Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
FBI Director Wray warns of Chinese hacking, espionage threats against American companies
https://thehill.com/policy/cybersecurity/506250-fbi-director-wray-warns-of-chinese-hacking-espionage-threats-against
==================================================================
Chinese Hackers Bypassing Two-Factor Authentication
https://securityboulevard.com/2019/12/chinese-hackers-bypassing-two-factor-authentication/
Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system.
?How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid one-time codes and bypass 2FA at will.
?Normally, this wouldn’t be possible. To use one of these software tokens, the user would need to connect a physical (hardware) device to their computer. The device and the software token would then generate a valid 2FA code. If the device was missing, the RSA SecureID software would generate an error.
?The Fox-IT team explains how hackers might have gone around this issue:
?The software token is generated for a specific system, but of course this system specific value could easily be retrieved by the actor when having access to the system of the victim.
?As it turns out, the actor does not actually need to go through the trouble of obtaining the victim’s system specific value, because this specific value is only checked when importing the SecurID Token Seed, and has no relation to the seed used to generate actual 2-factor tokens. This means the actor can actually simply patch the check which verifies if the imported soft token was generated for this system, and does not need to bother with stealing the system specific value at all.
?In short, all the actor has to do to make use of the 2 factor authentication codes is to steal an RSA SecurID Software Token and to patch 1 instruction, which results in the generation of valid tokens.
=================================================================
After reading these two articles, Wave VSC 2.0 is the 2 factor authentication (2FA) solution that could save thousands of companies from the nefarious activities of the Chinese and other countries!!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/
https://www.wavesys.com/contact-information
The key to stopping cyberattacks? Understanding your own systems before the hackers strike
https://www.zdnet.com/article/the-key-to-stopping-cyberattacks-understanding-your-own-systems-before-the-hackers-strike/
Organisations struggle to monitor their networks because they often don't know what's there. And that allows hackers to sneak in under the radar.
Cyberattacks targeting critical national infrastructure and other organisations could be stopped before they have any impact if the teams responsible for the security had a better understanding of their own networks.
That might sound like obvious advice, but in many cases, cyber-criminal and nation-state hackers have broken into corporate networks and remained there for a long time without being detected.
Some of these campaigns involve intrusions into critical infrastructure where malicious hackers could do damage that could have serious consequences.
But hackers have only been able to get into such as strong position because those responsible for defending networks don't always have a full grasp on what they're managing.
"That's what people often misunderstand about attacks – they don't happen at the speed of light, it often takes months or years to get the right level of access in a network and ultimately to be able to push the trigger and cause a destructive act," says Dmitri Alperovitch, executive chairman at Silverado Policy Accelerator and co-founder and former CTO of CrowdStrike.
That means deep knowledge of your network and being able to detect any suspicious or unexpected behaviour can go a long way to detecting and stopping intrusions.
"Defence can work if you have time. If you're looking inside your systems, hunting for adversaries and applying intelligence, you're able to discover them even if they get in, before they do any damage," Alperovitch adds.
Knowing what's on the network has become even more crucial in recent years, as industrial environments have become increasingly connected with Internet of Things sensors and monitors.
The devices are useful to infrastructure providers because they allow better monitoring of systems for efficiency, maintenance and repair, but if not properly managed, they could be weak points for attackers to access the network.
"We need to be pro-actively testing," says Annessa McKenzie, VP of IT and CSO at Calpine, an American power generation company.
Please see link above for the rest of the article.
=================================================================
As in most industries, it appears that organizations are trying to keep the bad guys off the network. The lack of success in being able to keep bad guys off the network has lead to numerous breaches and cyberattacks. With Wave VSC 2.0 and Wave ERAS only known and approved devices are allowed access to the network. Unknown and unapproved devices (bad guys) aren't allowed access to the company network, and with Wave solutions they could stop cyberattacks!!!
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
NASA Still Struggling With Agency-Wide Cybersecurity Program
https://www.bankinfosecurity.com/nasa-still-struggling-agency-wide-cybersecurity-program-a-14560
IG Report Finds Agency's Infrastructure Remains Tempting Target for Hackers
A recent Inspector General's report finds that NASA still struggles with implementing agency-wide cybersecurity policies despite spending about $2.3 billion on IT, networking and security technology in 2019.
While NASA still has issues implementing better cybersecurity practices across the agency, the Inspector General's report notes that the space agency's infrastructure remains a tempting target for hackers, and NASA needs to do more to protect its internal systems and data.
"Given NASA's mission and the valuable technical and intellectual capital it produces, the information maintained within the Agency's IT infrastructure presents a high-value target for hackers and criminals," the Inspector General notes in its report.
The Federal Information Security Modernization Act of 2014 requires federal agencies to develop, document and implement an agency-wide information security program. It also allows Inspector General offices to investigate the progress of these program and report back with their findings and make recommendations.
As part of its most recent report, NASA's Inspector General assessed the effectiveness of the agency's system security and contingency plans, IT security handbooks and material, as well as issues relating to the agency's cybersecurity practices. The report found a lack of coordination and resources allocated to protecting certain systems.
As part of its investigation, the Inspector General's office found that NASA continues to follow a number of weak security practices such as not updating applications to prevent malicious code from infecting systems. In addition, the space agency's information security personnel are not sufficiently aware of its security policies and procedures, according to the report.
The Inspector General's report also notes that NASA's cybersecurity program does not have any action plans or strategies to mitigate security risk.
"NASA has not implemented an effective agency-wide information security program," the report notes. "As a result, information systems throughout the Agency face an unnecessarily high level of risk that threatens the confidentiality, integrity and availability of NASA's information."
The Inspector General's office offers nine recommendations for NASA to help it improve its cybersecurity program. The report notes that the agency has agreed with all the recommendations and will begin an implementation program. A spokesperson for NASA could not be immediately reached for comment.
Recommendations
The report lays out a number of cybersecurity recommendations.
These include ensuring that risk assessments of various IT systems are conducted, and that the agency develops contingency plans if one of these systems is found vulnerable to a cybersecurity threat or has been attacked, according to the report.
For example, the Inspector General recommends implementing a better policies to enforce a requirement that the agency's Risk Information Security Compliance System should be used as the main repository to track all of NASA's hardware and software. RISCS is also used as the main tool help manage NASA's security program and it contains contingency plans for each system in case of a security incident.
"The issues we identified during this evaluation occurred primarily because the [Office of the CIO] does not consistently require the use of RISCS as the agency's information security management tool," the Inspector General's report notes.
While reviewing the Agency Common Control system, which "which aggregates and manages common controls across all Agency information systems," investigators found that 94 of 203 common controls were "other than satisfied, indicating they had been assessed as less than effective," according to the report.
The Inspector General notes that NASA's CIO had not taken any action to counter these deficiencies. The agency also lacks plans or documents to address known deficiencies.
"Failure to properly address these deficiencies increases the risk of exploitations that threaten the confidentiality, integrity, and availability of NASA's information. For example, without controls in place to ensure that malicious code protection (e.g., anti-virus software) receives automatic updates, NASA information systems maybe vulnerable to new and emerging threats," the Inspector General's report notes.
Training and Materials
During the audit of NASA's CIO office, Inspector General investigators found that 27 of 45 IT governance documents had not been reviewed and approved in more than a year, and eight of them had not been reviewed in over three years. This is despite a policy mandating a review of IT security handbooks on an annual basis, the report notes.
Representatives of the CIO's office stated to investigators that they intend to re-engineer their review process in 2020, but expressed concern about insufficient resources to complete this task.
"Failure to update Agency policy and procedures in a timely manner increases the risk that NASA personnel will employ out-of-date information security practices," the Inspector General's report notes.
Prone to Hacking
Over the years, NASA has faced criticism over its security procedures and plans. In April, when the COVID-19 pandemic forced the U.S. federal government employees and contractors to work from home, NASA reported that it witnessed an increase in hacking that targeted its newly mobile workforce (see: NASA: At-Home Workers Targeted by Hackers).
An audit report by Inspector General in 2019 found that over the course of 10 years, NASA's Jet Propulsion Laboratory, based in Pasadena, California, had been hacked numerous times, with individuals and nation-state actors stealing data concerning the agency's critical missions as well as other sensitive and proprietary information (see: NASA's Jet Propulsion Lab a Frequent Hack Victim: Audit).
==================================================================
Wave could help NASA with its cybersecurity problems in a big way and help other critical industries!! The opportunities keep arising and Wave employees both past and present working together could be instrumental with Wave's success!!! Other critical industries, BMW and Mercedes may need some help with their cybersecurity as well. Wave's use of the TPM with its security could help here too!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Hackers are trying to steal admin passwords from F5 BIG-IP devices
https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/
Threat actors have already started exploiting the F5 BIG-IP mega-bug, three days after it was disclosed.
Hackers have started launching attacks against F5 BIG-IP networking devices, ZDNet has learned.
Attacks have been spotted today by Rich Warren, a security researcher for the NCC Group.
In an interview earlier today, Warren told ZDNet the attacks are malicious in nature, and hackers are attempting to steal administrator passwords from the hacked devices.
Summary: BIG-IP and CVE-2020-5902
These attacks are targeting BIG-IP, a multi-purpose networking device manufactured by F5 Networks. BIG-IP devices can be configured to work as traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.
These devices are some of the most popular networking products in use today, and they are used to underpin some of the largest and sensitive networks around.
BIG-IP devices are used in government networks, on the networks of internet service providers, inside cloud computing data centers, and they're widely deployed across enterprise networks.
The devices are so powerful and popular that on its website, F5 claims that 48 of the 50 companies included in the Fortune 50 list rely on BIG-IP systems.
Please see link above for the rest of the article.
==================================================================
Wave solutions...RIGHT HERE, RIGHT NOW!!!
==================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Cyberattacks Possibly Involved in Explosions at Iranian Nuclear, Military Facilities
https://www.securityweek.com/cyberattacks-possibly-involved-explosions-iranian-nuclear-military-facilities
Recent fires and explosions at important Iranian facilities may have been caused deliberately as part of an operation that involved cyberattacks, according to reports.
There have been several incidents at major Iranian industrial facilities in recent weeks, including a fire at the Natanz nuclear enrichment site and an explosion at the Parchin military complex near Tehran, which is believed to be involved in the production of missiles.
Iranian officials blamed the Parchin explosion on a gas leak and in the case of Natanz they downplayed the incident claiming that it only impacted a warehouse that was under construction.
However, some believe the damage was more extensive than Tehran admitted and in the case of Natanz there also appears to have been an explosion. Experts told the Associated Press that the Natanz incident apparently impacted a production facility.
Natanz, one of Iran’s primary nuclear facilities, was targeted a decade ago with the Stuxnet malware as part of a campaign supposedly conducted by the United States and Israel.
According to some reports, a cyberattack allegedly launched by Israel may have been involved in the latest incident as well.
Kuwaiti newspaper Al-Jarida claimed to have learned from sources that the Natanz fire was the result of a cyberattack aimed at gas compression systems and a blast allegedly caused a crack in a reactor building. The same newspaper reported that the Parchin incident was also caused by a cyberattack.
Iran’s Mizan news agency cited an Iranian military leader saying that the country would “respond” if a cyberattack was involved.
An apparent Iranian dissident group calling itself “Cheetahs of the Homeland” has taken credit for the attack on the facility at Natanz, but it did not provide additional details.
Israel revealed in April that industrial control systems (ICS) at some of its water facilities had been targeted by a sophisticated threat actor which, according to SecurityWeek’s sources, knew exactly how to attack ICS.
Iran was the main suspect in that attack, whose goal may have been to disrupt or poison Israel’s water supply. However, Israel said it had thwarted the attack before any damage was caused.
==================================================================
Wave Systems Announces First U.S. Federal Government Customer for Wave Virtual Smart Card 2.0
https://www.wavesys.com/buzz/pr/wave-systems-announces-first-us-federal-government-customer-wave-virtual-smart-card-2.0
Lee, MA -
October 2, 2014 -
Wave Systems Corp. (NASDAQ: WAVX) marked an important sales milestone by announcing the first U.S. federal government customer for its Virtual Smart Card 2.0.
Since the Virtual Smart Card 2.0 became commercially available in late July 2014, Wave has entered into dozens of pilot deployments in multiple sectors, including healthcare, financial services, automotive, energy and utilities. However, today’s announcement marks the product’s first sale in the government sector.
“This is an important milestone for Wave,” said Bill Solms, CEO of Wave. “Wave Virtual Smart Card 2.0 has been purchased by a government agency with significant security requirements and one that requires redundant means of system authentication due to national security interests. This initial sale is modest compared to the addressable market within the Federal Government sector, but it is important to our strategy for marketing the Virtual Smart Card to address critical government infrastructure defense.”
“We believe that this sale, which was completed on a shorter sales cycle than we had anticipated, supports our view that customers are interested in the type of cyber security solution that Wave’s Virtual Smart Card 2.0 provides,” Solms added.
Wave Virtual Smart Card 2.0 is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7. It also supports Windows 8 and 8.1. Wave’s new solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, lower total cost of ownership, and a reduced risk of unauthorized use.
Wave Virtual Smart Card 2.0 gives IT the ability to:
Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure PIN and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with TPM 1.2 or TPM 2.0
==================================================================
In addition to the link above, please see the links below for further information that could protect the U.S. if the events in the article above escalate!! Critical industries could really use Wave solutions!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
The next cybersecurity headache: Employees know the rules but just don't care
https://www.techrepublic.com/article/the-next-cybersecurity-headache-employees-know-the-rules-but-just-dont-care/
Employees are still ignoring cybersecurity best practice despite being more aware of the risks.
Cybersecurity has shot to the top of many IT leaders' priorities over the past few months as remote working became the de facto way of doing business. Yet despite more awareness of the security risks of working from home, employees are still showing a lax attitude when putting it into practice, according to new findings.
Security firm Trend Micro surveyed more than 13,000 remote workers across 27 countries for its latest Head in the Clouds survey, which sought to understand individuals' attitudes towards risk in terms of cybersecurity.
Seventy-two percent of respondents claimed to have gained better cybersecurity awareness during the pandemic, with 81% agreeing that workplace cybersecurity falls partly on their shoulders. Despite this, the findings highlighted a disconnect between employees being more aware of risks and them putting this knowledge into practice.
For instance, 56% of employees admitted to using a non-work application on a work device, with 66% admitting to uploading corporate data to that application. This is despite 64% of respondents acknowledging that using non-work applications on a corporate device is a security risk.
Similarly, 39% of respondents said they either often or always access work data from a personal device – almost certainly in breach of workplace security policy.
On the flipside, 80% of respondents admitted to using their work laptop for personal browsing, with only 36% restricted the types of sites they visit while doing so.
Trend also found that employees were skirting the advice of IT teams if they thought it could get the job done quicker: while 85% claimed they take instructions from their IT team seriously, a third of respondents (34%) said they did not give much thought to whether the apps they use are approved by IT or not if it meant getting work done.
Additionally, 29% said they used non-work applications because they believed the solutions provided by their company were 'nonsense'.
Trend Micro's report concluded that simply throwing more awareness programmes at employees "doesn't appear to be the answer", as the findings showed individuals were aware of the risks but still didn't stick to the rules of their company.
Instead, tailored training programmes that account for individual employees' values and personalities could be the answer, said Bharat Mistry, Trend Micro's principal security strategist.
"It's encouraging to see that so many take the advice from their corporate IT team seriously," said Mistry.
"Having said that, there are individuals who are either blissfully ignorant or worse still who think cybersecurity is not applicable to them and will regularly flout the rules. Hence having a one-size-fits-all security awareness programme is a non-starter as diligent employees often end up being penalised."
Attitude towards cybersecurity has become a key theme amongst businesses during the pandemic, with the sudden shift to home-based working throwing up a multitude of new considerations for IT security teams , not least a surge in the number of reported email phishing scams.
Return to work
There could be fresh threats on the horizon as employees return to the office, too, according to a separate survey this week from KnowBe4, which provides IT security tools for businesses as well as cybersecurity awareness training.
In a survey of 1,000 furloughed employees in the UK & Ireland, 48% said they were not worried about finding phishing emails in their work inbox because they expected IT to take care of them. By comparison, 37% recognized that it was there responsibility to be vigilant to scam emails and report them if necessary.
Similarly, when asked about their attitudes to sorting through work emails on their return to the office, 47% said they planned to sort through them as quickly as possible so they could return to business as usual. This stands in contrast to the 38% of respondents who said they would take their time to go through their emails to make sure they didn't click on any links or attachments that could be fraudulent.
KnowBe4 concluded that business leaders should be prepared to provide security refresher courses to employees upon their return to work, pointing out that furloughed workers might need to work through backlogs of correspondence.
"When workplaces start welcoming their employees back, they're inevitably going to be under pressure to catch up with all their missed correspondence," the report read.
"That pressure has the potential to introduce security liabilities, particularly as workers rush to catch up on several months of unread emails. Workplaces would therefore be wise to implement technologies that can mitigate the risk of phishing [and] to offer security training."
==================================================================
https://www.wavesys.com/wave-alternative
Excerpts:
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
=================================================================
As an organization, using Wave's solutions accomplishes greater security effectiveness than trying to solve the problems via training. Solve the problems in a better way; use Wave's solutions! There is information on protecting organizations from phishing at post #245989
Nice post Methinks, thanks!
The more cybersecurity tools an enterprise deploys, the less effective their defense is
https://www.zdnet.com/article/the-more-cybersecurity-tools-an-enterprise-deploys-the-less-effective-their-defense-is/
New research highlights how throwing money indiscriminately at security doesn’t guarantee results.
The enterprise is slowly improving its response to cybersecurity incidents, but in the same breath, it is still investing in too many tools that can actually reduce the effectiveness of defense.
On Tuesday, IBM released the results of a global survey, conducted by the Ponemon Institute and featuring responses from over 3,400 security and IT staff worldwide. The research suggests that while investment and planning are on the uptake, effectiveness is not on the same incline, with response efforts hindered by complexity caused by fragmented toolsets.
The research, IBM's fifth annual Cyber Resilient Organization Report, says that while organizations are improving in cyberattack planning, detection, and response, their ability to contain an active threat has declined by 13%.
On average, enterprises deploy 45 cybersecurity-related tools on their networks. The widespread use of too many tools may contribute to an inability not only to detect, but also to defend from active attacks. Enterprises that deploy over 50 tools ranked themselves 8% lower in their ability to detect threats, and 7% lower in their defensive capabilities, than other companies employing fewer toolsets.
It does appear that the enterprise cybersecurity scene is reaching a new level of maturity, however, with 26% of respondents saying that their organizations have now adopted formal, company-wide Cyber Security Incident Response Plans (CSIRPs), an increase from 18% five years ago.
In total, however, 74% of respondents said their cybersecurity planning posture still leaves much to be desired, with no plans, ad-hoc plans, or inconsistency still a thorn in the side of IT staff. In addition, among those who have adopted a response plan, only a third have created a playbook for common attack types to watch out for during daily operations.
"Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face," the report notes.
According to IBM, a lack of planning and incident response testing can lead to a damages bill up to $1.2 million higher than a cyberattack would have otherwise cost a victim company.
The cost can be high in terms of disruption, too, as only 39% of enterprise companies with CSIRP applied have experienced a severely disruptive attack in the past two years -- in comparison to 62% of those which did not implement any form of plan.
TechRepublic: Expiring security certificates may start shutting down IoT devices
In light of the COVID-19 pandemic and the rapid changes many of us have experienced in our workplaces, CSIRP setups need to be reviewed, and if need be, changed to adapt to the working from home environment. However, only 7% of respondents review these plans quarterly, and 40% have no time period set whatsoever for reviews.
"With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that many businesses are relying on outdated response plans which don't reflect the current threat and business landscape," IBM added.
=================================================================
Here's an opportunity for Wave to help organizations who don't know about the Wave alternative to discover there is a better way to defend their organization's data and network in a way that successfully achieves the organizations' goals. The use of Wave solutions for an average organization should result in a massive reduction (from 45 cybersecurity tools) in an organization's cybersecurity tools.
=================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
Microsoft Is Quietly Becoming a Cybersecurity Powerhouse
https://www.nasdaq.com/articles/microsoft-is-quietly-becoming-a-cybersecurity-powerhouse-2020-06-29
==================================================================
If Microsoft is quietly becoming a cybersecurity powerhouse then Wave Systems should be the Trusted Computing Powerhouse!!!! With ESW Capital backing Wave, and everyone cooperating, this could very well become a reality!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
1Password launches domain breach report to address credential stuffing
https://www.helpnetsecurity.com/2020/06/29/1password-launches-domain-breach-report-to-address-credential-stuffing/
1Password is launching a first-of-its-kind domain breach report. Now, companies using 1Password’s enterprise password manager can swiftly identify compromised accounts and take action to protect the enterprise by alerting users to create new secure passwords generated via 1Password.
The domain breach report strengthens 1Password’s market-leading enterprise password management offering, deepening its value as the foundational layer of the identity and access management stack.
IT administrators enrolled in 1Password Business and 1Password Teams can quickly create a domain breach report which checks all company email addresses against a list of nearly 10 billion compromised accounts provided by HaveIBeenPwned.com.
The report identifies all company email addresses which have been caught in data breaches and provides details about each breach so that IT can take corrective action. Administrators can notify employees and direct them to create new secure passwords in affected accounts.
“Our domain breach report is designed to help IT better support every user in the enterprise,” said Matt Davey, chief operating officer, 1Password. “Rather than forcing employees and IT alike to go through frustrating blunt-force security processes like company-wide automated password resets, our partnership means IT can intercede surgically, reaching out directly to affected employees when they know there’s a real threat. This launch supports our mission to help IT departments in the never-ending challenge to protect the enterprise against credential-stuffing attacks and promote healthy password habits, all while helping workers to get more done.”
A 1Password survey of 2,100 workers found that one-third of respondents reuse memorable passwords for new accounts and nearly half use a pattern of similar passwords. Password reuse enables credential stuffing, whereby attackers target multiple accounts with exposed email addresses and passwords, leaving companies vulnerable to breaches. 1Password makes it easy to provide unique secure passwords for all accounts in the enterprise, limiting exposure in the event of a breach.
“The rate and scale of corporate data breaches has been increasing dramatically over recent years,” said Troy Hunt, founder of HaveIBeenPwned.com. “A dedicated password manager like 1Password not only provides essential protection against the impact of a data breach, but also makes passwords more user friendly than ever.”
==================================================================
Wave VSC 2.0 doesn't need this report; please see why in post #245989. It helps explain why its better to have a better designed solution in Wave VSC 2.0!!! Changing passwords for everyone effected seems to be a painful experience, and which is what could happen in this article! The report doesn't cover phishing and trained to detect it or not, employees without the right solution (Wave VSC 2.0) can't combat phishing. (Please see post #245989) Buy the BETTER solution, BUY Wave VSC 2.0 (the right solution)!!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
350,000 Social Media Influencers and Users at Risk Following Data Breach
https://www.infosecurity-magazine.com/news/data-breach-social-media/
Personal data of an estimated 100,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me, Risk Based Security has discovered. The same breach has also led to more than 250,000 social media users having their information fully exposed on a deep web hacking forum, leaving these individuals at risk of being targeted by scams.
The leak was discovered by Risk Based Security’s data breach research team on June 6 when a known threat actor revealed they had compromised Preen.Me’s systems and were holding the personal information of over 100,000 affiliated influencers under ransom on a popular deep web hacking forum. The actor shared 250 records via PasteBin on the same day, and two days later on June 8, stated their intention to release the other 100,000 records, although this has not yet occurred.
The information includes influencers’ social media links, email addresses, names, phone numbers and home addresses. It was noted that those affected appear to be associated with cosmetic or lifestyle-related content.
Roy Bass, senior dark web analyst, Risk Based Security, commented: “While passwords were not leaked, threat actors can search for compromised passwords from other database leaks and link them to the accounts through email addresses/other personal information, or employ brute force techniques. We observed one threat actor state his intention to do so.
“They [those exposed] are also susceptible to spam and substantial harassment via their leaked contact information, as well as spear-phishing and identity theft scams if enough personally identifiable information is gathered.”
Then on June 14, the same cyber-criminal fully leaked the details of over 250,000 social media users who use Preen.Me’s application, ByteSizedBeauty. This includes their social media links, as well as personal information such as home and email address, date of birth, eye color and skin tone.
Bass added: “Regarding the other social media users, they are vulnerable to the previously mentioned threats with an increased risk for spear-phishing and identity theft scams due to more personal information being leaked.”
=================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Lee, MA -
May 9, 2013 -
Wave Systems Corp. (NASDAQ: WAVX), the Trusted Computing Company, today announced Wave Knowd, a new web service available for preview that significantly reduces the vulnerability and use of passwords by leveraging the unique identity of computing devices. With a simple integration of Wave Knowd, any website can establish reliable and consistent identity relationships with the devices its customers use most often for Internet services. Wave Knowd, which signifies “Known Devices,” is being tested by partners to provide the backbone for general purpose machine identity.
“The maturation of the web mandates a change in how we, and our computing devices, connect to the web,” said Steven Sprague, Wave CEO. “With cable television, satellite radio, bank kiosks and mobile phones, the service relationship is tied to the endpoint device. The web needs the security and simplicity of this same model, where our computing devices themselves play an added role in authentication. I access dozens of web services every day from the computer in my home office, and want those sites to know and trust my PC so they’ll stop continually asking me to log in. Wave Knowd enables that trust.”
To make web authentication stronger and simpler, Wave Knowd provides a new approach to signing on and accessing Cloud and Internet services. From online banking to business services and even consumer gaming, passwords are failing to provide a level of security that either service providers or users can trust. Knowd is built upon the concept that only known devices should ever access a protected network. Knowd incorporates all of your access and identity solutions together to establish a relationship of trust between users’ computing devices, and the web services they access.
“We interact online using so many devices now, but from a security perspective those devices aren’t all equal. Accessing medical records or confidential business files from my kid’s smartphone is certainly not as trustworthy as connecting from my business PC with an encrypted drive,” continued Mr. Sprague. “Wave Knowd is all about making the Web simpler and safer, and that new foundation of trust begins with known devices, and known capabilities.”
Once machine identity is established, any web site—from gaming, social networking or shopping; to banking, business and financial services—can use Wave Knowd to create a reliable and persistent identity for the connecting device. Knowd allows Web sites to streamline access for users who repeatedly log on from trusted devices, while bolstering security. Initial authentication creates a unique and anonymous relationship between each computing device and each web service accessed, and then the level of trust between the two grows over time. Knowing the device can also help the site prevent fraud and phishing, or simply provide quicker no-password access. Wave is the partner helping to create and manage these relationships.
“Wave Systems was the obvious choice to provide ID Dataweb’s attribute exchange with device identity services,” said David Coxe, CEO at ID Dataweb. “In Knowd, Wave has provided a system that is rooted in state of the art device security technologies such as the Trusted Platform Module and other secure elements, while also offering a simple web based integration. It’s easy to identify if a connecting device is highly trusted, or whether it requires added screening and security.”
ID Dataweb uses Wave’s Knowd solution as part of the Identity Ecosystem supported through a grant from the U.S. Department of Commerce’s National Institute of Standards and Technology’s NSTIC initiative (National Strategy for Trusted Identities in Cyberspace). ID Dataweb has created a standards-based platform to simplify online identity verification using OpenID credentials.
Providing the Tools to Manage Trust in the Cloud: What’s Your Trust Score?
Wave Knowd is a powerful enhancement for any website. The endpoint identity service links an individual users’ unique device identity, with the Internet services that are typically protected only by username and password access. Users are prompted by their cloud service provider to register their primary computing devices to create a unique and persistent device identity relationship with their Internet services and service providers. No personal ID information is obtained by Wave, as Knowd works purely as a machine identity service. Furthermore, registered devices are given a unique ID for every service provider, establishing a separate trust relationship with each service.
Wave Knowd asserts a Trust Score that helps both consumers and cloud services or relying parties to determine the level of trust granted to each specific computing device. For example, a home PC that is used regularly for banking will quickly build a high Trust Score. Users can achieve a higher Trust Score by installing a small software application (Wave Knowd currently supports Windows 7 and 8, with Apple and Android to follow later this year). Business-class PCs containing a standard Trusted Platform Module (TPM) can establish even greater trust by leveraging the TPM security chip to create and securely store a unique device ID.
Knowd provides a web service with a new capability to enable or disable features based on the device that the user is actively using, providing a new security option for the end user. Perhaps an account password can only be reset from the user’s registered home computer and not from anywhere in the world, thereby linking in all of the user’s investment in the security of their home, from their alarm system to the doorman. Every web service can benefit from integrating Wave Knowd as part of the user’s experience.
How to protect remote workers from phishing and other attacks
https://www.helpnetsecurity.com/2020/06/24/how-to-protect-remote-workers-from-phishing-and-other-attacks/
=================================================================
The writer of this article was from Yubico. It discusses multi factor authentication (MFA) which Wave competes against the likes of Securid and Yubico. One difference, however, is that Wave VSC 2.0 uses hardware security already built into computers. No key to be lost, stolen and then replaced, and better security at less than half the cost. Why buy two (securid and yubico) when buying one (Wave VSC 2.0) works better!!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpts:
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
Please see Wave's website below for the many advantages of using Wave solutions!!!
================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Prolific Hacker Made Millions Selling Network Access
https://www.infosecurity-magazine.com/news/infamous-hacker-millions-selling/
A notorious Russian cyber-criminal made over $1.5m in just the past three years selling access to corporate networks around the world, according to a new report from Group-IB.
The study profiles the work of “Fxmsp” on underground forums where he published his first ad selling access to business networks in 2017.
Over the following years he would compromise banks, hotels, utilities, retailers, tech companies and organizations in many more verticals.
In just three years he claimed to have compromised over 130 targets in 44 countries, including four Fortune 500 firms. Some 9% of his victims were governments.
Group-IB calculated the $1.5m figure purely from publicized sales, although 20% of those Fxmsp compromised were made through private sales, meaning the hacker’s trawl is likely to be even bigger.
Fxmsp even hired a sales manager in early 2018.
He leapt to infamy in 2019 after a widely publicized compromise of the networks of three anti-virus vendors, before apparently going quiet.
According to the report, Fxmps’s tactics were disconcertingly simple. The hacker would scan IP addresses for open RDP ports, especially 3389, brute force the RDP password, disable any AV and firewall and then create additional accounts.
Next, he would install the Meterpreter backdoor on exposed servers, harvest and decrypt dumps from all accounts and then install backdoors on the backups. This meant if a victim spotted something suspicious and rolled back to backups, Fxmsp could achieve persistence.
“Fxmsp is one of the most prolific sellers of access to corporate networks in the history of the Russian-speaking cyber-criminal underground. He set a trend and his success inspired many others to follow suit: the number of sellers of access to corporate networks increased by 92% in H2 2019 vs H1 2017, when Fxmsp entered the market,” said Dmitry Volkov, CTO of Group-IB.
“Prior to Fxmsp joining the underground, the sellers would offer RDP access to separate servers, without even bothering to ensure persistence or performing reconnaissance in the network. Fxmsp took this service into a whole new level.”
In a recent report on the cybercrime underground, Trend Micro warned that access-as-a-service is becoming an increasingly popular offering on dark web sites. Prices for Fortune 500 companies can reach up to US$10,000 it claimed.
==================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
==================================================================
These hackers would have to 'try' to get past Wave's 2FA because brute forcing wouldn't work against Wave VSC 2.0!!! Please take note of the bolded underlined text in the post!
==================================================================
https://www.wavesys.com/
Microsoft: These hackers got from a broken password to full control of a network - in just days
https://www.zdnet.com/article/microsoft-how-hackers-got-from-a-broken-password-to-full-network-control-in-just-days/
Cloud security: Microsoft details how sophisticated attacks can move quickly from a small breach to a big problem.
Microsoft has detailed how one sophisticated hacking group is able to get from a cracked cloud password to full control over a network in less than a week.
"Every day, we see attackers mount an offensive against target organizations through the cloud and various other attack vectors with the goal of finding the path of least resistance, quickly expanding foothold, and gaining control of valuable information and assets," Microsoft's Threat Protection Intelligence Team said, as they detailed a particularly sophisticated type of attack they have been monitoring and defending customers against.
In particular, the Microsoft team identified the group it calls Holmium as among the most effective in using cloud-based attack vectors of all those -- including organised crime and nation-state backed hackers -- that it tracks.
Also known as ATP33, StoneDrill and Elfin, this group is widely linked to Iran, and has been performing espionage and destructive attacks targeting aerospace, defence, chemical, mining, and petrochemical companies for a number of years now.
Microsoft's researchers said Holmium uses various ways to gain access to its targets, including spear-phishing emails and attempts to use lists of well-known passwords to break into accounts -- a technique known as 'password spraying'.
But many of Holmium's recent attacks have involved a penetration testing tool called Ruler used alongside compromised Exchange credentials. The researchers said the hacking group has been running cloud-based attacks with Ruler since 2018, with another wave of such attacks in the first half of 2019.
These attacks typically started with 'intensive' password spraying against exposed Active Directory Federation Services infrastructure; organizations that were not using multi-factor authentication had a higher risk of having accounts compromised, Microsoft noted.
Armed with some Office 365 accounts, the group then launched the next step with Ruler, which gives them control over the PC --which can then be used by the hackers to explore further.
"Once the group has taken control of the endpoint (in addition to the cloud identity), the next phase was hours of exploration of the victim's network", Microsoft said.
This involved finding more user accounts and PCs to attack on the network.
These attacks typically took less than a week from initial access via the cloud to obtaining "unhampered access and full domain compromise", Microsoft said. This access then allowed the attackers to stay on the network for long periods of time, sometimes for months on end.
During these attacks, many target organizations reacted too late -- for example when the malicious activities started manifesting on endpoints via PowerShell commands and subsequent lateral movement behaviour, the researchers warned.
"The earlier attack stages like cloud events and password spray activities were oftentimes missed or sometimes not linked with activities observed on the endpoint. This resulted in gaps in visibility and, subsequently, incomplete remediation," the researchers said, noting that Microsoft's Threat Protection suite was able to defend against such attacks.
"Corporate data is spread across multiple applications -- on-premises and in the cloud -- and accessed by users from anywhere using any device. With traditional surfaces expanding and network perimeters disappearing, novel attack scenarios and techniques are introduced," Microsoft warned.
==================================================================
Wave VSC 2.0 - better security at less than half the cost!!! This article represents another scenario where Wave could prevent these attackers from doing damage, and they wouldn't be spending seconds or weeks on the company network!!! Please see the link below for all of Wave's important solutions!!!
==================================================================
https://www.wavesys.com/
Cloud Security Alliance Offers Tips to Protect Telehealth Data
https://www.darkreading.com/cloud/cloud-security-alliance-offers-tips-to-protect-telehealth-data/d/d-id/1338136
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.
The COVID-19 pandemic has pushed healthcare organizations to make telehealth a top priority. As they do, they're forced to confront privacy concerns related to information access, usage, and alteration, as well as the security of public cloud services where health data is stored.
As the Cloud Security Alliance (CSA) explains in a new report on protection of health data, "telemedicine" and "telehealth" should not be used interchangeably. The former refers to the clinical diagnosis and monitoring by technology; the latter has a broader definition. Telehealth covers clinical healthcare and tools such as kiosks, website monitoring applications, mobile apps, wearable devices, and videoconferencing technology to link patients with healthcare providers.
Health delivery organizations (HDOs) are ramping up telehealth capabilities such as remote patient monitoring (RPM) and telemedicine to treat people at home and reduce the risk of exposure for both providers and patients. This will continue to grow long after the pandemic, the experts write.
The increasing reliance on telehealth in the cloud is expected to drive privacy and security risks for healthcare institutions. Most hospital systems delivering telehealth use videoconference tools as well as cloud and Internet technologies, creating a range of potential issues and demanding security teams take a closer look at their architecture to identify flaws and decide on controls.
This is a shared responsibility between the HDO and cloud provider. Healthcare organizations must understand the regulatory requirements of patient data and the technologies they use.
Public cloud services are accessed over the public Internet, which experts say does not mean the cloud is inherently secure but should be considered in a cloud security model. HIPAA requires HDOs maintain "reasonable and appropriate" administrative, technical, and physical protections to protect public health information (PHI). HDOs are also mandated to do a security-threat risk analysis, which includes cloud-based threats and provides information needed to make risk-based decisions.
Healthcare organizations should also identify the security controls they have in place and ensure they're working as intended. As part of these assessments, the HDO should talk with its cloud service providers about governance, compliance, confidentiality, integrity, availability, and incident response and management. Stakeholders must consider the end-to-end security of the systems, including internal policies for access control and user provisioning.
Protected health information is at the core of privacy concerns related to telehealth, and the emergence of targeted attacks against information systems to access PHI is concerning. The HIPAA Privacy Rule, which regulates the collection, use, and disclosure of PHI, provides insight for better understanding the privacy implications. It mandates health organizations to track the use and disclosure of PHI and notify patients when their data is used. The EU's GDPR, which gives people certain rights when data is used, may also apply, depending on where PHI is stored.
Healthcare organizations must know how their cloud providers handle data retention and monitor how they access and use data. If there's a breach of health data, the provider should have a plan for how it will notify the HDO and launch incident response. Cloud providers should also sign a business associate agreement, another requirement under HIPAA.
CSA also emphasizes the importance of a continuous monitoring program to make sure HDOs enforce and improve their security operations for internal controls, as well as privacy and security programs used by a cloud service provider. This monitoring is maintained throughout the data, applications, and systems life cycles and should be altered over time for continuous risk awareness and compliance, the experts explain in their report.
==================================================================
I highly recommend reading "Cloud Computing and Security - A Natural Match" trustedcomputinggroup.org
With telehealth becoming such an important part of the health market, and with Wave's experience in security and TPMs, Wave should be able to help secure such a sensitive area. With well over a billion TPMs in the marketplace, this technology could be really helpful for telehealth and more! With such a great security being built-in to devices, not using it seems CRAZY!!!
==================================================================
https://www.wavesys.com/
Fortune 500 insurance firm Genworth discloses data breach
https://www.bleepingcomputer.com/news/security/fortune-500-insurance-firm-genworth-discloses-data-breach/
Excerpts:
While the company disabled access to the impacted user accounts, it still monitors the accounts and the policies for suspicious behavior.
"At this point, there has been no evidence of further unauthorized activity," Genworth stated.
=================================================================
It appears very obvious that Wave VSC 2.0 and Wave solutions could have an enormously positive impact for Genworth Financial. The monitoring of the network could be very time consuming and not as effective as using Wave VSC 2.0 and Wave solutions!!! Unauthorized users/devices would not be allowed on the network because of the two factor authentication (2FA) if the company had used Wave VSC 2.0 and Wave solutions!!! There are many organizations along with Genworth Financial that could substantially benefit from using Wave VSC 2.0 and Wave solutions!!!
==================================================================
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
Wins competitive evaluation against market leader in two-factor authentication tokens
https://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Lee, MA -
December 17, 2015 -
Wave Systems Corp. (NASDAQ: WAVX) announces a five-year master licensing agreement (MLA) with a leading global corporation (as determined by the 2015 Fortune Global 500 List) for its Virtual Smart Card 2.0 solution. This MLA sets the terms and pricing for licenses and maintenance across the customer’s global organization and establishes it as their preferred two-factor authentication solution. Instead of one large license purchase for the entire organization, each of the customer’s subordinate divisions will make separate orders in accordance with the terms of this MLA.
The first purchase of 2,000 VSC 2.0 licenses under this agreement, when added to a previous purchase, completes the requirement for the customer’s global IT division. That division will now lead the internal effort to standardize the remaining 150,000+ endpoints within their organization with the new Wave VSC 2.0 solution. While there are no minimum order requirements under the agreement, discussions for additional orders are underway.
“Our five-year agreement with this customer is the first very large scale contract for VSC 2.0 and is an important milestone for Wave,” said Bill Solms, President and CEO of Wave Systems. “This customer is a major global financial services company and their standards for protecting their systems from unauthorized access and the integrity of their data are of the highest order. Wave had to pass a very rigorous technical and business review to win the competition. We believe that this client’s decision to choose Wave Virtual Smart Card 2.0 over their incumbent solution gives us tremendous credibility in the two-factor authentication market. We will remain engaged with this company in order to complete the additional sales and deployments in the months ahead.”
Wave Virtual Smart Card 2.0 is a tokenless, hardware-based, two-factor authentication solution that offers superior security at less than half the cost of comparable solutions. It is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7, 8 and 10. It also provides management support for the Microsoft Virtual Smart Card on Windows 8 and 10. Wave’s VSC solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, significantly lower total cost of ownership, and a greatly reduced risk of unauthorized access.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure Passphrase and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with both TPM 1.2 and TPM 2.0 security chips
For more information, visit: Wave Virtual Smart Card 2.0
I Know All the Cybersecurity Rules. Yet I Still Break Them
https://www.wsj.com/articles/i-know-all-the-cybersecurity-rules-yet-i-still-break-them-11592485201
=================================================================
Wave has created three solutions that could be very useful relative to this article, and 'make it easier' and more secure. Wave VSC 2.0, Wave Scrambls and Wave Knowd. The world would be a better place with these Wave solutions!!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
==================================================================
Protect Corporate Use of Social Media and Cloud Services with Scrambls for Enterprise
Encrypt Postings and Shared Files to Ensure Privacy and Compliance
https://www.wavesys.com/buzz/pr/protect-corporate-use-social-media-and-cloud-services-scrambls-enterprise
Excerpt:
Employees are free to leverage existing social media infrastructures to enter status updates, Tweets, blog posts, files and more, without jeopardizing security or privacy. Scrambls for Enterprise encrypts data before it ever leaves a user’s computer or smartphone. Posts and files can only be viewed by those the enterprise grants permission to—everyone else sees scrambled text.
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Excerpts:
“The maturation of the web mandates a change in how we, and our computing devices, connect to the web,” said Steven Sprague, Wave CEO. “With cable television, satellite radio, bank kiosks and mobile phones, the service relationship is tied to the endpoint device. The web needs the security and simplicity of this same model, where our computing devices themselves play an added role in authentication. I access dozens of web services every day from the computer in my home office, and want those sites to know and trust my PC so they’ll stop continually asking me to log in. Wave Knowd enables that trust.”
Pentagon Wants to Scale Up Its Device Security Program
https://www.nextgov.com/cybersecurity/2020/06/pentagon-wants-scale-its-device-security-program/166225/
The Comply-to-Connect program ensures devices connecting to military networks have baseline security without needing to install endpoint management apps.
The Defense Department wants to make sure any device touching its network meets the Pentagon’s strict cybersecurity standards and is in the process of expanding its Comply-to-Connect, or C2C, program across the military.
C2C was started in November 2013 as a joint program between the National Security Agency, Marine Corps and Air Force, deployed to help the branches manage 20,000 endpoints—devices such as smartphones, laptops and desktops. Pilot programs at Marine Corps Base Camp Lejeune in North Carolina and Tinker Air Force Base in Oklahoma established a set of security compliance tools that prevented unsecured devices from connecting to the DOD Information Network, or DODIN.
“Building on the success of these pilots, demand for the capability increased throughout DoD network space,” according to a request for information issued Tuesday by the Defense Information Systems Agency.
DISA has already deployed C2C capabilities with the Navy and Marine Corps, according to the RFI, though these are only initial “pathfinder activities” that have yet to scale. The information request seeks industry feedback on software management platforms that could help the department grow and operationalize C2C capabilities.
The program works by proactively seeking out and tracking all devices connected to the network and continuously analyzing them to ensure compliance with all department cybersecurity requirements. The program is set up to both prevent access to the network and respond quickly to remove non-compliant devices.
“The C2C solution will allow real time visibility of all IP endpoint, network infrastructure, and internet of things devices,” the RFI states. “By identifying the non-compliant and previously unidentified devices, DoD will be able to isolate these assets and mitigate risk in an automated fashion, which will significantly increase the security posture of the DODIN.”
The program also creates segments within the DODIN based on “device type, operational/functional impact, sensitivity, and security risk,” the RFI states. “This segmentation will restrict an adversary’s ability to traverse the network, protect access to sensitive data, and allow easier remediation upon discovery providing an automation solution that is reliable, timely, and allows for comprehensive reporting on critical cyber security metrics.”
Program officials have a long way to go before C2C can scale across all of DOD, but the management software is a key first step, according to the RFI.
The RFI outlines several technical characteristics DISA wants in potential solutions, including:
•A single, converged platform to “discover, identify, categorize, classify and profile all devices” connected to the DODIN. To ensure the platform is a catch-all for everything touching the network, the software must use “the widest variety of both passive and active network-based and host-based discovery methodologies.”
•The ability to “automatically remediate deviations from established required compliance baselines” on non-compliant devices without the need to install endpoint management software on the device.
•The ability to segment networks—or manage segmentation—to block non-compliant devices. Then, once the devices have been updated, “segregate devices by type/function to limit access to only mission necessary network segments.” This capability should also be achieved without the use of an endpoint agent.
•Continuously monitor devices for compliance and ensure information sharing between various cybersecurity components.
Responses are due by 1 p.m. June 26. Questions on the RFI are due by 1 p.m. June 25 and will only be accepted by email.
=================================================================
With Wave having successful experiences in managing all the different TPMs, it would make sense for their software to be used as a baseline in this program. Wave's TPM software has been licensed by Dell, Lenovo, Asus, and more. This versatility could increase the better security possibilities for the program. This may not be part of the program, but Wave's software could allow known and approved devices on the network and keep unknown and unapproved devices off the network (IMMEDIATELY)!!! Wave could also be helpful with the health of the device!!
=================================================================
https://www.wavesys.com/
No One Else’s Business: Crucial Steps in Achieving Effective Organizational Trusted Computing
https://securityboulevard.com/2020/06/no-one-elses-business-crucial-steps-in-achieving-effective-organizational-trusted-computing/
The dawn of 5G and the Internet of Things (IoT) era is rapidly approaching, facilitating the design and development of innovative devices with greater capabilities. COVID-19 is further driving this industry at a tremendous pace as companies seek more agility through digital transformation. With anticipation building for this new network of cutting-edge technology to be realized, consumers have ever-mounting expectations as to their personal platforms such as gaming systems, smart home devices and streaming options – including how customizable they are. In order to effectively deliver a tailored experience to each individual user, operators must harvest, store and analyze vast amounts of data – and this is only set to grow with the emergence of the latest tech.
Such expansion of IoT requires an increased range of personal data to be gathered to meet these personalization demands. With a larger, more detailed variety of user data being stored by operators, the value of the information rises, as does the potential for cyberattacks. Thus, it is vital that organizations employ full-coverage security measures to protect their own data and that of their customers, ensuring that they remain reputable and relevant among a sensitive and competitive market.
Dangerously overlooked
What most users are not aware of is the fact that effective cybersecurity technology starts with them. As data is encrypted within the operating system and hard drives, many believe their information to be safe from outside influence. However, this is not the case; there are many more preventative measures that are advised to ensure responsible Trusted Computing.
All personal computers – and a growing number of IoT devices – are installed with a Trusted Platform Module (TPM) which protects the user’s data from hackers by not only encrypting it, but also storing the encryption keys within the TPM chip. By failing to properly store these keys so that they are hidden within the system, hackers can easily find and use them to read all personal information stored on the computer. This includes data such as biometric and password authentication, protecting user access to websites and platforms. Superior to generic password manager software due to its larger vault capacity, the TPM can securely store complex keys used to protect passwords, only decrypting the password once it has been submitted from the memory vault. In initiating the TPM, the end-user ensures that the keys are kept hidden, making any attacks by hackers detrimental in their potential payoff versus the effort needed to decrypt the keys from their storage unit.
Before you continue reading, how about a follow on LinkedIn?
Self-Encrypting Drives (SEDs) are also an option, offering Opal standard protection across all commercial drives on the market. Usable by any IT department to improve the security of their devices, SEDs harness the ability to continuously encrypt the hard drive without user interference. In sending all data through a Data Encryption Key (DEK) when it is being both stored on the drive (encrypted) and read by the user (decrypted), the data stays constantly protected without any need for interference. This system also offers the option of an emergency hard drive reset – if the data on the drive needs deleting permanently and quickly, the user can command the SED to change the DEK encryption, rendering any data stored via the previous DEK unreadable. The use of this alongside the TPM, which hides these DEKs, makes for better security coverage and stronger layers of protection.
The misunderstanding that security measures take time, money and effort to implement is one of the largest front-line threats, as the reality is that the standardized measures in both personal and corporate computers make them available at the flip of a switch. The risks to sensitive information come with lack of education as to the security resources available at the fingertips of the user, and many crucial settings get overlooked. In terms of organizational enterprises this is an especially important factor, as the data carries monetary value and is stored on an entire network of computers – even more potential gateways into the cloud. SEDs and TPMs provide a readily available form of protection for corporations, thus minimizing the costs of security coverage across entire fleets.
Taking stronger measures
Other, more advanced measures which can be implemented for better Trusted Computing include Integrity Checking and Measurement. By recording the conditions under which the PC normally boots – the software running, the operating system and the drivers – a fingerprint of normal operations can be taken. This baseline is used against all other boots to compare and measure what is normal and abnormal. If anything diverts from this learned norm, it will be detected via these integrity checks and a new fingerprint will be generated to account for the threat (e.g. a virus). This tamper alert will cause the TPM to lock the encryption keys for both the hard drive and password vault within the chip, rather than releasing them, until the threat is cleared. By interrupting the boot, and keeping the keys, attackers are prevented from ever getting into the machine data or reading them out of memory.
This same measurement of device health can also be applied to wider networks. Device Health Attestation allows an administrator to validate the measurements in the TPM and, thus, the health of the device remotely via cloud-based or premises services. If a device is found to be infected, it can be easily quarantined. The benefit of having personal access to device health measurements, as an organization is that as IT admin you can actively monitor your devices to identify which are healthy or infected based on the TPM.
Risk assessment
While the TPM won’t prevent devices from getting infected, they will prevent the secured data from going anywhere and keep it out of attackers’ hands by alerting the user to any infection. The TPM works effectively as a baseline protective measure for every PC and IoT device, laying the foundations for additional measures to be introduced and offering readily available resources from which a strong security unit can be built. Without implementing the very systems already ingrained in existing devices, networks are left open to threats such as ransomware, among other viruses. The threat of stolen, re-encrypted or leaked data that companies are then charged to get back is a common attack, and one that is a huge concern as the data vulnerable to extraction is vast and valuable.
The only thing stopping users from implementing the security they have already paid for is knowledge. Knowing how to take advantage of the security resources available is key to protecting both personal and corporate data. With $8 billion lost due to ransomware attacks in 2018, a 79% increase over the previous year, leaving data vulnerable is a dangerous and costly risk. As a result, authorities such as the UK government’s National Cyber Security Centre and leading organizations such as Microsoft are encouraging the proper use of cybersecurity measures and recommend TPM use as a best practice for users.
Beside encrypting data, integrity checking and measurement can also be used to ensure trusted computing. #respectdata Click to Tweet
The industry is still working towards a future which eradicates cyberattacks altogether, making security measures restorative, rather than defensive. New developments currently involve automated recovery features installed within devices, allowing them to automatically detect threats, shut down to protect the data and self-heal, restoring a clean set of software onto itself. This is a promising outlook for the Trusted Computing industry and marks a cutting-edge milestone for next-generation devices. For now, however, we must make utilizing the technology currently existing at our fingertips our own responsibility, and actively contribute to the safety of our own property using software we have already paid for.
The dawn of 5G and the Internet of Things (IoT) era is rapidly approaching, facilitating the design and development of innovative devices with greater capabilities. COVID-19 is further driving this industry at a tremendous pace as companies seek more agility through digital transformation. With anticipation building for this new network of cutting-edge technology to be realized, consumers have ever-mounting expectations as to their personal platforms such as gaming systems, smart home devices and streaming options – including how customizable they are. In order to effectively deliver a tailored experience to each individual user, operators must harvest, store and analyze vast amounts of data – and this is only set to grow with the emergence of the latest tech.
Such expansion of IoT requires an increased range of personal data to be gathered to meet these personalization demands. With a larger, more detailed variety of user data being stored by operators, the value of the information rises, as does the potential for cyberattacks. Thus, it is vital that organizations employ full-coverage security measures to protect their own data and that of their customers, ensuring that they remain reputable and relevant among a sensitive and competitive market.
Dangerously overlooked
What most users are not aware of is the fact that effective cybersecurity technology starts with them. As data is encrypted within the operating system and hard drives, many believe their information to be safe from outside influence. However, this is not the case; there are many more preventative measures that are advised to ensure responsible Trusted Computing.
All personal computers – and a growing number of IoT devices – are installed with a Trusted Platform Module (TPM) which protects the user’s data from hackers by not only encrypting it, but also storing the encryption keys within the TPM chip. By failing to properly store these keys so that they are hidden within the system, hackers can easily find and use them to read all personal information stored on the computer. This includes data such as biometric and password authentication, protecting user access to websites and platforms. Superior to generic password manager software due to its larger vault capacity, the TPM can securely store complex keys used to protect passwords, only decrypting the password once it has been submitted from the memory vault. In initiating the TPM, the end-user ensures that the keys are kept hidden, making any attacks by hackers detrimental in their potential payoff versus the effort needed to decrypt the keys from their storage unit.
Before you continue reading, how about a follow on LinkedIn?
Self-Encrypting Drives (SEDs) are also an option, offering Opal standard protection across all commercial drives on the market. Usable by any IT department to improve the security of their devices, SEDs harness the ability to continuously encrypt the hard drive without user interference. In sending all data through a Data Encryption Key (DEK) when it is being both stored on the drive (encrypted) and read by the user (decrypted), the data stays constantly protected without any need for interference. This system also offers the option of an emergency hard drive reset – if the data on the drive needs deleting permanently and quickly, the user can command the SED to change the DEK encryption, rendering any data stored via the previous DEK unreadable. The use of this alongside the TPM, which hides these DEKs, makes for better security coverage and stronger layers of protection.
The misunderstanding that security measures take time, money and effort to implement is one of the largest front-line threats, as the reality is that the standardized measures in both personal and corporate computers make them available at the flip of a switch. The risks to sensitive information come with lack of education as to the security resources available at the fingertips of the user, and many crucial settings get overlooked. In terms of organizational enterprises this is an especially important factor, as the data carries monetary value and is stored on an entire network of computers – even more potential gateways into the cloud. SEDs and TPMs provide a readily available form of protection for corporations, thus minimizing the costs of security coverage across entire fleets.
Taking stronger measures
Other, more advanced measures which can be implemented for better Trusted Computing include Integrity Checking and Measurement. By recording the conditions under which the PC normally boots – the software running, the operating system and the drivers – a fingerprint of normal operations can be taken. This baseline is used against all other boots to compare and measure what is normal and abnormal. If anything diverts from this learned norm, it will be detected via these integrity checks and a new fingerprint will be generated to account for the threat (e.g. a virus). This tamper alert will cause the TPM to lock the encryption keys for both the hard drive and password vault within the chip, rather than releasing them, until the threat is cleared. By interrupting the boot, and keeping the keys, attackers are prevented from ever getting into the machine data or reading them out of memory.
This same measurement of device health can also be applied to wider networks. Device Health Attestation allows an administrator to validate the measurements in the TPM and, thus, the health of the device remotely via cloud-based or premises services. If a device is found to be infected, it can be easily quarantined. The benefit of having personal access to device health measurements, as an organization is that as IT admin you can actively monitor your devices to identify which are healthy or infected based on the TPM.
Risk assessment
While the TPM won’t prevent devices from getting infected, they will prevent the secured data from going anywhere and keep it out of attackers’ hands by alerting the user to any infection. The TPM works effectively as a baseline protective measure for every PC and IoT device, laying the foundations for additional measures to be introduced and offering readily available resources from which a strong security unit can be built. Without implementing the very systems already ingrained in existing devices, networks are left open to threats such as ransomware, among other viruses. The threat of stolen, re-encrypted or leaked data that companies are then charged to get back is a common attack, and one that is a huge concern as the data vulnerable to extraction is vast and valuable.
The only thing stopping users from implementing the security they have already paid for is knowledge. Knowing how to take advantage of the security resources available is key to protecting both personal and corporate data. With $8 billion lost due to ransomware attacks in 2018, a 79% increase over the previous year, leaving data vulnerable is a dangerous and costly risk. As a result, authorities such as the UK government’s National Cyber Security Centre and leading organizations such as Microsoft are encouraging the proper use of cybersecurity measures and recommend TPM use as a best practice for users.
Beside encrypting data, integrity checking and measurement can also be used to ensure trusted computing. #respectdata Click to Tweet
The industry is still working towards a future which eradicates cyberattacks altogether, making security measures restorative, rather than defensive. New developments currently involve automated recovery features installed within devices, allowing them to automatically detect threats, shut down to protect the data and self-heal, restoring a clean set of software onto itself. This is a promising outlook for the Trusted Computing industry and marks a cutting-edge milestone for next-generation devices. For now, however, we must make utilizing the technology currently existing at our fingertips our own responsibility, and actively contribute to the safety of our own property using software we have already paid for.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
More is at the above link.
================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
=================================================================
The article above provides much more information, other than the highlights only. This should be required reading for those who want more information on the TPM and SEDs, and Wave can TURN ON THE TPMS for organizations and initialize SEDs remotely!!!
Rapidly evolving keylogger malware has some security experts worried
https://www.tomsguide.com/news/keylogger-threat
Network operators warned to take steps to defend against keylogger threat.
A new keylogger that could have a significant impact on web security is being carefully tracked by researchers.
The main worry about this keylogger -- called Mass Logger by its discoverers -- is due to the frequency at which it is being updated by its creator.
The best antivirus programs to keep your systems clean
Best VPN: add a layer of extra protection thanks to a virtual private network
Just in: Zoom security issues: Here's everything that's gone wrong
A keylogger is software or hardware that logs and saves whatever's typed into a keyboard, often in the aim of stealing passwords, usernames or other sensitive information. Keylogging malware is often deployed by spyware or in phishing attacks.
Research lab Cofense Intelligence wrote in a blog post that the author of Mass Logger is consistently updating and improving the malware, making it easier for the malware to bypass security measures designed to mitigate such threats.
Another concern is that the author is able to quickly add new features after receiving feedback from customers (yes, malware developers have customers), which will likely make the malware popular among cybercriminals.
Sophisticated malware
Max Gannon of Cofense Intelligence wrote that one malware campaign used an attached GuLoader executable to deliver an encrypted Mass Logger binary.
He explained: “GuLoader has recently risen to prominence as a malware delivery mechanism which downloads encrypted payloads hosted on legitimate file-sharing platforms.
“The email used to exfiltrate data in this campaign was also recently seen in an Agent Tesla keylogger campaign, indicating that some threat actors may already be switching from Agent Tesla to Mass Logger.”
Mass Logger was created by a developer called NYANxCAT, who is also behind a range of other notorious malware. These include LimeRAT, AsyncRAT and various other RAT variants. (RAT is short for remote-access Trojan, malware that pretends to be benign but which creates a backdoor into your machine after you open the file.)
Rich, easy-to-implement malware
Gannon said NYANxCAT's malware is feature rich and easy-to-use so that it can be easily implemented by cybercriminals, who don't always have the skills to develop their own malware. But what’s interesting is that Mass Logger is already rather advanced.
“Despite this relatively low entry bar, many of the features incorporated into Mass Logger are advanced, such as its USB spreading capability,” Gannon wrote.
“The capable actor behind these malware families has demonstrated an investment in Mass Logger, improving the functionality of the malware with 13 updates in only a three-week time period.”
He also said Mass Logger can steal credentials, bypass automated detection and search for specific file extensions and then exfiltrate them.
To mitigate these threats, Gannon recommends that network defenders watch for FTP sessions or emails sent from the local network that do not conform to your organization’s standards, tune sandbox systems to look for anti-analysis and evasion techniques and disable password-saving in applications like Firefox.
=================================================================
Using an anti-malware solution like Wave Endpoint Monitor and Wave VSC 2.0 (2FA) are a one two combination that other cybersecurity companies just don't have under one company like Wave!!! In this article, WEM can catch this elusive malware, and Wave VSC 2.0 can:
https://www.wavesys.com/products/wave-virtual-smart-card
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
Thus, there are no keystrokes to keylog, and WEM can already catch the malware, but having a one two punch makes the security even stronger!!!
==================================================================
https://www.wavesys.com/wave-alternative
https://www.wavesys.com/
Why Securing Endpoints Is The Future of Cybersecurity
https://www.forbes.com/sites/louiscolumbus/2020/06/14/why-securing-endpoints-is-the-future-of-cybersecurity/#33811e494b7c
=================================================================
The securing your endpoints' solutions are already here and they get the job done. The solutions are at wavesys.com!!!
=================================================================
Microsoft Just Gave A Billion Users A Reason to Quit Windows 10
https://www.forbes.com/sites/gordonkelly/2020/06/14/microsoft-windows-10-problems-testing-windows-insiders-windows-10-updates/#1d95e830173d
================================================================
In addition to Windows 10, Windows 7 and 8 can be protected by Wave VSC 2.0 and Wave's other solutions. There may be organizations that are hesitant to upgrade to Windows 10 due to situations like the article above so using Wave solutions could be highly beneficial to these organizations. That way Windows 7, 8 and 10 could all be properly protected by Wave for distinguished organizations.
Trump Retweets Call for Microsoft Ban From Federal Contracts
https://www.bloomberg.com/news/articles/2020-06-12/trump-retweets-call-for-microsoft-ban-from-federal-contracts-kbc7pj17
It sure would make a lot of sense for Trump to work with Wave!!!!
U.S. Officials Ask Juniper Networks About Investigation Into 2015 Backdoor
https://www.securityweek.com/us-officials-ask-juniper-networks-about-investigation-2015-backdoor
More than a dozen U.S. officials have sent a letter to California-based networking and cybersecurity solutions provider Juniper Networks to ask the company about the results of the investigation launched in 2015 following the discovery of a backdoor in its products.
In late 2015, Juniper Networks revealed that it had identified unauthorized code in some versions of the ScreenOS operating system running on its firewalls. The code was found to introduce two vulnerabilities: one that could be exploited to remotely gain admin access to a device, and one that could allow an attacker to decrypt VPN traffic.
The VPN vulnerability was related to the use of the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG), which ScreenOS used as a pseudo-random number generator (PRNG). Dual EC DRBG was known to contain a backdoor introduced by the NSA, which led some to speculate that the NSA may have planted the unauthorized code in Juniper products, while others said it could have been the work of a foreign government.
An initial analysis revealed that the backdoor may have been there since 2008. Juniper had been aware of the security risks posed by the use of Dual EC DRBG and it had not used it as its primary PRNG. In addition, the company made some changes that should have mitigated risks, but the unauthorized code enabled the backdoor and made it possible to launch attacks.
A group of three senators and 13 members of the U.S. House of Representatives announced on Wednesday that they have sent a letter to Juniper Networks in an effort to find out what the company learned from its investigation into what the officials described as “secret government backdoors.”
“It has now been over four years since Juniper announced it was conducting an investigation, but your company has still not revealed what, if anything, it uncovered,” the officials wrote. “The American people — and the companies and U.S. government agencies that trusted Juniper’s products with their sensitive data — still have no information about why Juniper quietly added an NSA-designed, likely-backdoored encryption algorithm, or how, years later, the keys to that probable backdoor were changed by an unknown entity, likely to the detriment of U.S. national security.”
The letter was sent to Juniper just as the U.S. Attorney General and other government officials have been trying to convince — and in some cases even force — companies to add encryption backdoors to their products to facilitate surveillance and investigations.
Juniper has been given one month to answer eight questions about the incident, including on the company’s decisions surrounding Dual EC DRBG, the results of its investigation, the source of the unauthorized code, and any recommendations made and implemented following the probe.
SecurityWeek has reached out to Juniper Networks for comments, but we have yet to hear back. This article will be updated if the company responds.
==================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Security Minute: RSA Sale Creates New Opportunities For Partners
https://www.crn.com/news/security/video/security-minute-rsa-sale-creates-new-opportunities-for-partners
Learn how the recent sale of RSA will impact partners and how the company is evolving with the times.
RSA reported a 680-percent increase in fraud transactions from mobile apps between 2015 and 2018 in its 2019 Current State of Cybercrime report. The cybersecurity vendor has evolved its solutions to keep up with cybercriminals.
“This is a really exciting time for us here at RSA, and I feel [it is an exciting time] for our channel partners to set us up for future success,” says Brian Breton, regional vice president of RSA Americas Channel Sales and Operations.
RSA was sold by Dell earlier this year and will soon be managed by Symphony Technology Group, or STG Partners. RSA assures partners there will be no immediate changes but says their voices will be heard.
“As we do every year, we will be meeting with partners and seeking their feedback on what they see in the market as to what’s working and what they would like to see more from RSA,” says Breton.
RSA is a channel-driven organization, which has not changed, even after the sale. Dell Technologies COO Jeff Clarke says STG is enthusiastic about RSA’s mission and committed to its partner base.
“Everything we sell within our portfolio has tremendous opportunities,” says Breton. “As the customers increase their user population and their networks as they grow, the products all have a capability to expand. Once you get that product in there, you can continue to make money off of that product in that installed base.”
CRN bestowed a 5-star rating on RSA’s partner program SecurWorld for its training opportunities; sales and technical support; and full-service marketing service. Looking to the future under new management, Breton sees unlimited potential.
“This change will afford us phenomenal opportunities,” says Breton.
RSA has unveiled several new and upgraded offerings over the past year, including an evolved SIEM and threat-defense solution for the NetWitness platform, a new hardware token called Yubikey for RSA SecurID Access and Archer Suite is now available as a SaaS model.
=================================================================
Wave VSC 2.0 has better security at less than half the cost!! When one thinks of 'unlimited potential', Wave VSC 2.0 comes to mind before Securid!!! For further education on Securid, please read the Wave VSC white paper below! If the better choice (Wave VSC 2.0) was being sold through its partners, customers would be happier after purchasing Wave VSC 2.0!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/virtual-smart-card-2.0-from-wave
https://www.wavesys.com/products/wave-virtual-smart-card
OAuth Attacks Bypass MFA Protection
https://www.infosecurity-magazine.com/infosec/oauth-attacks-bypass-mfa/
Whenever a phishing attack hits the headlines, the advice is always the same: train your employees to be suspicious, and use multi-factor authentication (MFA), followed by a mandatory discussion of how passwords aren’t enough to guarantee security anymore. This is generally good advice, but don’t be lulled into a false sense of security: MFA isn’t watertight, and two stories surfaced in May to prove it.
Many online services today have turned their back on repeated password entry, instead u’ing OAuth. This is an authorization mechanism that lets one site interact with another on your behalf, and it’s commonly used to sign into third party websites.
For example, a site supporting Google-based logins offers a ‘sign in with Google’ option that redirects you to Google’s sign-in screen if you’re not already signed into your Google account. It’s a way of enabling you to sign up for a service without filling out a new username and password form.
After you’ve signed into your Google account, the search giant returns you to the third party site with a request token. The third party site then shows that token to Google, which grants it an access token that lets it access the information you’ve authorized it to see in your account (in this case, your email address, to confirm that you’re signing in with your Google account). This token gives the site access to that information for a limited time, at which point you’ll have to repeat the process.
Google allows people to protect their accounts with MFA using its authenticator app, which protects this third party relationship too. Someone trying to sign into the third party site using your Google account would need your phone to complete the sign-in.
Please see the rest of the article at the above link.
==================================================================
Use a better MFA solution in Wave VSC 2.0!! Wave VSC 2.0 wouldn't have the problems outlined in this article!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
FCA further delays two-factor online shopping authentication by 6 months
https://www.computerworld.com/article/3558540/fca-further-delays-two-factor-online-shopping-authentication-by-6-months.html
The UK's Financial Conduct Authority (FCA) will delay the planned introduction of mandatory two-factor authentication for higher-value electronic payments by another six months, amidst the major disruption being caused by the COVID-19 pandemic. The deadline for compliance is now 14 September 2021.
The FCA first delayed the measure in August last year, as a "plan for a phased implementation" which "gives the payments and e-commerce industry extra time to implement Strong Customer Authentication (SCA)".
The rules, which were originally due to come into place in September, officially fall under the Secure Customer Authentication (SCA) section of the Second Payment Services Directive (PSD2), which came into force in January 2018. The European Banking Authority (EBA) only issued clarity on the technical standards required in June 2018 however.
See the link above for the rest of the article.
==================================================================
With on-line shopping sites like Rakuten and honey having success, a Wave comeback with Ishophere and a second authentication factor like the TPM could make e-shopping a better experience. It would be simpler and more secure for the shopper!!! This article shows just how important 2FA is!!!
Ishophere was just ahead of it's time, and now it could be winner in the market with the ubiquity of the TPM!!
80% of Organizations Suffered a Cloud Data Breach in the Past 18 Months
https://www.cisomag.com/cloud-data-breaches/
Excerpt:
A new research has revealed that 80% of organizations suffered at least one cloud data breach in the past 18 months, while 43% of companies reported 10 or more cloud data breaches.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Get better security at less than half the cost
Passwords are weak. Tokens are expensive. Don’t compromise on security or price.
Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
What will you do with >50% TCO savings?*
Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.
Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.
When we say “secure”…
…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).
*Actual number may vary. Contact us today to receive more details and a free quote.
Key Features:
• Full lifecycle management of virtual smart cards
• Intuitive interface to create (or delete) virtual smart cards
• Command line option to create and delete virtual smart cards
• Flexible PIN policies
• Helpdesk-assisted PIN reset and recovery
• Generates reports for compliance
• Integrates with Active Directory
• Supports familiar use cases ? Virtual Private Network (VPN)
? Local logon
? Remote logon
? Remote desktop access
? Intranet/Extranet
? Cloud applications
==================================================================
If Wave's partners were active selling Wave, and they knew what Wave VSC 2.0 could do to secure the cloud, articles like this one wouldn't be happening!!! It's just one of the many features that make Wave solutions great!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
Cybercriminals exposed 5 billion records in 2019, costing U.S. organizations over $1.2 trillion
https://www.helpnetsecurity.com/2020/06/04/cybercriminals-exposed-5-billion-records-in-2019/
Cybercriminals exposed over 5 billion records in 2019, costing over $1.2 trillion to U.S. organizations, according to ForgeRock. Coupled with breaches in 2018 costing over $654 billion, breaches over the last two years have cost U.S. organizations over $1.8 trillion.
Healthcare: The most targeted industry
Healthcare emerged as the most targeted industry in 2019, accounting for 382 breaches and costing over $2.45B, an increase from 164 incidents costing over $633 million in 2018.
Despite healthcare being the most frequently targeted industry, technology firms had the highest number of records compromised from breaches with over 1.37 billion exposed in 2019 costing a total of over $250 billion.
Personally identifiable information (PII) remained as the most targeted data by attackers and was exposed in 98% of 2019 breaches, up from 97% in 2018.
•Unauthorized access was the most common attack vector used in 2019, responsible for 40% of breaches, followed by ransomware and malware at 15% and phishing at 14%.
•By targeting PII and leveraging unauthorized access, cybercriminals highlight how weaknesses in enterprises’ identity and access management (IAM) practices increasingly allow for greater volumes and more sensitive types of data to be pilfered.
•In fact, social security numbers (SSNs) were the most targeted type of data compromised as they were exposed in 384 breaches in 2019.
“Cybercriminals continue to refine their attack vectors and can execute a greater volume of attacks than ever before to pilfer consumer data,” said Eve Maler, CTO, ForgeRock.
“The Consumer Identity Breach Report’s findings demonstrate that no industry is safe. Enterprises need to critically evaluate their digital identity management strategies for weaknesses.
“Given that there are new pressures to tear down the corporate castle walls for access by bring-your-own devices, temporary workers and outside applications, organizations must deploy a modern platform that provides intelligent, contextual and continuous security that can prompt for identity validation after detecting anomalous behavior. They can then ensure more layers of security between threat actors and consumer data while delivering superior experiences to their legitimate users.”
Cybercriminals and exposed records: 2020 is set to outpace 2019
Based on Q1 2020 data, 2020 is set to outpace 2019 in terms of records breached, despite the fact the number of breaches tracks down by 57%. There have been 92 data breaches affecting 1.6 billion records in Q1 2020 alone, 9% more records than Q1 2019.
Healthcare is still the most breached industry in Q1 2020, accounting for 51% of the incidents, which may be due to attackers targeting strained healthcare organizations amid the COVID-19 pandemic. However, the most records exposed throughout Q1 2020 have been from social media firms.
Key findings
•Following healthcare, the banking/insurance/financial industry was the second most targeted in 2019, accounting for 12% of all breaches. This is followed by education (7%), government (5%) and retail (5%).
•Social security numbers and date of birth details were the most targeted data – accounting for 37% of breached information, yet this is down from 54% in 2018.
•Name and addresses (18%) and personal health information (17%) were the second and third most breached data types, respectively.
•Medical records are the most sought-after type of PII in Q1 2020, accounting for 25% of all exposed data.
=================================================================
PROBLEMS IN THE MARKET THAT CONTINUE TO RUN RAMPANT: UNAUTHORIZED ACCESS, DATA BREACHES, RANSOMWARE, MALWARE and PHISHING can be STOPPED with WAVE SOLUTIONS!!! And the trend for exposed records in 2020 is UP!!! If Wave's key partners and new partners knew how Wave could stop these 5 problems, and the market embraced Wave solutions, Wave in 2020 and 2021 could keep trillions in organizations' pockets!!! The Wave alternative below helps explain Wave better and is highly recommended reading!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
https://www.wavesys.com/contact-information
Ransomware gang says it breached one of NASA's IT contractors
https://www.zdnet.com/article/ransomware-gang-says-it-breached-one-of-nasas-it-contractors/
DopplePaymer ransomware gang claims to have breached DMI, a major US IT and cybersecurity provider, and one of NASA IT contractors.
==================================================================
DMI and Wave Partner to Secure the Mobile Enterprise
https://www.wavesys.com/buzz/pr/dmi-and-wave-partner-secure-mobile-enterprise
Orlando, FL -
September 11, 2013 -
(The Trusted Computing Conference, Section 207) Digital Management Inc. (DMI), a leading provider of mobile enterprise solutions and services, and Wave Systems Corp. (NASDAQ: WAVX), the leading Trusted Computing software company, announced a partnership to offer government and commercial enterprises a range of trusted computing solutions to better secure mobile environments. Under the terms of this partnership, DMI and Wave will develop, market, and deliver Trusted Computing-based security solutions for the mobile enterprise centered on Wave's groundbreaking Trusted Computing product suite.
NEWS FACTS:
DMI/Wave offerings include:
Ultra Secure Tablet: Enterprise-grade management and security for tablets. Trusted computing security enables strong second-factor authentication for network access, always-on encryption, and eliminates the need for extra passwords and is currently offered for Windows 7 and Window 8 devices.
Virtual Smartcard: More secure device, app, WiFi, and wired network access control, without the need for an extra piece of hardware. Utilizes the on-board Trusted Platform Module (TPM) for hardware-based security and available for Windows 7 and Windows 8 devices.
Enterprise Device Identity and Integrity: Prevents malicious intruders from accessing networks by knowing what devices are on it and how healthy they are. Eliminates device spoofing and the use of stolen credentials. Prevents compromised devices from accessing the network and meets emerging NIST guidelines for BIOS integrity.
DMI/Wave solutions are offered as installed solutions or managed services, supported 24x7 through DMI's Managed Mobile Service Centers.
DMI, a leader in trusted computing and mobile enterprise solutions, sets international standards within the Trusted Computing Group (TCG), develops advanced security architectures for some of the largest IT manufacturers in the world, and applies security strategies, R&D and develops enterprise solutions for customers like the U.S. Air Force and the U.S. Army.
Wave is the leading Trusted Computing software company, with over 10 years experience spearheading the industry's shift to hardware-based security across the IT landscape. Like DMI, Wave helps set the international standards in the TCG. Wave consistently applies those standards in first-to-market products for enterprises seeking better security.
SUPPORTING QUOTES:
Jay Sunny Bajaj, DMI founder and CEO said: "Enterprises are keenly aware of the increasingly sophisticated cyber threats and the catastrophic results of a major compromise. Trusted Computing offers greater protection for networks and endpoints over other solutions on the market because the security is built into the devices themselves. We're proud to be joining forces with Wave, one of the true pioneers in Trusted Computing. Together we can offer a full range of highly secure solutions for the mobile enterprise, all based on off-the-shelf hardware."
Steven Sprague, Wave CEO said: "DMI has a well-earned reputation for successfully delivering large-scale, mission-critical projects throughout the federal government and large commercial enterprises. As one of the pre-eminent mobile solutions providers -- and the only one with deep trusted computing expertise -- formalizing a partnership with DMI was a natural step for both sides. Our partnership will prove especially helpful for large-scale deployment opportunities where customers are interested in advanced mobile security capabilities enabled by Trusted Computing standards."
==================================================================
When Wave went into Chapter 11, DMI probably like other partners may have cut ties with Wave. Given how much Wave/ESW could help with cybersecurity and preventing ransomware, rekindling the partnership with Wave/ESW sounds like a major WIN/WIN!!!
==================================================================
https://www.wavesys.com/
Over 460 million records exposed in breach incidents reported in May
https://www.bleepingcomputer.com/news/security/over-460-million-records-exposed-in-breach-incidents-reported-in-may/
Excerpts:
In many cases, the amount of data exposed to unauthorized users was not provided, so the number is likely much higher.
In many cases, the victims learn of the intrusion at a much later time or don't learn about it at all. Others, don't even report the incidents for fear of fines and losing their customers.
==================================================================
I find it hard to believe that shareholders, ex-employees, and employees of Wave are not shaking their heads at an article like this when Wave has the capabilities to stop this from happening!!! I'm surprised that Wave's and ESW's forces haven't taken the cybersecurity World by storm. Based on Wave's outstanding solutions and people behind them, Wave should be the #1 Cybersecurity/Trusted Computing company in the World!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
https://www.wavesys.com/contact-information
Cybersecurity:
Selected Federal Agencies Need to Coordinate on Requirements and Assessments of States
https://www.gao.gov/products/gao-20-123
Excerpt:
Among the 4 federal agencies we examined, 49% to 79% of security requirement parameters—the number of log-on attempts allowed, for example—were in conflict.
==================================================================
Wouldn't it be so much easier and more secure to login using Wave VSC 2.0 for federal agencies and states!!
==================================================================
Wave Systems Announces First U.S. Federal Government Customer for Wave Virtual Smart Card 2.0
https://www.wavesys.com/buzz/pr/wave-systems-announces-first-us-federal-government-customer-wave-virtual-smart-card-2.0
Lee, MA -
October 2, 2014 -
Wave Systems Corp. (NASDAQ: WAVX) marked an important sales milestone by announcing the first U.S. federal government customer for its Virtual Smart Card 2.0.
Since the Virtual Smart Card 2.0 became commercially available in late July 2014, Wave has entered into dozens of pilot deployments in multiple sectors, including healthcare, financial services, automotive, energy and utilities. However, today’s announcement marks the product’s first sale in the government sector.
“This is an important milestone for Wave,” said Bill Solms, CEO of Wave. “Wave Virtual Smart Card 2.0 has been purchased by a government agency with significant security requirements and one that requires redundant means of system authentication due to national security interests. This initial sale is modest compared to the addressable market within the Federal Government sector, but it is important to our strategy for marketing the Virtual Smart Card to address critical government infrastructure defense.”
“We believe that this sale, which was completed on a shorter sales cycle than we had anticipated, supports our view that customers are interested in the type of cyber security solution that Wave’s Virtual Smart Card 2.0 provides,” Solms added.
Wave Virtual Smart Card 2.0 is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7. It also supports Windows 8 and 8.1. Wave’s new solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, lower total cost of ownership, and a reduced risk of unauthorized use.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure PIN and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with TPM 1.2 or TPM 2.0
==================================================================
https://www.wavesys.com/
List of well-known web sites that port scan their visitors
https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/
The above article is very interesting!
==================================================================
Why not try an effective, less intrusive technology that doesn't scan a user's computer, and combats online payment fraud!!! Now is the time to be using this and Wave's many great solutions!!!
==================================================================
Wave and Bell ID Partner to Combat Online Payment Fraud
EMV card-present transactions enabled for E-Commerce by integrating TPM technology.
https://www.wavesys.com/buzz/pr/wave-and-bell-id-partner-combat-online-payment-fraud
Lee, MA -
July 31, 2014 -
Wave Systems Corp. (NASDAQ: WAVX) announced it is partnering with chip lifecycle management solutions company, Bell ID, to offer a joint solution aimed at reducing online payment fraud. The solution will be marketed primarily to card issuing banks, as well as online merchants, governments, and enterprises worldwide.
Using Bell ID’s Trusted Service Manager and Secure Element in The Cloud (SEiTC) server, alongside Wave’s ERAS for TPM management and Wave’s endpoint identity and monitoring expertise, the combined offering provides robust protection for transactions and stored payments. The companies have executed a letter of intent and anticipate the signing of a definitive agreement in August.
The incident rate of card-not-present (CNP) fraud has been growing steadily over the past several years. According to a recent FICO Banking Analytics Blog, CNP fraud now accounts for close to half of all credit card fraud. Countries that have already adopted the EMV® card specification have seen CNP fraud rates increase. In the United States, CNP fraud is expected to rise significantly over the next eighteen months, as the EMV standard is put into effect. The EMV directive, which implements a global standard for a secure chip-based payment application, will make merchants liable for any fraud resulting from transactions on systems that are not EMV-capable.
“Wave’s robust product portfolio is very complementary to Bell ID’s strongly positioned solution set in the financial services market,” said Bill Solms, CEO, Wave Systems. “We see the EMV transition creating high demand for more secure transaction capabilities, and are confident that together we can provide financial institutions with a comprehensive solution for payment authorization and storage.”
“Bell ID has been a pioneer in developing and delivering cloud-based payment platforms,” adds Pat Curran, Executive Chairman at Bell ID. “We also have extensive experience in delivering EMV solutions globally and have witnessed fraud transition online as point-of-sale terminals in face-to-face transactions become more secure. We are therefore delighted to extend our offering with Wave to provide a secure online transaction and storage payment solution, which will mitigate against an expected rise in online fraud and provide a trusted link between device identity and internet services.”
CXOs are the weakest link in mobile device security and most likely to suffer cyber attacks
https://www.zdnet.com/article/cxos-are-the-weakest-link-in-mobile-device-security-and-most-likely-to-suffer-cyber-attacks/
A new study by MobileIron reveals that C-level executives feel frustrated by mobile security protocols and often request to bypass them.
==================================================================
Could it be that some of the tasks that involve security are easier to do on Arm, Samsung and Wave enabled devices and provide better security?
==================================================================
Wave Joins ARM TrustZone Ready Program
Committed to Helping Chip Manufacturers Implement Industry Standard Security for Mobile Platforms
https://www.wavesys.com/buzz/pr/wave-joins-arm-trustzone-ready-program
Cybersecurity: Half of employees admit they are cutting corners when working from home
https://www.zdnet.com/article/cybersecurity-half-of-employees-admit-they-are-cutting-corners-when-working-from-home/
Excerpt:
While the surge in remote working is bringing additional challenges for both employees and employers, there are a number of simple steps that can be taken to boost security without impeding productivity. One of these is employing multi-factor authentication, providing an extra barrier to defence that helps stop cyber criminals gaining access to accounts – and potentially corporate data.
==================================================================
Wave VSC 2.0 and Wave ERAS, a recipe for better MFA protection!!! With the work from home trend, these solutions are needed now more than ever!!! Please see the links and information below for why these solutions are better security!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
Get better security at less than half the cost
Passwords are weak. Tokens are expensive. Don’t compromise on security or price.
Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
What will you do with >50% TCO savings?*
Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.
Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.
When we say “secure”…
…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).
*Actual number may vary. Contact us today to receive more details and a free quote.
Key Features:
• Full lifecycle management of virtual smart cards
• Intuitive interface to create (or delete) virtual smart cards
• Command line option to create and delete virtual smart cards
• Flexible PIN policies
• Helpdesk-assisted PIN reset and recovery
• Generates reports for compliance
• Integrates with Active Directory
• Supports familiar use cases ? Virtual Private Network (VPN)
? Local logon
? Remote logon
? Remote desktop access
? Intranet/Extranet
? Cloud applications
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
Decrease expenses with virtual smart cards
You know what else happens when you take passwords out of the equation? A lot fewer calls to IT. Imagine if you took password resets out of the picture – that frees up a chunk of IT time, lowering your operating expenses significantly.
If your organization currently uses traditional tokens or smart cards, switching to virtual smart cards takes an even bigger burden off of IT – we use the hardware-protected credentials in the TPM to create a virtual smart card, which performs the same functionality as traditional smart cards. That means no need to purchase, deploy, replace or maintain external tokens, smart cards or smart card readers. Because virtual smart cards are already on your machines and can’t be forgotten, lost or stolen, you have lower capital expenses and lower operating expenses.
Wave's is the only management to support virtual smart cards on Windows 7, as well as Windows 8 and 8.1.
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
Low TCO
• Reduce operating expenses by eliminating password reset and shortening deployment times
• Minimize capital expenses by using hardware you already have
• Integrate with Microsoft Active Directory for IT familiarity
Superior User Experience
• No more tokens or smart cards to achieve two-factor authentication
• Eliminate VPN/WiFi/website passwords for faster access to resources
• No add-on software means improved OS performance
Flexibility
• Compatible with Windows 8.1, 8, 7 and Vista operating systems – manage mixed environments from one console
• Create custom management policies to suit your organization’s needs
• User and device authentication from a common console
Seamless Device Authentication
• Access control over wireless (i.e. 802.1x)
• Single sign-on
• VPN authentication (i.e. Microsoft DirectAccess)
<p><em>Microsoft, Windows, and BitLocker are either registered trademarks or trademark of the Microsoft group of companies.</em></p>
Is Samsung’s New Data Security Chip a Game Changer?
https://www.cisomag.com/samsung-data-security-chip/
Samsung Electronics, known for its advancements in various turnkey technologies, has now introduced a standalone security solution comprised of a Secure Element (SE) chip (S3FV9RR) that is managed by enhanced security software. This security chip from Samsung offers a secure gateway to perform tasks such as booting, isolated storage, mobile payments, and other applications. Samsung first introduced a SE-chip (S3K250AF) in its S20 device, which had a Common Criteria Evaluation Assurance Level (CC EAL) of 5+. However, with the SE-chip (S3FV9RR), Samsung has taken its own security standards a notch higher as it has achieved a CC EAL certification of 6+, the highest level acquired by a mobile component.
With the new standalone security element solution (S3FV9RR), Samsung is now enabling smart devices to safeguard user’s private information.
Samsung’s Data Security Chip – A Game Changer
The EAL ranking is given by Common Criteria, an organization that certifies the security level of IT products from EAL0 to EAL7, with seven being the most secure. Thus, the CC EAL certification of 6+ is deemed as a game-changer because it is utilized in applications that demand the most stringent security requirements in the market such as high-end smartphones, e-passports, and hardware wallets for cryptocurrency.
This new data security chip also supports the following:
•The hardware-based root of trust (RoT)
•Secure boot, and
•Secure device authentication
While running applications on a mobile device, a boot loader initiates a chain of trust, i.e. all the firmware with approved keys is validated sequentially. This boot process is carried out by the RoT, which guards the device against any possible malicious threats and unauthorized software updates.
Dongho Shin, Senior Vice President of System LSI marketing at Samsung Electronics, said, “In this era of mobility and contact-less interactions, we expect our connected devices, such as smartphones or tablets, to be highly secure so as to protect personal data and enable fintech activities such as mobile banking, stock trading, and cryptocurrency transactions. With the new standalone security element solution (S3FV9RR), Samsung is enabling smart devices to safeguard private information.”
This is not the first attempt of hardware-based security and security chips were introduced earlier.
Google’s Titan M Security Chip
Google’s Titan M is an enterprise-grade security chip custom-built for Google’s smartphone brand, Pixel. This chip secures the most sensitive on-device data and operating system. Titan M helps the bootloader (the program that validates and loads Android when the phone turns on) — make sure that the latest Android version is loaded. It stores the last known safe Android version and restricts attackers from moving to an older and potentially vulnerable Android version on the device. Titan M also prevents attackers’ attempts to unlock the bootloader.
The other salient features of Titan M are:
•Lock screen and On-Device Disk Encryption protection
•Secure Third-Party App Transactions
•Insider Attack Resistance
In 2019, Google announced a $1.5 Mn bug bounty reward for cracking Pixel’s Titan M secure element chip. The reward amount though is at the discretion of the rewards committee and depends on several factors.
Trusted Platform Module
In 2009, a computer industry consortium called Trusted Computing Group created a specification for Trusted Platform Module (TPM). TPM, also known as ISO/IEC 11889, is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. A TPM chip has a unique RSA key burned in and a computer program can use a TPM to authenticate hardware devices. In this way hardware-level security complements software-based security, further strengthening the security of the system.
Any application can use a TPM chip for:
•Digital rights management
•Protection and enforcement of software licenses
•Prevention of cheating in online games
==================================================================
It's intriguing that Samsung produces a 'security chip' for its phones that does interesting things and Wave signed an agreement with Samsung for the use of its security software with TPMs (hardware security chips)
As organizations replace their Samsung fleets, the older phones need to be secured, and this could be done with the TPM/TEE and software from Wave!!! Please see the ARM link and Samsung link to see how Wave could help tremendously in this mobile ecosystem!!!
==================================================================
Wave Joins ARM TrustZone Ready Program
Committed to Helping Chip Manufacturers Implement Industry Standard Security for Mobile Platforms
https://www.wavesys.com/buzz/pr/wave-joins-arm-trustzone-ready-program
Lee, MA -
September 26, 2012 -
Wave Systems Corp. (NASDAQ:WAVX) today announced that it has joined the ARM TrustZone® Ready Enablement Program to provide support and infrastructure for implementing enterprise security capabilities in mobile devices. As a partner in the program, Wave joins other industry leaders in helping chip manufacturers design and implement new industry standard security capabilities within ARM’s TrustZone architecture to enable full cross-platform interoperability across PCs, tablets, smartphones and other mobile devices.
TrustZone Technology (developed by ARM, the world’s leading semiconductor IP supplier) is a System-on-Chip security concept that involves a hardware-isolated space for a Trusted Execution Environment (TEE). Once integrated, core security services such as cryptography, storage and user interfaces can enable services to be deployed with a new level of security and convenience.
The primary goal of ARM's TrustZone Ready enablement program is to guide chip and device manufacturers to design robust, industry-certified security architecture into their products that will meet the needs of service providers looking to deploy secure services on secured platforms. Companies that implement system-wide security into their platforms can benefit from this program through a cohesive set of design blueprints, market requirements, and checklists aligned with industry standards.
“Smart phones, tablets and other devices are essential for today’s enterprise, and require access to sensitive applications and data. While these devices have excellent security for the mobile operator’s services, they lack basic security for use within an enterprise network,” commented Steven Sprague, Wave’s CEO. “ARM, with the TrustZone Ready Program, is taking the lead in making sure that standards-based security implemented in the TrustZone Trusted Execution Environment (TEE) is integrated into chipsets for mobile devices. Wave is committed to sharing its expertise in Trusted Platform Module (TPM) implementations, application development and trust infrastructure support.”
“Wave’s infrastructure for managing TPM and TPM-mobile-enabled devices will allow enterprise users to exploit the full capabilities of Trusted Computing Group standards across multiple device types,” added Jon Geater, Director of Technology for ARM Secure Services Division and Board Representative of ARM at GlobalPlatform. “ARM welcomes Wave into the TrustZone Ready Program as a valuable partner that will bring secure enterprise services to TrustZone secured devices running GlobalPlatform Trusted Execution Environments.”
Eliminating passwords, Providing Health Measurements for mobile devices
The TPM, shipped on more than half a billion PCs, is a cryptographic component built on specifications from the Trusted Computing Group. The TPM brings strong, enterprise-grade security features to consumer devices that are widely deployed in enterprise networks. The TPM for mobile devices is uniquely designed to support the security needs of multiple stakeholders, allowing enterprises to provide strong security in end-user applications, satisfy the security requirements of third-party application developers, and support other parties.
With a TPM Mobile implemented within the hardware-based security boundaries of ARM’s TrustZone and protected by a full function Trusted Execution Environment, enterprises will be able to take advantage of the strong security of the TPM in the following ways:
• Protect corporate devices and user identities
• Measure and attest to the integrity and health of the mobile device
• Implement secure network access
• Provide secure messaging for corporate traffic
• Reduce the need for user passwords, with reliance on the device itself as a strong authentication token for access to services and data, including cloud-based functions.
• Offer central control over devices which are lost or stolen to protect sensitive data
Increased emphasis on trusted computing is driving the security industry toward hardware-based technologies that offer improved access control, encryption, and the early detection of malware. With Wave’s industry-leading trusted computing solutions, customers are empowered to secure endpoint data, protect data-in-motion and ensure that only trusted devices gain access to the enterprise network. Wave’s solution will provide enterprises with cross-platform interoperability between PCs and mobile devices for trusted computing-based functions and applications.
=================================================================
Wave Systems Signs 15-year License Agreement with Samsung
https://www.wavesys.com/buzz/news/wave-systems-signs-15-year-license-agreement-samsung
The Problem with Artificial Intelligence in Security
https://www.darkreading.com/threat-intelligence/the-problem-with-artificial-intelligence-in-security/a/d-id/1337854
Any notion that AI is going to solve the cyber skills crisis is very wide of the mark. Here's why.
If you believed everything you read, artificial intelligence (AI) is the savior of cybersecurity. According to Capgemini, 80% of companies are counting on AI to help identify threats and thwart attacks. That's a big ask to live up to because, in reality, few nonexperts really understand the value of AI to security or whether the technology can effectively address information security's many potential use cases.
A cynic would call out the proliferation of claims about using AI for what it is — marketing hype. Even the use of the term "AI" is misleading. "Artificial intelligence" makes it sound like the technology has innate generalized intelligence that can tackle different problems. In reality, what you have in most cases is a machine learning (ML) algorithm that has been tuned for a specific task.
The algorithms that are embedded in some security products could, at best, be called narrow (or weak) AI. They perform highly specialized tasks in a single (narrow) field and have been trained on large volumes of data, specific to a single domain. This is a far cry from general (or strong) AI, which is a system that can perform any generalized task and answer questions across multiple domains. We are a long way from those type of solutions hitting the market.
Having a technology that can do only one job is no replacement for a general member of your team. So, any notion that AI is going to solve the cyber skills crisis is very wide of the mark. In fact, these solutions often require more time from security teams — a fact that is often overlooked.
For example, take the case of anomaly detection. It's really valuable for your security operations center analysts to be able to find any "bad stuff" in your network, and machine learning can be well-suited to this problem. However, an algorithm that finds way more "bad stuff" than you ever did before might not be as good as it sounds. All ML algorithms have a false-positive rate (identifying events as "bad" when they are benign), the value of which is part of a trade-off between various desired behaviors. Therefore, you tend to still need a human to triage these results — and the more "bad" the algorithm finds, the more events there are for your team member to assess.
The point is not that this is a particularly surprising result to anyone familiar with ML — just that it's not necessarily common knowledge to teams that may wish to employ these solutions, which may lead to inflated expectations of how much time ML may free up for them.
Whereas the example above was about how ML algorithms can be targeted at doing some of the work of a security team directly, algorithms can also be used to assist them indirectly by helping users avoid making mistakes that can pose a risk. This approach is exciting because it starts to look at reducing the number of possible events coming into the funnel — rather than trying to identify and mitigate them at the end when they contribute to a security event. It's not just solving the most obvious issue that may bring about the desired outcomes in the long term.
The other issue that is easy to overlook when considering ML is that of data. Any ML algorithm can only work when it has enough data to learn from. It takes time to learn; just think, how many Internet cat pictures do you need to show it before it recognizes a cat? How long does the algorithm need to run before the model starts to work? The learning process can take much longer than expected, so security teams need to factor this in. Furthermore, labeled data, which is optimal for some use cases, is in short supply in security. This is another area where getting a "human in the loop" to classify security events and assist in the training of the algorithm can be required.
There is a lot of promise for machine learning to augment tasks that security teams must undertake — as long as the need for both data and subject matter experts are acknowledged. Rather than talking about "AI solving a skill shortage," we should be thinking of AI as enhancing or assisting with the activities that people are already performing.
So, how can CISOs best take advantage of the latest advances in machine learning, as its usage in security tooling increases, without being taken in by the hype? The key is to come with a very critical eye. Consider in detail what type of impact you want to have by employing ML and where in your overall security process you want this to be. Do you want to find "more bad" or do you want to help prevent user error or one of the other many possible applications?
This choice will point you toward different solutions. You should ensure that the trade-offs of any ML algorithm employed in these solutions are abundantly clear to you, which is possible without needing to understand the finer points of the math under the hood. Finally, you will need to weigh up the benefits of these trade-offs, against the less obvious, potential negative second-order effects on your existing team — for example, more events to triage.
Whichever type of problem you're hoping to solve, availability of data that is high quality and up to date is absolutely crucial to your success with emerging ML capabilities. Organizations can lay the foundations for this now by investing in security data collection and analysis capabilities and their security team's data skill sets. The necessity of having security SMEs to interpret machine learning output (whether as part of a formal "human in the loop" solution, or just having analysts triaging results post-processing) is going to continue to be fundamental for the foreseeable future.
==================================================================
This was an interesting and enlightening article. It would seem that if AI is attempting to find the 'bad stuff' on a company network, it would want to be able to stop phishing attacks - to keep the bad guy off the network as Wave can do with Wave VSC 2.0 (please see post #245989). It does not appear AI can do successfully what Wave can when it comes to protecting against phishing (and without the labor)!!! Wave solutions do so MUCH more so please check out the websites below for more information!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Memorial Day
From Bill Solms:
On Memorial Day, we honor those who gave the ultimate sacrifice. #MemorialDay #HonorThem #ProudToServe pic.twitter.com/rG6wJXncL9
— U.S. Military Academy at West Point (@WestPoint_USMA) May 25, 2020
CEOs and CISOs disagree on cyber strategies
https://www.helpnetsecurity.com/2020/05/20/ceos-cisos-disparities/
There are growing disparities in how CEOs and CISOs view the most effective cybersecurity path forward, according to Forcepoint.
The global survey of 200 CEOs and CISOs from across industries including healthcare, finance and retail, among others, uncovered prominent cybersecurity stressors and areas of disconnect for business and security leaders, including the lack of an ongoing cybersecurity strategy for less than half of all CEO respondents.
The research also identified disparities between geographic regions on data protection as well as a digital transformation dichotomy battle between increased risk and increased technology capability.
Key findings
•Most leaders (76%) are losing sleep over the prospect of becoming the next headline-grabbing security breach
•This is despite a high percentage (87%) believing that their security team is consistently ahead of cybersecurity threats
•This disparity is compounded by a belief that senior leadership is cyber-aware and data-literate (89%) and focused on cybersecurity as a top organizational priority (93%)
•Cybersecurity strategies are seen by 85% of executives as a major driver for digital transformation, yet 66% recognize the increased organizational exposure to cyber threats because of digitization
•Only 46% of leaders regularly review their cybersecurity strategies
“When more than 89% of leaders believe their teams are more cyber-aware than ever, it’s not surprising to hear executives are losing sleep over their cybersecurity posture today because they know the stakes to their business are so high,” said Nicolas Fischbach, Global CTO of Forcepoint. “At a time when cybersecurity is more strategic to business growth than ever before, it is time senior business and security leaders reassess their cybersecurity strategy to one that enables them to move left of breach.
Disparities between CEOs, CISOs and global geographies
The research spotlights the disparity in how enterprises across global geographies prioritize key elements of security. Protecting customer data is a resounding priority for leaders in the US (62%) and Europe (64%), while in Asia 61% of leaders will prioritize protecting organizational IP over customer data.
Factors influencing these results may be due in part to differing regulatory approaches to data and privacy protection as well as recent legislative decisions in the U.S. and Europe, such as GDPR and CCPA.
There is also a clear divide between CEOs and CISOs in how they identify the right cybersecurity path forward for their business. CEOs prefer to be proactive and risk-focused (58%), prioritizing maintenance of business stability above all.
While more than half of CISOs (54%) embrace a more reactive, incident-driven approach to mitigating today’s dynamic cybersecurity threat landscape.
The research also found that, despite claiming vendor fatigue, enterprises use more than 50 security vendors on average with 62% reporting they want even more.
However, as more enterprises begin to embrace the cost savings and benefits of converged networking and security capabilities found in the emerging Secure Access Service Edge (SASE) security architecture approach the need for dozens of security vendors will abate over time.
Fischbach continued, “Companies leading on the cybersecurity front today are realistic about the risks they face and are prepared to prioritize security to protect the lifeblood of their business – which is customer data and organizational IP. And with today’s new way of working, getting this right within a remote work reality has never been more critical.
“Now is the time for all business and security leaders to recognize the business continuity actions they take now will determine whether they simply survive or thrive in today’s new business reality.”
=================================================================
If CEOs and CISOs were embracing Wave solutions they wouldn't need 50 security vendors to effectively be secure!!! With Wave solutions, CISOs and CEOs wouldn't be losing sleep over the next potential breach!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
The dark web is flooded with offers to purchase corporate network access
https://www.helpnetsecurity.com/2020/05/22/access-dark-web/
There is a flood of interest in accessing corporate networks on the dark web, according to Positive Technologies.
In Q1 2020, the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. This may pose a significant risk to corporate infrastructure, especially now that many employees are working remotely.
“Access for sale” on the dark web is a generic term, referring to software, exploits, credentials, or anything else that allows illicitly controlling one or more remote computers.
In Q4 2019, over 50 access points to the networks of major companies from all over the world were publicly available for sale – the same number as during all of 2018. In Q1 2020, this number rose to 80.
Criminals mostly sell access to industrial companies, professional services companies, finance, science and education, and IT (together accounting for 58 percent of these offers).
Criminals targeting major companies
Only a year ago, criminals seemed to be more interested in trading in individual servers. Access to them was sold on the dark web for as little as to $20. However, in the second half of 2019, there has been an increasing interest in the purchase of access to local corporate networks.
Prices have also skyrocketed: we’ve seen hackers offer a commission of up to 30 percent of the potential profit from a hack of a company’s infrastructure – with annual income exceeding $500 million. The average cost of privileged access to a single local network is in the range of $5,000.
Some major companies become the victims of these crimes, with annual incomes running into the hundreds of millions or even billions of dollars. In terms of location, hackers’ primary target is U.S. companies (more than a third of the total), followed by Italy and the United Kingdom (5.2 percent each), Brazil (4.4 percent), and Germany (3.1 percent).
In the U.S., criminals predominately sell access to professional services companies (20 percent), industrial companies (18 percent), and government institutions (14 percent). In Italy, industrial companies lead (25 percent), followed by professional services (17 percent).
In the United Kingdom, science and educational organizations account for 25 percent, and finance for 17 percent. In Germany, IT and professional services each account for 29 percent of access points for sale.
Network access sold to other dark web criminals
In most cases, access to these networks is sold to other dark web criminals. They either develop an attack on business systems themselves or hire a team of more skilled hackers to escalate network privileges and infect critical hosts in the victim’s infrastructure with malware. Ransomware operators were among the first to use this scheme.
Positive Technologies senior analyst Vadim Solovyov said: “Large companies stand to become a source of easy money for low-skilled hackers. Now that so many employees are working from home, hackers will look for any and all security lapses on the network perimeter. The larger the hacked company is, and the higher the obtained privileges, the more profitable the attack becomes.
“To stay safe, companies should ensure comprehensive infrastructure protection, both on the network perimeter and within the local network. Make sure that all services on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time.
“Regular retrospective analysis of security events allows teams to discover previously undetected attacks and address threats before criminals can steal data or disrupt business processes.”
==================================================================
This article and the links below help spell out why organizations/companies would want to use the standards' of SEDs and TPMs that are part of Wave's better security solutions. These standards with Wave solutions deserve a BIG SHOUT OUT to CISOs, CEOs and Boards of Directors!!! The companies and many other potential companies impacted by this article would be HAPPY to know about and use Wave solutions!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/contact-information
Beware of phishing emails urging for a LogMeIn security update
https://www.helpnetsecurity.com/2020/05/21/logmein-security-update-phishing/
LogMeIn users are being targeted with fake security update requests, which lead to a spoofed phishing page.
“Should recipients fall victim to this attack, their login credentials to their LogMeIn account would be compromised. Additionally, since LogMeIn has SSO with Lastpass as LogMeIn is the parent company, it is possible the attacker may be attempting to obtain access to this user’s password manager,” Abnormal Security noted.
The fake LogMeIn security update request
The phishing email has been made to look like it’s coming from LogMeIn. Not only does the company logo feature prominently in the email body, but the sender’s identity has been spoofed and the phishing link looks, at first glance, like it might be legitimate:
“The link attack vector was hidden using an anchor text impersonation to make it appear to actually be directing to the LogMeIn domain,” Abnormal Security explained.
“Other collaboration platforms have been under scrutiny for their security as many have become dependent on them to continue their work given the current pandemic. Because of this, frequent updates have become common as many platforms are attempting to remedy the situation. A recipient may be more inclined to update because they have a strong desire to secure their communications.”
Advice for users
This LogMeIn-themed phishing campaign is a small one, but users should know that the company has seen an “incredible uptick” in collaboration software impersonations in the past month.
Be careful when perusing unsolicited email, even if it looks like it’s coming from a legitimate source. If you have to enter login credentials into a web page, make sure you landed on that page by entering the correct URL yourself or by opening a bookmark – and not by following a link in an email.
In this particular case, you can be sure that if LogMeIn asks you to update something, the request/reminder will be shown once you access your account, so you’re not losing anything by ignoring the email and the link in it.
==================================================================
Wave has simple to use and very effective MFA (multi-factor authentication) as part of Wave VSC 2.0!! Would the phishing work on those using Wave VSC 2.0? NO!! The hacker would have to have the TPM in the user's computer in addition to the PIN. The links below explain the virtual smart card, and there is contact information at the last link!!
================================================================== https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
https://www.wavesys.com/contact-information
Standards-based @TrustedComputin technologies developed by TCG members are now deployed in enterprise systems, storage systems, networks and much more.
The result is that systems and applications are safer and less prone to viruses.
Standards-based @TrustedComputin technologies developed by TCG members are now deployed in enterprise systems, storage systems, networks and much more.
— Trusted Computing (@TrustedComputin) May 20, 2020
The result is that systems and applications are safer and less prone to viruses.
Find more: https://t.co/d9eWNXRkO0