agent Edward You, "and in these national strategies, they absolutely call out wanting to be the dominant leader in this biological age."
Special Agent You said that America could soon be dependent on the PRC for far more than PPE and face masks.
"What happens if we realize that all of our future drugs, our future vaccines, future health care are all completely dependent upon a foreign source?” said You.
Commenting to Infosecurity Magazine on the special report, Dirk Schrader, global VP at New Net Technologies, said: “Recent cyber-security research about the status of data protection in the health sector indicates that there is no real need for any foreign government to use advanced hacking methods to have access to personal health information (PHI) of US citizens.
“For example, radiology data of approximately six million US citizens was discovered unprotected in late 2019, with no substantial improvement to that a year later. On top of that, the largest provider who had left its radiology archives connected to the public internet without any protection, is owned by a Chinese investor.”
==================================================================
Whatever the percentage of data stolen by the Chinese, using data protection from Wave for the remaining important data would be a smart idea by organizations!!!
==================================================================
http://www.wavesys.com/data-protection
Security = data protection
When we talk about security, what we really mean is protecting data from theft and misuse. Proprietary information, R&D, corporate strategy, customer names and phone numbers, social security numbers, passwords … All have potential monetary value, and all are targets. Data theft is a growth industry. As an example, tens of thousands of new malware strains pop up daily. With online tools, even a non-technical person can create one in minutes.
The IT perimeter has vanished
Data protection is easy enough when your data is sitting in secure servers. But today, it’s not. The workforce is increasingly mobile. More than 60 percent of corporate data lives not on servers but on laptops, tablets, and other devices (and more and more of those devices are owned by employees). Data is dispersed, constantly moving, and constantly exposed to the Internet and all the malware, viruses, and hackers lurking there.
Wave’s solution: start with the device
The Wave approach to this challenge is to make the IT perimeter irrelevant. Wave turns on and manages the self-encrypting drives (SEDs) and trusted platform modules (TPMs), or security chips, that are already embedded in many of your devices. The upshot is that each and every device is equipped with its own data protection system—while being centrally managed. This gives you unprecedented yet straightforward control over exactly who has access to your data, with what devices, over what networks.
We cost less too. Wave works on your existing hardware, across platforms. That’s because our solutions are based on an open standard that’s already been implemented on 600 million–plus laptops and is now working its way onto mobile devices. Our software is all you need to reach a whole new level of data protection. It’s one of the big reasons why total cost of ownership can be almost half that of a traditional software-based system that doesn’t even work very well.
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE