Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Secure A Networked Printer Before It Can Be Breached
https://fedtechmagazine.com/article/2020/05/secure-networked-printer-it-can-be-breached
Excerpt:
Be sure to take advantage of the latest and most sophisticated security features. Agencies should also consider requiring them for new printer acquisitions. Examples of these features include a Trusted Platform Module that facilitates secure boot; this helps ensure that the printer only executes authorized firmware.
==================================================================
The TPM is needed in printers, and they should be an activated part of every computer in the federal space and for at least critical industries!!! With all of what TPMs are capable of doing, and they are in almost all business computers, not using them is a major waste of excellent built-in security!!!
==================================================================
What is Trusted Platform Module?
https://investorshub.advfn.com/boards/read_msg.aspx?message_id=153858686
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Password managers are great -- until you lose your password manager password
Commentary: Don't be me.
https://www.cnet.com/news/password-managers-great-until-you-lose-access-world-password-day/
Editor's note: In recognition of World Password Day, CNET is republishing a selection of our stories on improving and replacing passwords.
Deep breath. I did something really stupid with some of the most important data in my life. And I don't know how I did it.
I took today's basic security advice: use a password manager and then have it create different passwords for each site. I chose the 1Password password manager and after installing it, upgraded to a subscription so I could access my passwords across multiple devices.
Then came the weekend that I tried logging into the app and found my password wasn't working.
I typed it in a few times. Slowly. Then with cut and paste. Nothing registered. It had been working smoothly with my iPhone's Face ID to unlock access to my passwords, but that stopped working after a phone reboot. And I realized suddenly that the master password being asked for wasn't the same as the password I had been using previously, before I added the subscription. Bewildering? Yes. My fault? Absolutely. Can I explain how I entered this fugue state of password confusion? Not at all.
At some point I fumbled my passwords. I have mismanaged my supposedly careful management of my passwords. I feel like I'm in an utter nightmare.
This could happen to you. I hope it doesn't.
My problem is partly a consequence of today's need for an endless supply of secure passwords. Ideally, you should be creating so many unique, complicated passwords that a password manager is the only safe direction. But then, of course, you need a password for that password manager. Once your passwords become sufficiently complicated, you won't really know what the passwords are unless you're writing them down. Which I was. In a password manager.
And here I am. Stuck.
I'm not the only person suffering from password problems. For a broader look at the situation, check CNET's coverage this week about password problems -- including more about why experts recommend the very password managers that got me in trouble, the reasons two-factor authentication isn't as secure as you might hope and modernized advice for picking passwords.
No options
1Password customer service asked me if I had my "emergency kit," a record of my master password and secret key, a code the company gives you when you sign up for a subscription. You aren't supposed to share this information with anyone, and 1Password doesn't have it.
1Password employs these precautions for security. To be clear, I'm meant to safely print or store my 1Password secret key -- a code used to set up 1Password on new devices -- and master password somewhere where I can access them. "The master password would have been chosen by you, when you were creating your account," 1Password's customer support reminded me in an email. When I contacted a company spokesperson, I got the same message.
Read more: The best password managers of 2020
Over the weekend, it gradually dawned on me that I didn't have this information, either. I followed 1Password's advice on how to maybe fix my problems... but none of it worked.
Did I lose that emergency kit? Did I never download it? What is wrong with me? How did this happen? I wish I could tell you. It's stunning that I simply don't know. Maybe it's because I was panicking when I signed up for the subscription in the first place, late last year. Maybe I skipped a download button. I can't say. And that's the most disturbing part. I feel like an absolute idiot. Also, I'm filled with existential dread now. Many passwords are locked up in there, but I don't remember which. Why didn't I keep a backup record on paper?
I discovered some of my passwords via a separate cloud-synced 1Password vault I'd forgotten that I had. I recovered those when I tried installing the app on another device. But I didn't recover passwords I'd added after updating to the 1Password subscription. 1Password's customer service was able to tell me I had added nine new passwords, but couldn't tell me which accounts they were for.
If you lose the password to your password manager, the password manager customer service can't do anything for you. My only recourse is to wipe everything and start over.
I hyperventilated all day. Then, I went to get my hair cut.
Take it from me... actually, don't
I asked my barber if he used a password manager. He doesn't. I asked if he used two-factor authentication. He doesn't. I was going to offer him advice… but, well, look at me. Locked out of my passwords. I locked away my keys and threw away the key.
Face ID did nothing for me, because 1Password requires you to reauthenticate with your master password when you reboot your iPhone. No other options were left. I began to realize I should have been writing down backup passwords all along. I started doing that, frantically, with the ones I still knew.
I wish there were some magical way I could recover my 1Password password. Through my biometrics. Through a special emergency physical key fob. By presenting myself at a 1Password office and taking a blood test and somehow proving I deserved a second chance. But because of the way strong encryption works, nobody has a backup route into my password archive.
If there's one silver lining to my scatter-brained situation, it's that I've squirreled away some passwords on other managers and in a couple of password-protected documents over the years, like a weird password hoarder. That's made my password manager disaster less nauseating.
But please, don't lose the password to your password manager. Set it up when you aren't distracted and, if you're using 1Password, make sure you save that emergency kit with the master password and security key.
Don't be me
I feel shredded now. Maybe you're smarter than me. But passwords managing passwords, while a necessary evil, means brain-frying complexity. I can't imagine a real-world vault where you'd keep your most important things but then make access contingent on one single key that no one else is allowed to have. But hey, here we are.
Before this, I loved using password managers. They're great. They help keep things organized. They remind you to use complex passwords. They can autofill account passwords on websites and in apps. I'll keep using a password manager, because I can't see any better solution to the password nightmare we've all gotten tangled up in.
Strings of characters extended to infinity and an unending fear of how to protect them feels like a world of madness as it is. Password managers are a life raft. An imperfect life raft, but they're all I've got.
They're great. Until you lose your password manager password.
=================================================================
Wave VSC 2.0 is more EFFECTIVE than password managers when it comes to forgetting or losing your password. There is not nearly the hassle of dealing with situations as outlined in the above article!!! Better security at less than half the cost!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
Key Features:
Helpdesk-assisted PIN reset and recovery
Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump
https://www.zdnet.com/article/ransomware-gang-asks-42m-from-ny-law-firm-threatens-to-leak-dirt-on-trump/
==================================================================
https://gdpr.report/news/2020/03/10/privacy-self-encrypting-drives-are-the-answer-to-data-protection-concerns-now-and-in-the-future-2/
The above link is excellent information on SEDs and some important information on TPMs. Especially in critical industries, it just seems CRAZY not to have these two technologies as mandated standards!!! These ransomware attackers would be doing a lot less hacking if these standards were mandated!!! Why have dormant, turned off TPMs and unused SEDs? It doesn't make any sense!! And Wave solutions could help massively improve the cybersecurity of the U.S. and other countries. Better late than never, and 'Let's make America Great Again'!!
==================================================================
https://www.wavesys.com/
Windows 10 forgot password: How to reset your Windows 10 password
https://www.express.co.uk/life-style/science-technology/1282059/windows-10-forgot-password-how-to-reset-microsoft-windows-10-password
==================================================================
After reading this article, it becomes apparent that Wave VSC 2.0 is simpler when it comes to resetting your password. Continuing with Windows 10 username/password authentication, and using biometrics and facial recognition (which user may not want to do) for authentication could be easier if a user was using Wave VSC 2.0 and he/she had to reset his/her PIN!!!
Please see the link below for this Wave VSC 2.0 Key Feature and many of the other great features for Wave VSC 2.0!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
Key Feature:
Helpdesk-assisted PIN reset and recovery
Madonna, Mariah Carey and Other Major Celebs Are Caught up in a Recent Ransomware Attack
https://gizmodo.com/madonna-mariah-carey-and-other-major-celebs-are-caught-1843419053
==================================================================
Ransomware attackers use malware to infiltrate an organization's network and computers as part of the network. Valuable sensitive data obtained from these two areas can be held for ransom. The law firm in this article could have benefited by using three of Wave's solutions. I don't know of a company offering these three really outstanding solutions under one company (except Wave Systems) to protect organizations, their clients and users from ransomware.
The three Wave solutions are:
Wave VSC 2.0 keeps the ransomware attackers from being allowed on an organization's network with their devices. Their devices are unknown and unapproved.
Wave Endpoint Monitor - Unlike anti-virus software Wave Endpoint Monitor can consistently catch that sneaky malware. And ransomware can be sneaky malware.
Wave SED management - SEDs (Self Encrypting Drives) that store sensitive data on the computer could keep the ransomware attackers from obtaining the data on the computer.
Pitney Bowes already had its second run in with ransomware attackers. There are a lot of organizations that should have the right ransomware protections (Wave solutions), and there wouldn't be so many successful attacks. Maybe some celebrity's voice with Wave could stop this stress induced and expensive ransomware!!
==================================================================
Detailed information on the bolded solutions above are in links below.
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/contact-information
Thunderbolt flaw allows access to a PC’s data in minutes
https://www.theverge.com/2020/5/11/21254290/thunderbolt-security-vulnerability-thunderspy-encryption-access-intel-laptops
Affects all Thunderbolt-enabled PCs manufactured before 2019, and some after that
Vulnerabilities discovered in the Thunderbolt connection standard could allow hackers to access the contents of a locked laptop’s hard drive within minutes, a security researcher from the Eindhoven University of Technology has announced. Wired reports that the vulnerabilities affect all Thunderbolt-enabled PCs manufactured before 2019.
Although hackers need physical access to a Windows or Linux computer to exploit the flaws, they could theoretically gain access to all data in about five minutes even if the laptop is locked, password protected, and has an encrypted hard drive. The entire process can reportedly be completed with a series of off-the-shelf components costing just a few hundred dollars. Perhaps most worryingly, the researcher says the flaws cannot be patched in software, and that a hardware redesign will be needed to completely fix the issues.
Apple’s Macs have offered Thunderbolt connectivity since 2011, but researchers say that they’re only “partially affected” by Thunderspy if they’re running macOS. The result, the report claims, is that macOS systems are vulnerable to attacks similar to BadUSB. This is a security flaw that emerged back in 2014 which can allow an infected USB device to take control of a computer, steal data, or spy on a user.
Björn Ruytenberg, the researcher who discovered the vulnerabilities, has posted a video showing how an attack is performed. In the video, he removes the backplate and attaches a device to the inside of a password-protected Lenovo ThinkPad laptop, disables its security, and logs in as though he had its password. The whole process takes about five minutes.
This is not the first time security concerns have been raised about Intel’s Thunderbolt technology, which relies on direct access to a computer’s memory to offer faster data transfer speeds. In 2019, security researchers revealed a Thunderbolt vulnerability they called “Thunderclap” which allowed seemingly innocuous USB-C or DisplayPort hardware to compromise a device. Security issues like these are reportedly the reason Microsoft hasn’t added Thunderbolt connectors to its Surface devices.
In a blog post responding to the report, Intel claims that the underlying vulnerability is not new, and that it was addressed in operating system releases last year. However, Wired reports that this Kernel Direct Memory Access Protection has not been universally implemented. The security researchers say they couldn’t find any Dell machines with the protection applied, and that they could only verify that some HP and Lenovo laptops used it.
Ultimately, Ruytenberg says that the only way for users to fully prevent against such an attack is for them to disable their computer’s Thunderbolt ports in their machine’s BIOS, enable hard drive encryption, and turn off their computer when leaving it unattended. The researcher has developed a piece of software called Spycheck (available via the Thunderspy site) that they say should tell you whether your machine is vulnerable to the attack.
Thunderbolt 3 is due to be integrated into the USB 4 specification. Researchers say that USB 4 controllers and peripherals could also be vulnerable and will need to be tested once available.
==================================================================
What about turning on the TPM in these systems?! Wave could help with the turning on of TPMs in computers for organizations!!
==================================================================
What is Trusted Platform Module?
https://www.embedded-computing.com/home-page/what-is-trusted-platform-module-2
Excerpt:
When you boot a computer, the TPM checks the state of the computer and the state of the computer's environment. If the computer is not in a trustworthy state (ie. it has not been tampered with) it will operate normally.
If the computer is not in a trustworthy state, it will not boot, meaning there is no way to access or extract any data from the computer.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch
https://www.theregister.co.uk/2020/05/08/samsung_android_patches/
Zero-click remote-code exec hole found by Googler, updates emitted
==================================================================
What if what was being done years ago with ARM, Samsung and Wave alleviated these patching problems and many of the future Samsung patching problems as well? And this provided for BETTER SECURITY!!! It seems like a great opportunity for users, organizations, and the three companies!!!
==================================================================
Wave Joins ARM TrustZone Ready Program
Committed to Helping Chip Manufacturers Implement Industry Standard Security for Mobile Platforms
https://www.wavesys.com/buzz/pr/wave-joins-arm-trustzone-ready-program
==================================================================
Wave Systems Signs 15-year License Agreement with Samsung
https://www.wavesys.com/buzz/news/wave-systems-signs-15-year-license-agreement-samsung
Cognizant expects to lose between $50m and $70m following ransomware attack
https://www.zdnet.com/article/cognizant-expects-to-lose-between-50m-and-70m-following-ransomware-attack/?ftag=COS-05-10aaa0g&taid=5eb70f6426bdc80001a21aa9&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
Cognizant says April ransomware incident will negatively impact Q2 revenue.
IT services provider Cognizant said in an earnings call this week that a ransomware incident that took place last month in April 2020 will negatively impact its Q2 revenue.
"While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter," said Karen McLoughlin, Cognizant Chief Financial Officer in an earnings call yesterday.
McLoughlin also expects the incident to incur additional and unforeseen legal, consulting, and other costs associated with the investigation, service restoration, and remediation of the breach.
The Cognizant CFO says the company has now fully recovered from the ransomware infection and restored the majority of its services.
Incident only impacted internal network
Speaking on the ransomware attack, Cognizant CEO Brian Humphries said the incident only impacted its internal network, but not customer systems.
More precisely, Humphries said the ransomware incident impacted (1) Cognizant's select system supporting employees' work from home setups and (2) the provisioning of laptops that Cognizant was using to support its work from home capabilities during the COVID-19 pandemic.
Humphries said staff moved quickly to take down all impacted systems, which impacted Cognizant's billing system for a period of time. Some customer services were taken down as a precaution.
Cognizant held meetings with customers, however, the meetings did not go smoothly as Cognizant avoided sharing any actual details of what had happened.
ZDNet learned of the incident as it was going on, at the time, on April 17, when several disgruntled customers had reached out to this reporter about the company attempting to hide a major security breach under the guise of "technical issues" and cutting off access to a series of services.
Initially, customers feared that a hacker had either stole user data from servers, or a ransomware incident had taken place, and the ransomware spread to customer servers, encrypting their data and the servers becoming inaccessible.
Customers were thrown in full paranoia mode after Cognizant sent an internal alert to all customers, urging clients to block traffic for a list of IP addresses.
Customers were quick to link the IP addresses to web servers operated in the past by the Maze ransomware gang.
Cognizant, one of the largest providers of server hosting and IT services in the US, eventually publicly admitted that its network was infected with the Maze ransomware a day later on April 18.
Cognizant losses in the same range as Norsk Hydro
Cognizant losses from the incident are in the same range reported last year by aluminum producer Norsk Hydro, which reported that a March 2019 ransomware incident would cause total revenue losses of more than $40 million, a number it later adjusted to nearly $70 million during the year.
Humphries said that Cognizant is now working to address the concerns of customers who opted to suspend Cognizant services in the wake of the ransomware attack, which also impacted Cognizant's current bottom line.
Cognizant reported a Q1 2020 revenue of $4.2 billion, up 2.8% over Q1 2019.
The number of SEC filings listing ransomware as a major forward-looking risk factor to companies' profits has skyrocketed in recent years from 3 filings in 2014 to 1,139 in 2019, and already 743 in 2020. Companies are seeing today ransomware attacks as a real risk for their bottom lines as ransomware incidents tend to cause reputational damage to stock prices and financial losses due to lost revenue as most victims take weeks and months to fully recover.
=================================================================
If there is a company that is good at cleaning up the messes that cyber incidents leave then why isn't there a great company at preventing them.... There is: WAVE SYSTEMS!!! As a company that cleans up cyber incidents, Mandiant has been thriving too long!! Wave solutions should be called upon for the most important of cybersecurity needs and make calling Mandiant a thing of the past. Saving millions could never have been so easy, and without the stress of other cybersecurity not stopping things like ransomware and cyber attacks.
==================================================================
This website below really has some amazing cybersecurity information.
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Companies Struggle for Effective Cybersecurity
https://www.darkreading.com/operations/companies-struggle-for-effective-cybersecurity/d/d-id/1337779?_mc=KJH-Twitter-2019-05
The money companies are spending on cybersecurity tools doesn't necessarily result in better security, a new survey shows.
Organizations of all sizes are under near-constant attack from cybercriminals — that we know. And of course they must defend themselves against attacks. But there are some huge questions about just how effective their ability to do so is. A new report by Mandiant Security Validation aims to address those questions.
"Customers are making decisions and deploying technologies with a lot of assumptions ... around the value that they're getting," says Chris Key, founder of Verodin and now senior vice president at Mandiant Security Validation. "And what we're seeing in almost every case is that it falls short."
Indeed, less than 10% of the attacks, on average, even generate an alert, he adds.
"I think it speaks to the fact that a lot of controls are sold with weak out-of-the-box configurations," says Key, explaining the difference between the number of test attacks generated and the number that generate alerts. "And then customers don't have the resources to tune and tweak them."
According to the "2020 Mandiant Security Effectiveness Report," the effectiveness gap exists throughout the security stack, from more than half (54%) of organizations that found they were missing early-stage attack tactics, to 67% that saw successful data exfiltration tactics used against them. The numbers were generated from attacks that were executed in 100 Fortune 1000 production environments representing 11 industries employing 123 market-leading security technologies, such as network, email, endpoint, and cloud products and services.
Those security services and product are part of the problem, according to Key. "As you add more tools, you increase the complexity. And the more complex we are, the more challenging it is to keep things configured correctly — to know what to rely on and to actually really get value," he says.
With security expertise a well-documented issue for the industry, the real question isn't whether the security technology is up to the job, but whether organizations are up to the task of properly purchasing, configuring, and getting the most from the technologies they purchase.
"You could could argue the layers of security are now probably more complicated than the general networking and IT environment layers," Key says. "But we've got nothing validating and going through the signal ensuring that these things are working together correctly, ensuring that my sensors are time-stamped correctly, ensuring that those events are getting through my firewalls and load balancers to my SIEM, or ensuring that my SIEM is passing it correctly to my management tools so there's no database corruption and all the alerts are firing."
That lack of collaboration and correlation is part of the environment that allows malicious files to be delivered and begin to move 48% of the time, with lateral movement success in 54% of cases, according to the report.
While deploying security tools using nothing more than out-of-the-box configuration is a source of failure compounded by a lack of resources to deploy them in any other way, Key says the report does contain the seeds of optimism.
"There is a lot of capability in the core tools that are out there. And so there is a lot of room to go from zero to 60 very quickly," he explains. The acceleration process may be critical, especially in the current business environment.
"There's a business conversation right now that CEOs are being asked across the board around whether we're sure that we're spending the dollars on the right things," Key says. "Are we sure that we're rationalizing what we have and what our costs are?"
Ultimately, Key says, it's not just about asking whether security products and services tick off boxes on a requirements list. The stakes are higher.
"How can I, as a security professional, speak to this in a quantifiable way to ensure that we're being a responsible corporate citizen and not wasting dollars in this environment on technology that we can't really demonstrate whether it's actually doing anything for us or not," he asks.
Quantifiable effectiveness is where security must go, he believes, and there are many steps still to take on the road.
==================================================================
The title of this article DOESN'T HAVE TO BE!!! QUANTIFIABLE EFFECTIVENESS is where security must go??? If we were using more Wave solutions we wouldn't have to go down that road!! Or if people realized what Wave could do for their organizations, they would smartly make the decision to buy Wave solutions, and stop this ineffective cybersecurity madness!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/wave-alternative
Excerpts:
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
People Think They're Too Smart to Fall for Phishing Scams
https://www.nextgov.com/ideas/2020/05/people-think-theyre-too-smart-fall-phishing-scams/165197/
That means they underestimate their own risk.
People believe they’re less likely than others to fall for phishing scams and, as a result, underestimate their own risk, a new study shows.
The research also reports that this happens, in part, because we overlook data, or “base rate information,” that could help us recognize risk when assessing our own behavior yet use it to predict that of others.
Together, the results suggest that those not informed of the risk that, for instance, work-from-home situations pose to online security may be more likely to jeopardize the safety of themselves and those they work for.
COVID-19 has had a devastating impact on the physical and mental health of people around the globe. Now, with so many more working online during the pandemic, the virus threatens to wreak havoc on the world’s “cyber health,” the researchers note.
Phishing Scams as Other People's Problems
“This study shows people ‘self-enhance’ when assessing risk, believing they are less likely than others to engage in actions that pose a threat to their cyber security—a perception that, in fact, may make us more susceptible to online attacks because it creates a false sense of security,” says Emily Balcetis, an associate professor in the psychology department at New York University and corresponding author of the study in Comprehensive Results in Social Psychology.
“This effect is partially explained by differences in how we use base rate information, or actual data on how many people are actually victimized by such scams,” adds coauthor Quanyan Zhu, a professor at the Tandon School of Engineering.
“We avoid it when assessing our own behavior, but use it in making judgments about actions others might take. Because we’re less informed in assessing our actions, our vulnerability to phishing may be greater.”
Through March, more than two million US federal employees received directives to work from home—in addition to the millions working in the private sector and for state and local governments. This overhaul of working conditions has created significantly more vulnerabilities to criminal activity—a development the Department of Homeland Security has recognized. Its Cybersecurity and Infrastructure Security Agency issued an alert in March that foreshadowed the specific cyber vulnerabilities that arise when working from home rather than in the office.
My Risk Vs. Yours
In their study, the researchers sought to capture how people perceive their own vulnerabilities in relation to that of other people.
To do so, researchers conducted a series of experiments in which subjects saw phishing scam emails that researchers told them were illegitimate. These emails asked people to click links, update passwords, and download files.
To tempt the study’s subjects, college undergraduates, the researchers told them complying with the requests would give them a chance to win an iPad in a raffle, have their access restored to an online account, or other outcomes they wanted or needed.
Researchers asked half of the subjects how likely they were to take the requested action while they asked the other half how likely another, specifically, “someone like them,” would do so.
On the screen that posed these questions, the researchers also provided the subjects with “base rate information”: The actual percentage of people at other large American universities who actually did the requested behavior (One, for instance, read: “37.3% of undergraduate students at a large American university clicked on a link to sign an illegal movie downloading pledge because they thought they must in order to register for classes”).
The researchers then deployed an innovative methodology to determine if the subjects used this “base rate information” in reporting the likelihood that they and “someone like them” would comply with the requested phishing action. Using eye-tracking technology, they could determine when the subjects actually read the provided information when reporting their own likelihood of falling for phishing attempts and when reporting the likelihood of others doing the same.
'Social Judgment'
Overall, they found that the subjects thought they were less likely than others to fall for phishing scams—evidence of “self-enhancement.” But the researchers also discovered that the subjects were less likely to rely on “base rate information” when answering the question about their own behavior, yet more likely to use it when answering the question about how others would act.
“In a sense, they don’t think that base rate information is relevant to their own personal likelihood judgments, but they do think it’s useful for determining other people’s risk,” says Balcetis.
“The patterns of social judgment we observed may be the result of individuals’ biased and motivated beliefs that they are uniquely able to regulate their risk and hold it at low or nonexistent levels,” says lead researcher Blair Cox, a scientist in the psychology department. “As a result, they may in fact be less likely to take steps to ensure their online safety.”
Support for the study came from the National Science Foundation’s directorates for Computer and Information Science and Engineering and Social, Behavioral, and Economic Sciences.
==================================================================
WHY NOT TAKE THE HUMAN ELEMENT OUT OF PHISHING!!! USE WAVE ERAS and WAVE VSC 2.0 to help SECURE YOUR ENDPOINTS!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
https://www.wavesys.com/contact-information
How hackers are updating the EVILNUM malware to target the global financial sector
https://www.cyberscoop.com/evilnum-financial-malware-prevailion/
Hackers behind a series of targeted financial attacks have been updating their malware to better evade detection over the last year, according to new Prevailion research slated to be published Wednesday.
Since at least February 2019, the hackers, who have begun impersonating CEOs and banks in their lure documents, have introduced at least seven updates to the malicious software known as EVILNUM, which enables attackers to upload and download files, harvest tracking cookies, and run arbitrary commands.
While internet scammers frequently masquerade as corporate executives to tempt victims into clicking on malware, attackers behind EVILNUM are rapidly working to make their tools more obscure. The unknown attackers began rolling out the newest version of the EVILNUM malware three days ago. By press time, the hacking tool only was detected by eight of the 59 vendors on VirusTotal, a malware-sharing repository indicating many common software security vendors are not capable of protecting against this group’s techniques.
The prior version of EVILNUM, number 3.6, only was detected by six of the vendors on VirusTotal. Details about the latest hacking tool were shared exclusively with CyberScoop prior to their publication.
“It shows there’s an ongoing evolution of this kit,” said Danny Adamitis, director of intelligence analysis at Prevailion. “I believe this is one of the more advanced financial crime actors that we’ve seen.”
While EVILNUM has been used in conjunction with a remote access trojan (RAT), called Cardinal RAT, in campaigns against financial technology targets primarily located in Israel, according to Palo Alto Networks, it is not clear that EVILNUM has a specific geographic focus, Adamitis said.
In perhaps the most notable indication that attackers are updating their strategies based on their surroundings, version 3.6 was specifically updated so it could bypass two popular antivirus tools from BitDefender and Avast. A previous version of EVILNUM accounted for BitDefender, but not Avast, according to Prevailion.
Attackers also have been using a registry key that changes location based on the antivirus product victim machines are using so the malware can maintain persistence even when targets reboot their computers.
Within the past year, Prevailion also has observed that hackers have built in an elaborate obfuscation technique that functions as a kind of “dead drop” for infected machines to communicate back with the attacker-controlled server. To create this kind of one-way communication, EVILNUM hackers have begun using remote web pages through GitLab and Digital Point, a web forum, to serve as the “dead drop” sites.
These web pages identify the command-and-control server node, an additional step in communications that could make attribution and detection more difficult, according to Adamitis.
The lures
Victims targeted by version 3.6 received a link to a URL hosted on Google Drive, where they were presented with a zip file, meant to compress large files or several files. When victims click through, they download attacker-manipulated documents with information on real financial figures that could presumably be setting up an account with financial services organizations.
So far, the documents have impersonated a small circle of individuals including the CEO of a bank in a British territory, an investment company in England, a financial executive in Canada, and an individual from Finland working for a managed cloud services provider.
“Given the nature of these lures, Prevailion suspects with moderate confidence these efforts were targeted towards select financial institutions rather than wide-scale spamming,” the researchers note.
Although it is unclear exactly what the hackers’ ultimate goals are, Adamitis suspects there is a second stage of the attack.
Once unzipped, the malware is capable of bringing files from the attacker-controlled server, converting strings of data into bytes, and receiving binary data, which could indicate there’s a second stage payload or malicious file to this attack that isn’t visible — yet.
“We saw a number of functions that just make me believe that there’s more to this,” Adamitis told CyberScoop. “It made me believe this wasn’t the end all be all, that it was just to get the lay of the land.”
==================================================================
https://www.wavesys.com/malware-protection
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
Wave’s solution: start with the device
If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.
==================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
=================================================================
For more information on Wave's other outstanding solutions, please see the link below:
https://www.wavesys.com/
US financial industry regulator warns of widespread phishing campaign
https://www.zdnet.com/article/us-financial-industry-regulator-warns-of-widespread-phishing-campaign/?ftag=COS-05-10aaa0g&taid=5eb18304e01f380001eeb27b&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
FINRA warns of phishing campaign aimed at stealing members' Microsoft Office or SharePoint passwords.
==================================================================
Wave Delivers Secured Credentials for Modern Access Control
https://www.wavesys.com/buzz/pr/wave-delivers-secured-credentials-modern-access-control
Excerpts:
"The user has no knowledge of device authentication credentials, and that effectively eliminates the problem of phishing or social engineering hacks that trick the user into inputting access information," Mr. Sprague continued. "With Wave, customers have the full support for machines running Windows 7, and soon Windows 8, to modernize their network architecture to one based on device identity."
Through the use of Wave's ERAS, IT can deploy domain credentials to the Trusted Platform Module (TPM), a security chip on the motherboard of most PCs. This step simplifies the deployment process, and adds security for the credential, as TPM-secured credentials are immune to many well-known attacks.
In addition to offering greater security for DirectAccess, ERAS help protect credentials for networks running Cisco or Juniper network remote access solutions.
==================================================================
The FINRA article helps to highlight the above bolded quote from Steven Sprague and one must wonder how it is that Wave's technology doesn't appear to be flourishing?!?! Phishing is still a BIG problem and Wave VSC 2.0 and Wave ERAS could make it so that it is not!! Rather than educating employees on recognizing phishing, that money could be better spent buying a solution to stop phishing in Wave VSC 2.0 and Wave ERAS!!!
=================================================================
https://www.wavesys.com/
Banking trojan attack exposes dangers of not securing MDM solutions
https://www.scmagazine.com/home/security-news/mobile-security/banking-trojan-attack-exposes-dangers-of-not-securing-mdm-solutions/
A global conglomerate had 75 percent of its mobile devices infected by a variant of the Cerberus Android banking trojan after an attack compromised the company’s mobile device management (MDM) server and used it to spread the malware.
In a company blog post report, Check Point Software Technologies identifies MDM as a fairly novel malware distribution attack vector, noting that it’s the “first time we have a reported incident” of this nature, whereby an MDM solution is abused to push out malware to devices.
For the record, instances of MDM abuse have — at least on a limited basis –been reported previously, as demonstrated here. Nevertheless, with businesses leaning heavily on mobile devices and MDM solutions during the COVID-19 crisis, the threat of potentially seeing a string of copycat attacks in the future is likely much greater than before.
Check Point does not name the victimized company, nor the MDM solution that was abused. Typically, MDM solutions are designed to help IT and security professions monitor, manage and secure devices across a mobile work environment, and to reduce complexity where there is a mixture of mobile service providers and operating systems in an ecosystem.
For that reason, if an attacker manages to subvert these mobile protections and infiltrate a company, the ramifications can be highly damaging. That’s why Check Point is urging MDM users to understand the difference between simply managing and actually securing mobile devices — a sentiment echoed by other experts as well.
“MDM’s most prominent feature, arguably the reason for its existence, is also its Achilles’ heel – a single, central control for the entire mobile network,” says the Check Point report. “If that platform is breached, so is the entire mobile network.”
“While MDM offers an easy way to manage those devices, security cannot be ignored… They need to be protected as any other endpoint as they offer a tempting target,” the report continues.
“MDMs are just management tools. They have no way of analyzing if something bad is on the device. That is what MTD [Mobile Threat Defense] is for, said Kern Smith, VP of engineering for the Americas at Zimperium, in an interview with SC Media. (Zimperium is a provider of MTD solutions, as is Check Point.)
“…[O]ther than looking at how the attacker was able to gain access to the MDM (authentication, credential compromise, etc.) there is not much one can do once that initial breach as been made — unless you have MTD on the device to detect that the attackers were now pushing down or installing malware on the managed devices,” Smith continued.
“While MDM does have its functions, help administrators push policies, install applications, and lots of managing options, it does not provide security services,” explained Aviran Hazum, analysis and response team leader at Check Point, in an email interview with SC Media. “No dynamic or static analysis of applications, no signature mechanisms, no network traffic inspection. If this was an ‘anti-virus for PC’ that didn’t have those basic security services, no one would install it on corporate workstations and say that they are protected.”
The incident cited in the blog post report was discovered last February, when Check Point detected a pair of malicious applications installed in automated fashion on a large number devices operated by one of the cyber firm’s customers.
While the researchers ultimately identified the malicious payload as being in the Cerberus malware-as-a-service family, they observed additional remote access trojan capabilities as well.
The variant is capable of exfiltrating sensitive such as user credentials, log keystrokes, steal Google Authenticator data and Gmail passwords, capture or send SMS messages, make calls, install or uninstall applications, command devices remotely through TeamViewer, and more. Some of this functionality is made possible by forcing the user to update permissions for the Accessibility service, the researchers noted.
================================================================
Please review posts 245979 and 245966. Why not use the mobile security of ARM, Wave and Samsung with Trust at the Edge! (of the network)!! This article shows the need for it!!
=================================================================
Wave Joins ARM TrustZone Ready Program
Committed to Helping Chip Manufacturers Implement Industry Standard Security for Mobile Platforms
https://www.wavesys.com/buzz/pr/wave-joins-arm-trustzone-ready-program
==================================================================
Wave Systems Signs 15-year License Agreement with Samsung
https://www.wavesys.com/buzz/news/wave-systems-signs-15-year-license-agreement-samsung
Ransomware mentioned in 1,000+ SEC filings over the past year
https://www.zdnet.com/article/ransomware-mentioned-in-1000-sec-filings-over-the-past-year/?ftag=COS-05-10aaa0g&taid=5eaf623de21434000196c27b&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
A growing number of public companies have started listing ransomware as a forward-looking risk factor in their SEC documents.
Excerpts:
Companies finally starting to understand
But the losses from paying the ransom, even if the demand reaches millions, pale in comparison to the invisible costs that come with ransomware, namely lost business.
It was once considered that paying the ransom was an acceptable option for some companies, as they could restore files and get back up and running within hours.
However, the reality is not so. Even if companies pay the ransom demand, decrypting the locked data usually takes days, rebuilding or upgrading IT networks takes another few days or weeks, and companies end up with downtimes of weeks or months due to a ransomware attack.
These downtimes are having a severe impact on companies' bottom lines. Such costs have only recently started to surface, as companies have been filing end-of-year reports, where the overall effect of a ransomware attack becomes much clearer.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/wave-alternative
Excerpts:
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
LockBit, the new ransomware for hire: A sad and cautionary tale
https://arstechnica.com/information-technology/2020/05/lockbit-the-new-ransomware-for-hire-a-sad-and-cautionary-tale/
You've probably never heard of LockBit, but that's likely to change.
==================================================================
Better to BE PREPARED with:
1. Wave VSC 2.0, a multi-factor authentication (MFA) solution keeping the bad guys off the network and from accessing your sensitive data.
2. Wave Endpoint Monitor unlike many anti-virus software products STOPS that sneaky malware.
3. Wave SED Management manages SEDs (self encrypting drives) to keep ransomware attackers from stealing your data and putting it up for ransom.
=================================================================
For those concerned about ransomware the article above is interesting!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Spear-phishing campaign compromises executives at 150+ companies
https://www.zdnet.com/article/spear-phishing-campaign-compromises-executives-at-150-companies/?ftag=COS-05-10aaa0g&taid=5eab205606bb9b00014032bb&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
PerSwaysion group appears to be formed of members based in Nigeria and South Africa.
A cybercrime group operating since mid-2019 has breached the email accounts of high-ranking executives at more than 150 companies, cyber-security firm Group-IB reported today.
The group, codenamed PerSwaysion, appears to have targeted the financial sector primarily, which accounted for more than half of its victims; although, victims have been recorded at companies active across other verticals as well.
PerSwaysion operations were not sophisticated, but have been extremely successful, nonetheless. Group-IB says the hackers didn't use vulnerabilities or malware in their attacks but instead relied on a classic spear-phishing technique.
They sent boobytrapped emails to executives at targeted companies in the hope of tricking high-ranking executives into entering Office 365 credentials on fake login pages.
Group-IB said PerSwaysion's entire scheme could be narrowed down to a simple three-step process:
1.Victims receive an email containing a clean PDF file as an email attachment. If victims open the file, they'd be asked to click a link to view the actual content.
2.The link would redirect users to a Microsoft Sway (newsletter service) page, where a similar file would ask the victim to click on another link.
3.This last link redirects the executive to a page mimicking the Microsoft Outlook login page, where hackers would collect the victim's credentials
PerSwaysion operators acted fast from the moment of a successful phish and usually accessed hacked email accounts within a day.
"After the credentials are sent to their [command and control servers], the PerSwaysion operators log into the compromised email accounts. They dump email data via API and establish the owner's high-level business connections," Group-IB said.
"Finally, they generate new phishing PDF files with current victim's full name, email address, company legal name. These PDF files are sent to a selection of new people who tend to be outside of the victim's organization and hold significant positions."
Group-IB said that once PerSwaysion operators sent out a new spear-phishing campaign from a compromised account, they also typically deleted impersonating emails from the outbox folder to avoid detection.
For the time being, Group-IB has been unable to determine what hackers have been doing after gaining access to these email accounts.
Hackers could be selling access to other cybercrime groups; they could be sitting, wating, and stealing intellectual property; or they could be preparing to launch a wire payment hijack (BEC scam) at a later date.
Group-IB said that based on current evidence, the PerSwaysion group appears to be formed of members based in Nigeria and South Africa, are using a phishing toolkit developed by a Vietnamese programmer, and the group's leader appears to be a suspect going by the name of "Sam."
The cyber-security firm launched today a website where executives can check if their email addresses have been acquired and targeted by the group in the past.
==================================================================
If only high ranking executives knew about Wave VSC 2.0 and Wave solutions (and bought Wave solutions), their organizations would be much better protected and could avoid situations like those with the 150+ companies in this article!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
Kaspersky: RDP brute-force attacks have gone up since start of COVID-19
https://www.zdnet.com/article/kaspersky-rdp-brute-force-attacks-have-gone-up-since-start-of-covid-19/
RDP brute-force attack numbers rose in mid-March as quarantines were being imposed over the globe.
Cyber-security firm Kaspersky says the number of brute-force attacks targeting RDP endpoints rose sharply since the onset of the coronavirus (COVID-19) pandemic.
According to a report published today, RDP brute-force attacks increased last month, when most countries around the globe imposed quarantines and stay-at-home orders, forcing companies to deploy more RDP systems online, increasing the attack surface for hackers.
"Since the beginning of March, the number of Bruteforce.Generic.RDP attacks has rocketed across almost the entire planet," the Russian antivirus vendor said today.
RDP stands for Remote Desktop Protocol and is a proprietary Microsoft technology that lets users log into remote workstations across the internet.
RDP endpoints are secured via a username and password, and, as such, are vulnerable to brute-force attacks -- repeated login attempts during which hackers try different username and password combinations, hoping to guess the login credentials.
RDP brute-force attacks are always going on, representing a good chunk of all the bad traffic recorded every day on the internet.
Brute-force attempts against RDP spiked as a large part of the world's population is working from home, and are using RDP as a way to log into work computers and servers from home.
Earlier this month, internet indexing service Shodan reported a 41% increase in the number of RDP endpoints available on the internet, as the COVID-19 pandemic was starting to spread.
With an increase in the number of RDP endpoints available online, interest from cyber-criminals followed, Kasperky said today.
Once attackers compromise an RDP endpoint, cybercrime groups will usually put the RDP credentials on sale on so-called "RDP shops."
Other gangs buy these credentials, access a company's network, and then steal proprietary data, perform reconnaissance before attempting a wire fraud (BEC) attack, or install ransomware to encrypt files and demand a ransom payment.
According to a Coveware report published today, hacked RDP endpoints has long been the favorite method of intrusion employed by today's ransomware gangs over the past months, and is most likely to remain so going forward.
=================================================================
Wave VSC 2.0 is the multi-factor authentication (MFA) solution that could STOP the problem in this article as soon as an organization uses Wave VSC 2.0!!! ANOTHER GREAT USE of Wave VSC 2.0, and it could be a life saver for organizations!!! Better security at less than half the cost!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpts:
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
==================================================================
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
Will the Pandemic Complicate Cyber Insurance Claims?
https://www.darkreading.com/edge/theedge/will-the-pandemic-complicate-cyber-insurance-claims/b/d-id/1337663
While quarantined workers are keeping safe at home, they could be jeopardizing your insurance policy.
Question: Will the COVID-19 pandemic complicate cyber insurance claims?
Jeff Dennis, head of Newmeyer Dillion’s Privacy & Data Security practice: Most organizations are now requiring that their employees work from home with the ongoing novel coronavirus disease (COVID-19) pandemic. However, in the event of a breach or other incident, there may be limitations in your cyber liability insurance policy based upon the type of hardware being used. As with all contracts, whether there is coverage or not will depend on the specific terms and conditions of the insurance policy itself.
One issue that may be overlooked is that many cyber liability insurance policies make a distinction between computer hardware owned by the insured company and computer hardware or other devices owned by company employees. This distinction becomes critical as the insuring agreements may limit or exclude coverage for computer hardware that it is not owned by the named insured. The insurance policy may also have other requirements related to the use of personal devices by employees, such as requiring a formal written policy to address the use of such devices.
Some organizations may provide company-owned laptops to employees, while others allow employees to use their own devices to perform work. Companies may be forced to allow employees to work from home during this pandemic - using personal laptops, tablets and other devices necessary to complete their work. Depending on the cyber liability policy, there may not be coverage for the use of such non-company owned hardware. And in the event of a breach or other cyber incident, there may not be coverage for subsequent damage or other coverage that you expect to have.
Cyber liability insurance policies should be reviewed by cyber insurance coverage experts to understand all available coverages and limitations. It is best to be proactive and immediately complete an insurance review to ensure you have the coverage you expect during this pandemic.
=================================================================
A non-company owned computer without an SED (Self Encrypting Drive) and Wave VSC 2.0 could lead to an unpaid claim in the event of a data breach, ransomware, or cyber incident. An SED and Wave VSC 2.0 in a company computer could avoid these events and a claim!!! These cyber incidents can be costly!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Israel government tells water treatment companies to change passwords
https://www.zdnet.com/article/israel-says-hackers-are-targeting-its-water-supply-and-treatment-utilities/
Israel cyber-security agency reported intrusion attempts last week.
The Israeli government says that hackers have targeted its water supply and treatment facilities last week.
In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems.
If passwords can't be changed, the agency recommended taking systems offline until proper security systems can be put in place.
The INCD alert, issued on April 23, said the agency received reports of intrusion attempts at wastewater treatment plants, water pumping stations, and sewers, but did not go into details.
A similar alert was also published by Israel's Computer Emergency Response Team (CERT) and by the Israel government's Water Authority.
According to a Ynet report, the Water Authority told companies to change passwords "with emphasis on operational systems and chlorine control devices in particular," believed to have been targeted the most.
ZDNet has learned from sources today that the Israeli government has issued these alerts in an attempt to improve the cyber-security posture of its industrial infrastructure, but also after it received a report from cyber-security firm ClearSky.
The company is said to have identified an Islamic hacktivist group active on social media. Named the Jerusalem Electronic Army (J.E.Army), the group has a presence on all major social networks, such as Facebook, Instagram, WhatsApp, Twitter, and Telegram, where it often posts screenshots from targets they claim to have hacked.
On some of these sites, the group has claimed to have gained access to various Israeli universities and government systems.
ClearSky linked the group to the Gaza Cybergang, a known Arab-speaking hacking group believed to be operating out of Palestine.
At the time of writing, there have been no reports of a confirmed intrusion at any Israeli water treatment and supply company.
The alerts also urged companies to update equipment firmware to the latest versions.
==================================================================
Wave Systems Announces First U.S. Federal Government Customer for Wave Virtual Smart Card 2.0
https://www.wavesys.com/buzz/pr/wave-systems-announces-first-us-federal-government-customer-wave-virtual-smart-card-2.0
Excerpts:
“This is an important milestone for Wave,” said Bill Solms, CEO of Wave. “Wave Virtual Smart Card 2.0 has been purchased by a government agency with significant security requirements and one that requires redundant means of system authentication due to national security interests. This initial sale is modest compared to the addressable market within the Federal Government sector, but it is important to our strategy for marketing the Virtual Smart Card to address critical government infrastructure defense.”
==================================================================
The Israeli government and the U.S. could stand to highly benefit by using Wave VSC 2.0! Better security at less than half the cost!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Hackers are exploiting a Sophos firewall zero-day
https://www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/?ftag=COS-05-10aaa0g&taid=5ea60497e3c40700015ea934&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
Sophos releases emergency patch to fix SQL injection bug exploited in the wild, impacting its XG Firewall product.
Cyber-security firm Sophos has published an emergency security update on Saturday to patch a zero-day vulnerability in its XG enterprise firewall product that was being abused in the wild by hackers.
Sophos said it first learned of the zero-day on late Wednesday, April 22, after it received a report from one of its customers. The customer reported seeing "a suspicious field value visible in the management interface."
After investigating the report, Sophos determined this was an active attack and not an error in its product.
Hackers abused an SQL injection bug to steal passwords
"The attack used a previously unknown SQL injection vulnerability to gain access to exposed XG devices," Sophos said in a security advisory today.
Hackers targeted Sophos XG Firewall devices that had their administration (HTTPS service) or the User Portal control panel exposed on the internet.
Sophos said the hackers used the SQL injection vulnerability to download a payload on the device. This payload then stole files from the XG Firewall.
Stolen data could include usernames and hashed passwords for the firewall device admin, for the firewall portal admins, and user accounts used for remote access to the device.
Sophos said that passwords for customers' other external authentication systems, such as AD or LDAP, were unaffected.
The company said that during its investigation, it did not find any evidence that hackers used the stolen passwords to access XG Firewall devices, or anything beyond the firewall, on its customers' internal networks.
Patch already pushed to customer devices
The UK company, famed for its antivirus product, said it prepared and already pushed an automatic update to patch all XG Firewalls that have the auto-update feature enabled.
"This hotfix eliminated the SQL injection vulnerability which prevented further exploitation, stopped the XG Firewall from accessing any attacker infrastructure, and cleaned up any remnants from the attack," it said.
The security update will also add a special box in the XG Firewall control panel to let device owners know if their device has been compromised.
For companies that had devices hacked, Sophos is recommending a series of steps, which include password resets and device reboots:
1.Reset portal administrator and device administrator accounts
2.Reboot the XG device(s)
3.Reset passwords for all local user accounts
4.Although the passwords were hashed, it is recommended that passwords are reset for any accounts where the XG credentials might have been reused
Sophos also recommends that companies disable the firewall's administration interfaces on the internet-facing ports if they don't need the feature. Instructions to disable the control panel on the WAN interface are available here.
==================================================================
Wave stated in the Wave Alternative what it's assessment of firewalls was a few years ago, and the smart use of better data protection with the Wave Alternative (SEDs, TPMs and Wave solutions)!! Those choosing Wave solutions could be saving themselves from alternative products that have problems, and instead get BETTER SECURITY!!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/wave-alternative
Cybersecurity snubbed in stimulus package
https://www.scmagazine.com/home/security-news/cybersecurity-snubbed-in-stimulus-package/
Aid for states is not the only thing that didn’t make it into the $480 billion stimulus package President Trump signed today – funding for cybersecurity also was notably missing, something that security experts, policymakers and security experts hope Congress will rectify in future stimulus bills, particularly around election security.
In a letter to House Speaker Nancy Pelosi, D-Calif., and Minority Leader Kevin McCarthy, R-Calif., the Cybersecurity Coalition, Alliance for Digital Innovation, BSA, The Software Alliance, The Computing Technology Industry Association (CompTIA), Cyber Threat Alliance, Global Cyber Alliance and Information Technology Industry Council (ITI) pressed for funding for states and local governments to secure their systems, some of which provide “critical services, particularly as residents increasingly telework, access state resources online, and depend on” critical infrastructure owned and operated by those governments.
“State and local entities, however, have long lacked the resources to adequately secure and maintain their digital infrastructure,” the group wrote. “The rise in malicious cyberattacks targeting state and local entities, combined with the chronic lack of workforce, patchwork legacy systems, under-resourced cybersecurity and IT services, and uneven federal assistance creates a greater risk of system failure that interrupts services on which state and local populations depend.”
Of particular importance is securing elections, which has taken on greater urgency with the presidential contest well under way during the pandemic.
Pointing to the findings in the penultimate volume of the Senate Intelligence Committee’s five-part report on Russian election interference in the 2016 election, Mike Hamilton, former CISO for Seattle and CISO of cybersecurity firm CI Security, said, “the failure to include adequate funding to secure upcoming elections leads to a number of interesting possibilities, none of which are good news for election management.”
Among the issues, breakdowns of equipment on Election Day coupled with inadequate support could dilate the time it takes to cast a vote and keep people at home.
“The integrity of the upcoming election may now be called into question, leading to chaos and another election outcome that is decided in the courts – which are now more partisan, and stacked in favor of the Republican party,” he said.
Vote by mail efforts are probably too little, too late. “Preparation for mail in voting should have begun in earnest as one of the actions taken by State Emergency Operations Centers, in order to provide continuity of operations in government,” Hamilton said. Likewise, virtual elections would be difficult to execute “without significant development and testing time,” otherwise “a fast method developed for online voting would only exacerbate the narrative that the election outcome cannot be trusted.”
=================================================================
Wave could be SAVING these states/cities money when times really require that states/cities do this as well as provide BETTER SECURITY!!! Below is the Wave Alternative and Wave Solutions, cybersecurity that is a must have for these states/cities!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
Expanding Trust in Mobile Devices
https://securityboulevard.com/2020/04/expanding-trust-in-mobile-devices/
==================================================================
The mobile security market may have taken the back seat when Wave was concentrating on profitability a few years ago. This article and the articles in post #245966 should generate some excitement. Samsung and Arm and Wave could be exciting as well. A team succeeds over one person. Hopefully, there is a Wave team and/or investors behind the scenes who are still massively interested in seeing awesome times ahead for Wave!!!
Skype Phishing Attack Targets Remote Workers’ Passwords
https://threatpost.com/skype-phishing-attack-targets-remote-workers-passwords/155068/
Attackers are sending convincing emails that ultimately steal victims’ Skype credentials.
Remote workers are being warned of a new phishing campaign targeting their Skype passwords.
The phishing emails look “eerily similar” to a legitimate Skype notification alert, according to a report released by Cofense on Thursday. Emails indicate users have 13 pending Skype notifications that can be checked by clicking a “Review” button.
“It is not uncommon to receive emails about pending notifications for various services,” researchers wrote. “The threat actor anticipates users will recognize this as just that, so they take action to view the notifications. Curiosity and the sense of urgency entice many users to click the ‘Review’ button without recognizing the obvious signs of a phishing attack.”
Those red flags are apparent upon closer inspection. The sender address, which spoofs a convincing Skype phone number and email address in the sender address, appears legitimate at first glance. But the real email address – an external, compromised account – can be found in the return-path (displayed as “sent from”).
Upon clicking “Review,” users are redirected through an app.link (hxxps://jhqvy[.]app[.]link/VAMhgP3Mi5) and finally to the end landing page (hxxps://skype-online0345[.]web[.]app).
The .app top level domain, used for this phishing landing page, is backed by Google to help app developers securely share their apps. It adds an air of further legitimacy to the phishing attack, researchers said.
“A benefit of this top-level domain is that it requires HTTPS to connect to it, adding security on both the user’s and developer’s end, which is great…but not in this case,” said researchers. “The inclusion of HTTPS means the addition of a lock to the address bar, which most users have been trained to trust. Because this phishing site is being hosted via Google’s .app TLD it displays this trusted icon.”
The webpage impersonates a legitimate Skype login page, asking for victims’ Skype credentials. The threat actors have done their research – they’ve added recipients’ company logos to the login box, as well as a disclaimer at the bottom warning that the page is for “authorized use” of that company’s users only.
The username is also auto-filled (due to the URL containing the base64 of the target email address) – another trick that leaves little room for doubt on the victims’ side.
“The only thing left for the user to do is to enter his or her password, which then falls into the hands of the threat actor,” said researchers.
The campaign is one of many looking to leverage the wave of remote workers who, in the midst of the coronavirus pandemic have come to rely on online conferencing tools like Webex (as well as Zoom and other platforms). With this upward spike in online meetings, compromised Skype credentials could be sold on underground forums, or used to log into accounts where sensitive files and data are shared (among other malicious activities).
Earlier in April, a phishing campaign was unearthed reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to “update,” only to steal their credentials for Cisco’s Webex web conferencing platform instead.
Researchers warn users to stay on the lookout for bad actors spoofing web conferencing and virtual collaboration apps. In general, attackers are taking advantage of the panic around the coronavirus with phishing emails around financial relief, promises of a cure and symptom information details.
“With so many people working from home, remote work software like Skype, Slack, Zoom, and WebEx are starting to become popular themes of phishing lures,” said Cofense researchers.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
==================================================================
Hundreds of millions of Skype users could benefit from having a SOLUTION SUCH AS WAVE VSC 2.0 since it PROTECTS AGAINST PHISHING!!! With the marketing possibilities, these Skype users/teleworkers could find this Wave solution a life saver for users in their organizations and the organizations themselves!!!
Protect your money by changing your banking passwords
https://www.cnbc.com/2020/04/19/protect-your-money-by-changing-your-banking-passwords.html
==================================================================
Password managers also require good management by user
https://www.seattletimes.com/business/technology/password-managers-also-require-good-management-by-user/
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
=================================================================
Wave Knowd could do a much better job than changing passwords/making them sophisticated (and the problems with that) as outlined in the CNBC article. The second link talks about some of the tribulations of using a password manager. Wave Knowd along with Facebook could be very beneficial for the banking sector!!!
267 million Facebook profiles sold for $600 on the dark web
https://www.bleepingcomputer.com/news/security/267-million-facebook-profiles-sold-for-600-on-the-dark-web/
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
==================================================================
If there are MANY Facebook users not using 2FA from Facebook, why not use a simpler and more secure solution in Wave Knowd?!! Wave Knowd was tested under NSTIC!!! It would protect users and Facebook!!!! SKS and MS and others had a great idea in Wave Knowd!!!
IT services firm Cognizant hit with Maze ransomware
https://www.cyberscoop.com/cognizant-maze-ransomware-fortune-500/
Cognizant, a multibillion-dollar IT services company with clients in the banking and oil and gas industries, said Saturday its computer systems had been disrupted by Maze ransomware, a strain of malicious code that has been used in cyberattacks in the U.S. and Europe in recent months.
“Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident,” the New Jersey-based company said in a statement. “Cognizant has also engaged with the appropriate law enforcement authorities.”
A Fortune 500 company with over a quarter of a million employees worldwide, Cognizant possesses a wealth of data that would make it a target of hackers. Cognizant’s software and consulting services are used by major pharmaceutical firms and restaurant chains, according to its website.
Earlier this week, the company had notified clients of the incident and shared “indicators of compromise” — forensic data such as IP addresses and malicious files — so that they could defend against the malicious activity. The attack caused “service disruptions for some of our clients,” the company said.
“The integrity and availability of our systems are of paramount importance to Cognizant and we are working diligently to minimize any disruptions,” a company spokesperson told CyberScoop earlier on Saturday.
One of the malware samples that Cognizant shared with clients is detected by multiple anti-virus products as Maze ransomware. Hackers affiliated with Maze reportedly denied involvement in the attack to Bleeping Computer, but the forensic data suggests that Maze infrastructure was used in the attack. Nearly all of the malicious IP addresses reported by Cognizant have been previously used by hackers to deploy the Maze ransomware, according to advisories from the Department of Homeland Security and the FBI.
The hackers behind Maze gained notoriety last year by stealing sensitive data from victims, encrypting it, and threatening to publish the information if they aren’t paid a ransom, leading the FBI to privately warn U.S. companies about the threat in December. A spate of attacks has continued since then.
The cyberattack on Cognizant is the latest sign that ransomware gangs are not holding off on targeting companies amid the novel coronavirus pandemic.
=================================================================
Wave VSC 2.0, Wave Endpoint Monitor, and Wave SED Management are three Wave solutions that are very effective at being able to stop ransomware!!! If only Wave was introduced to Cognizant!
Obviously, the anti-virus for Cognizant is not catching all the malware (ransomware). A smart move would be to deploy Wave Endpoint Monitor and catch that sneaky malware (ransomware)!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/malware-protection
https://www.wavesys.com/products/wave-endpoint-monitor
Energy Giant EDP Hit With €10 Million Ransomware Threat
https://www.infosecurity-magazine.com/news/energy-giant-edp-hit-10-million/?utm_source=dlvr.it&utm_medium=twitter
Ransomware attackers are demanding €10 million ($11m) from a European energy giant or else they will release stolen corporate documents, researchers have claimed.
A group using the RagnarLocker variant appears to have targeted the Lisbon-headquartered Energias de Portugal (EDP) group, which employs over 11,000 staff globally and made over €3.3 billion in gross operating income in 2018.
Ethical hacker Vitali Kremez posted screenshots of the ransom note dated Tuesday to Twitter. In it, the attackers threaten to publish 10TB of data from the company’s file servers “or sell it to interested parties” if EDP doesn’t pay up.
Another screenshot apparently shows checks in the code to prevent execution in countries formerly part of the Soviet Union.
MalwareHunterTeam said that the screenshots of stolen data already published on the group’s ‘news’ site seems to indicate they may well have access to terabytes of data.
“As frequently, in this case too the actors were in the victim's network for some time before running the RW,” they added, on Twitter. “Obviously we can't tell from when they were in EDP's network, but it looks they already had some amount of files stolen on the 6th this month.”
Not to be confused with the similar-sounding Ragnarok ransomware, RagnarLocker was first discovered at the end of last year, targeting Windows-based systems. It’s said to target software used by managed service providers (MSPs) to stay hidden.
The EDP site itself appeared to be functioning relatively normally at the time of writing, although a pop-up window noted: “due to constraints in the information systems, your EDP Online customer area and the 808 53 53 53 service line have temporarily limited access.”
Given their role as critical infrastructure providers, utilities firms are a natural target for ransomware attackers.
=================================================================
ORGANIZATIONS SHOULD BUY WAVE SOLUTIONS AND AVOID WHAT EDP IS GOING THROUGH!!! WAVE SOLUTIONS ARE SIMPLE, EFFECTIVE AND STOP AN ORGANIZATIONS' DATA FROM GETTING INTO THE WRONG HANDS!!! WAVE SOLUTIONS COULD HAVE SAVED EDP AND OTHER ORGANIZATIONS MILLIONS!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Microsoft has just broken Windows 10’s antivirus protection – apply this fix straight away
https://www.techradar.com/news/microsoft-has-just-broken-windows-10s-antivirus-protection-apply-this-fix-straight-away
Windows Defender gets faulty update
Microsoft has released yet another faulty update, and this time it appears to be causing some serious issues with Windows Defender, the built-in antivirus software that comes with Windows 10.
As Windows Latest reports, it appears that an automatic update, known as Security Intelligence 1.313.1638.0, which was only recently released by Microsoft, is causing Windows Defender to show error messages saying “Threat service has stopped. Restart now,” and “Unexpected error. Sorry, we ran into a problem. Please try again.”
•How to fix Windows 10 search problems
•We solve 100 common Windows 10 problems
•Buy Windows 10: the cheapest prices in April 2020
Most worryingly of all, the issues appear to prevent users from being able to run Windows Defender scans to check Windows 10 for viruses and security problems.
Indefensible
Microsoft is having a rough time of late when it comes to pushing faulty updates, but this is one of the most concerning. Because Windows Defender is built into Windows 10, it’s used by a huge amount of people to keep their PCs safe when online.
If the update is causing Windows Defender to stop working, millions of PCs could be at risk.
==================================================================
Wave Endpoint Monitor would be a great anti-malware defensive layer, and it has the ability to catch that sneaky malware that other anti-virus software miss!! It could also provide a layer of defense that is working for those who can't afford downtime!!!
This is a very, very helpful solution for the marketplace!!
==================================================================
https://www.wavesys.com/malware-protection
https://www.wavesys.com/products/wave-endpoint-monitor
Hartford HealthCare Data Breach May Have Compromised Patient Information
https://www.nbcconnecticut.com/news/local/hartford-healthcare-data-breach-may-have-compromised-patient-information/2255019/
Hartford HealthCare announced on Monday that their system was recently the victim of a phishing attack that may have compromised patient information.
The company said on February 13 they were made aware of concerning activity tied to two employee email accounts. Investigation by a technology forensics team found that someone gained access to the accounts between February 13 and 14. At least one of the accounts included personal patient information, including names, dates of birth, medical records, and other health and insurance information. In 23 cases, the information including a social security number.
Hartford HealthCare said it is notifying the 2,651 affected patients by mail. The company will offer two years of free credit monitoring for the 23 patients whose social security numbers were affected by the breach.
The breach did not affect Hartford HealthCare's electronic medical records, the company said.
"Hartford HealthCare deeply regrets that this incident occurred. We value the trust our patients place in us and take seriously our role in safeguarding the personal and medical information of our patients," the company wrote in a statement.
==================================================================
Without a list of passwords (by using Wave VSC 2.0) and secure credentials from the TPM that transparently connect to websites, employees would not be inputting credentials into a well disguised phishing website!!
Just think what Hartford Health Care could have saved themselves in reputation, and costs by using preventative cybersecurity such as Wave VSC 2.0. Many others in the Wave community must believe there are a lot of other organizations that could avoid what Hartford Health Care is going through by using Wave VSC 2.0 and Wave solutions!!! Wave solutions does so much more and the link to the great technologies is below!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
New York Investigating Hack of State’s Computer Network
Intrusion prompts state to install additional security software and reset thousands of passwords
https://www.wsj.com/articles/new-york-officials-investigating-hack-of-states-computer-network-11586817005
=================================================================
If New York and other states were using Wave VSC 2.0 resetting thousands of passwords would not have been necessary!!! Better security at less than half the cost!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
San Francisco Airport Cyber Attack Confirmed: Windows Passwords Stolen
https://www.forbes.com/sites/daveywinder/2020/04/11/san-francisco-airport-cyber-attack-confirmed-windows-passwords-stolen/#11f111ca25b9
==================================================================
Wave VSC 2.0 could have protected San Francisco Airport and probably many other airports by making so the credentials were not allowing the hackers to log in since the hackers would not have had the computer (TPM) to log in. They would also need the PIN instead of a password!!!
With Wave, the stolen usernames and passwords would be a thing of the past since known and approved devices would only have access to sensitive data such as usernames and passwords!!!
With Wave's experience in managing TPMs and Wave VSC 2.0 - better security at less than half the cost, MANY ORGANIZATIONS should be excited about choosing it!! There are also many other GREAT facets to Wave's solutions!! Please see all of Wave's solutions at the link below!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay
https://www.theregister.co.uk/2020/04/10/lockheed_martin_spacex_ransomware_leak/
Anti-mortar system specs, legal paperwork, payment forms, and more, dumped online from infected PCs
Internal confidential documents belonging to some of the largest aerospace companies in the world have been stolen from an industrial contractor and leaked online.
The data was pilfered and dumped on the internet by the criminals behind the DoppelPaymer Windows ransomware, in retaliation for an unpaid extortion demand. The sensitive documents include details of Lockheed-Martin-designed military equipment – such as the specifications for an antenna in an anti-mortar defense system – according to a Register source who alerted us to the blueprints.
Other documents in the cache include billing and payment forms, supplier information, data analysis reports, and legal paperwork. There are also documents outlining SpaceX's manufacturing partner program.
The files were siphoned from Visser Precision by the DoppelPaymer crew, which infected the contractor's PCs and scrambled its files. When the company failed to pay the ransom by their March deadline, the gang – which tends to demand hundreds of thousands to millions of dollars to restore encrypted files – uploaded a selection of the documents to a website that remains online and publicly accessible.
Visser is a manufacturing and design contractor in the US whose clients are said to include aerospace, automotive, and industrial manufacturing outfits – think Lockheed Martin, SpaceX, Tesla, Boeing, Honeywell, Blue Origin, Sikorsky, Joe Gibbs Racing, the University of Colorado, the Cardiff School of Engineering, and others. The leaked files relate to these customers, in particular Tesla, Lockheed Martin, Boeing, and SpaceX.
When asked about the dump, a Lockheed Martin spokesperson told us: "We are aware of the situation with Visser Precision and are following our standard response process for potential cyber incidents related to our supply chain.
"Lockheed Martin has made and continues to make significant investments in cybersecurity, and uses industry-leading information security practices to protect sensitive information. This includes providing guidance to our suppliers, when appropriate, to assist them in enhancing their cybersecurity posture."
Visser Precision did not respond to a request for comment on the leak. Tesla, SpaceX, and Boeing did not respond either.
This is not the first time the DoppelPaymer crew has publicly shared stolen confidential data after a victim failed to pay the ransom demands. In fact, the crooks have a regularly updated website full of internal documents belonging to organizations that didn't cough up, though admittedly most are significantly less interesting than the Visser Precision cache.
The dumps are intended to scare others who are infected with the ransomware into paying the group's demands. The Register will not be linking to the site.
For what it's worth, the DoppelPaymer gang vowed to lay off attacking hospitals during the coronavirus pandemic. Whether or not this promise was honored is another question.
While law enforcement agencies and security experts uniformly agree that paying a ransom demand is a bad idea and poor substitute for keeping offline backups and properly securing data, some experts have conceded that, when it's your corporate data on the line, caving in and paying up can be an option. ®
==================================================================
SEDs should be the standard in at least critical industries to STOP ransomware!!! SEDs and Wave SED management could protect organizations from ransomware!!! Wave solutions could prevent the costs and stress associated to the ransomware for organizations. This article is highly alarming for organizations refusing to pay the ransom which the government recommends.
==================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Enterprises choose Wave to manage SEDs
Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.
SEDs are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to encrypt. They also perform this encryption in the hardware of the drive, so you don’t end up with the performance issues software full-disk encryption is infamous for. SEDs are available as HDD or SSD, and are sold by most major drive manufacturers.
Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.
Easy proof of compliance
Your encryption is only as good as you can prove it to be. To comply with most data protection regulations, your organization has to prove encryption was in place at the time of a potential breach. Wave provides secure audit logs to help you demonstrate compliance.
If you lose a device with a Wave-managed SED, there’s no wondering or guessing. You know encryption was on by default, and you can prove it.
No vendor lock-in
SED technology was created and standardized by a consortium of the best in the infosec industry, a standards body called the Trusted Computing Group (TCG). This means you can buy your drives wherever you want, from whatever vendor you want—any SED built to the TCG’s Opal specification can be managed by Wave.
No SEDs yet? No problem.
If your organization hasn’t yet deployed SEDs, you can skip the process of retro-fitting and simply incorporate SEDs on all new laptops as part of your regular refresh cycle. In the meantime, the same Wave console can manage BitLocker and SEDs, so you can protect the devices you have now with BitLocker and add those with SEDs as they are deployed. And if you’re using Wave’s cloud platform, you can also support OSX FileVault2.
Pick your platform
Wave SED management is available via the cloud or on-premise servers. Ask us for more details about which platform is right for your deployment.
Key Features:
Easy security compliance
• Active monitoring, logging and reporting of all user and device events
Data protection
• Local changes are prohibited
• Drive locking is supported in sleep or standby (S3) modes
• Manage clients inside or outside the firewall and on non-domain machines
Simplicity
• Everything is automatically encrypted—users don’t have to identify which data is sensitive
• Windows password synchronization and single sign-on
• Add or remove users remotely
• MMC snap-in is familiar and easy—less administrator training
• Role management allows delegation of tasks with customized or predefined roles.
No compromises
• Encryption is completely transparent to your users—they won’t even notice it's there
• Customizable pre-boot message at authentication screen
NIST makes ‘major’ changes to mobile device security guidelines
https://www.fedscoop.com/nist-mobile-device-security-guidelines/
That the National Institute of Standards and Technology released its revised mobile device security guidelines during a time of increased telework is purely coincidental — but also fortuitous.
The guidelines hadn’t been updated since 2013, and much has changed across the enterprise mobile device landscape in those seven years, Gema Howell, IT security engineer at NIST, told FedScoop.
Howell and her fellow authors began the revision process at the end of 2018, keeping the draft document’s structure largely the same: mobile device characteristics, threats, security tools, and deployment lifecycle.
“This is really focused on device-side threats, considerations and things you can do on the device,” Howell said. “What we want folks to be aware of are the many changes in the industry and the solutions available to them to help secure their mobile devices that are being used during this telework time to access their enterprise resources.”
The authors made “major” changes to the threat landscape section, mapping high-level threats to NIST’s Mobile Threat Catalogue while also addressing privacy implications, Howell said.
Mobile applications are increasingly problematic because they can allow adversaries attack vectors to sensitive information, especially the more apps there are on a device, she added.
Authors also addressed how mobile authentication is no longer simply a four-digit personal identification number but can involve biometrics that users might not even be aware exist.
More nuances to device deployment
The guidelines also include a more detailed outline of the mobile device deployment lifecycle:
• Identifying mobile requirements, which now involves choosing a use case.
• Reviewing inventory.
• Picking a deployment model — enterprise use only or bring-your-own-device.
• Selecting Android, iOS or both.
• Determining the needed security tools.
“The previous document focused a lot on one particular technology that was available back then, which was a mobile device management solution (MDMS),” Howell said. “Today we have a lot more options.”
MDMS may be referred to as “enterprise mobility management solutions” now. And there is also the mobile application vetting service, which monitors apps for risky behavior, and mobile threat defense, which informs the user of device-, app- or network-based threats.
NIST also added a second step to the mobile device deployment lifecycle: performing a risk assessment.
The draft document is open to public comment through June 26, 2020, after which NIST will review feedback and update the guidelines before releasing either a second or final version.
Initial feedback has largely been positive with requests for minor edits and the inclusion of related topics like how mobile devices connect to zero-trust networks, Howell said.
“So far, with the feedback that we’ve received, it seems it will go final,” she said. “But it’s hard to tell because we’re still in the beginning stages of the public comment period.”
==================================================================
Wave Joins ARM TrustZone Ready Program
Committed to Helping Chip Manufacturers Implement Industry Standard Security for Mobile Platforms
https://www.wavesys.com/buzz/pr/wave-joins-arm-trustzone-ready-program
Lee, MA -
September 26, 2012 -
Wave Systems Corp. (NASDAQ:WAVX) today announced that it has joined the ARM TrustZone® Ready Enablement Program to provide support and infrastructure for implementing enterprise security capabilities in mobile devices. As a partner in the program, Wave joins other industry leaders in helping chip manufacturers design and implement new industry standard security capabilities within ARM’s TrustZone architecture to enable full cross-platform interoperability across PCs, tablets, smartphones and other mobile devices.
TrustZone Technology (developed by ARM, the world’s leading semiconductor IP supplier) is a System-on-Chip security concept that involves a hardware-isolated space for a Trusted Execution Environment (TEE). Once integrated, core security services such as cryptography, storage and user interfaces can enable services to be deployed with a new level of security and convenience.
The primary goal of ARM's TrustZone Ready enablement program is to guide chip and device manufacturers to design robust, industry-certified security architecture into their products that will meet the needs of service providers looking to deploy secure services on secured platforms. Companies that implement system-wide security into their platforms can benefit from this program through a cohesive set of design blueprints, market requirements, and checklists aligned with industry standards.
“Smart phones, tablets and other devices are essential for today’s enterprise, and require access to sensitive applications and data. While these devices have excellent security for the mobile operator’s services, they lack basic security for use within an enterprise network,” commented Steven Sprague, Wave’s CEO. “ARM, with the TrustZone Ready Program, is taking the lead in making sure that standards-based security implemented in the TrustZone Trusted Execution Environment (TEE) is integrated into chipsets for mobile devices. Wave is committed to sharing its expertise in Trusted Platform Module (TPM) implementations, application development and trust infrastructure support.”
“Wave’s infrastructure for managing TPM and TPM-mobile-enabled devices will allow enterprise users to exploit the full capabilities of Trusted Computing Group standards across multiple device types,” added Jon Geater, Director of Technology for ARM Secure Services Division and Board Representative of ARM at GlobalPlatform. “ARM welcomes Wave into the TrustZone Ready Program as a valuable partner that will bring secure enterprise services to TrustZone secured devices running GlobalPlatform Trusted Execution Environments.”
Eliminating passwords, Providing Health Measurements for mobile devices
The TPM, shipped on more than half a billion PCs, is a cryptographic component built on specifications from the Trusted Computing Group. The TPM brings strong, enterprise-grade security features to consumer devices that are widely deployed in enterprise networks. The TPM for mobile devices is uniquely designed to support the security needs of multiple stakeholders, allowing enterprises to provide strong security in end-user applications, satisfy the security requirements of third-party application developers, and support other parties.
With a TPM Mobile implemented within the hardware-based security boundaries of ARM’s TrustZone and protected by a full function Trusted Execution Environment, enterprises will be able to take advantage of the strong security of the TPM in the following ways:
• Protect corporate devices and user identities
• Measure and attest to the integrity and health of the mobile device
• Implement secure network access
• Provide secure messaging for corporate traffic
• Reduce the need for user passwords, with reliance on the device itself as a strong authentication token for access to services and data, including cloud-based functions.
• Offer central control over devices which are lost or stolen to protect sensitive data
Increased emphasis on trusted computing is driving the security industry toward hardware-based technologies that offer improved access control, encryption, and the early detection of malware. With Wave’s industry-leading trusted computing solutions, customers are empowered to secure endpoint data, protect data-in-motion and ensure that only trusted devices gain access to the enterprise network. Wave’s solution will provide enterprises with cross-platform interoperability between PCs and mobile devices for trusted computing-based functions and applications.
=================================================================
AN IDEA WHOSE TIME HAS COME!!! Wave could play a big role in the flourishing of real mobile security!!!
Phishing emails impersonate the White House and VP Mike Pence
https://www.bleepingcomputer.com/news/security/phishing-emails-impersonate-the-white-house-and-vp-mike-pence/
==================================================================
Microsoft: Cyber-Criminals Are Targeting Businesses Through Vulnerable Employees
https://www.infosecurity-magazine.com/news/cybercriminals-targeting/?utm_source=dlvr.it&utm_medium=twitter
Microsoft has warned that cyber-criminals are preying on people’s vulnerable psychological states during the COVID-19 pandemic to attack businesses. During a virtual press briefing, the multinational technology company provided data showing how home working and employee stress during this period has precipitated a huge amount of COVID-19-related attacks, particularly phishing scams.
Working from home at this time is very distracting for a lot of people, particularly if they are looking after children. Additionally, many individuals are in a stressful state with the extra pressures and worries as a result of COVID-19. This environment is providing new opportunities for cyber-criminals to operate.
“We’re seeing a significant increase in COVID-related phishing lures for our customers,” confirmed Ann Johnson, corporate vice-president, Microsoft. “We’re blocking roughly 24,000 bad emails a day with COVID-19 lures and we’ve also been able to see and block through our smart screen 18,000 malicious COVID-themed URLs and IP addresses on a single day, so the volume of attacks is quite high.”
Johnson therefore urged businesses to adapt and step up security practices in this environment. She noted that in the rush to get employees set up working from home productively, putting in place more stringent measures has been something of an afterthought for many businesses.
“It’s important to educate users and tell them to pause and think before they click on a link, and the second thing we’re telling organizations is that they need to enable multi-factor authentication for 100% of users, 100% of the time, because if their users are stressed, they are going to click on those links and potentially give away their credentials,” added Johnson.
In the briefing, Microsoft stated that the countries most targeted by COVID-19 attacks have been China, the US and Russia, followed by Japan and parts of Latin America. The global technology giant has also seen signs that the volume of attacks is beginning to normalize over the past few days.
==================================================================
Only a Quarter of Orgs ‘Focus’ on Cyber-Attack Prevention
https://www.infosecurity-magazine.com/news/quarter-orgs-focus-prevention/?utm_source=dlvr.it&utm_medium=twitter
A new report from the Ponemon Institute has revealed that just 24% of organizations focus on optimizing cyber-attack prevention capabilities, despite 70% of security professionals believing that the ability to effectively prevent attacks strengthens security posture.
The research report, The Economic Value of Prevention in the Cybersecurity Lifecycle, sponsored by Deep Instinct, compiled survey responses from over 600 IT and IT security practitioners within organizations and revealed that a large percentage of companies prioritize cyber-attack detection and containment over prevention methods.
For example, according to respondents, whilst 79% of security budgets are being allocated to detection, containment, recovery and remediation activities, just 21% gets dedicated to prevention, even with 80% of those polled stating that prevention is the most difficult thing to achieve in the cybersecurity lifecycle.
The study determined that effective adoption of a preventative solution, when compared to the current spending of security departments and the cost of attacks, would result in significant cost reductions and require lower overall investment.
“This study shows that the majority of companies are more effective at containing cyber-attacks after they happen because it is perceived to be more accountable. This explains why cybersecurity budgets focus on containing attacks rather than preventing them, as well as the increased rate of breaches despite investments in cybersecurity solutions,” said Dr Larry Ponemon, the Chairman and founder of the Ponemon Institute.
“Prevention of cyber-attacks is perceived to be too difficult, but as companies continue to suffer revenue losses due to cyber-breaches, we expect budgets to start allocating increased resources to preventative solutions.”
Guy Caspi, CEO and co-founder of Deep Instinct, added that most companies still operate under a policy of ‘assume breach,’ believing that it is more pragmatic to contain a cyber-attack after penetration.
“This is no longer an economically viable long-term strategy,” he said. “The value of prevention is clear – for any type of attack, prevention saves significant time and money.”
=================================================================
PREVENTION OF CYBERATTACKS AND PHISHING: CHECK OUT THE LINKS BELOW FOR THAT AND BETTER SECURITY AT LESS THAN HALF THE COST!!!
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Banks should be cautious with use of AI in cybersecurity
https://www.finextra.com/newsarticle/35582/banks-should-be-cautious-with-use-of-ai-in-cybersecurity
Cybersecurity technology is rapidly evolving and adapting to changing threats thanks to machine learning. However, AI is just one part of handling cyber threats, and financial institutions should be cautious about placing full reliance on it.
Finextra Research recently collaborated with experts in the field to produce a report on the future of cybersecurity and predictions for the industry in 2020 and beyond.
Artificial intelligence receives a huge amount of attention for its impact on financial services. The use of AI is already in evidence across numerous areas of the industry, and experts predict that use cases in cybersecurity will accelerate in 2020.
“I think there is an interesting shift, with organisations trying to benefit from using robotics to automate processes and leveraging AI to help problem solve or improve or enhance customer experience and building out their capabilities internally in that space,” says Steve Holt, partner at EY.
Holt explains how organisations have historically used behavioural analytics as an early warning system, to spot when they have suffered a hack, and predicts new technology will be harnessed to enhance these mechanisms.
EY also witnesses its clients using machine learning systems that can build a profile of courses of action for when a threat is detected. This enables them to generate playbooks and speed up the response time from tens of minutes down to single-digit minutes.
“This is real efficiency gain for financial institutions,” says Bence Horvath, a director in EY’s EMEIA Cyber Centre of Excellence. “I think this is one of the biggest areas that we’re going to see a jump in the next year.”
“Also, data has been called the “new oil”, and using threat intelligence, open source information, and other tools will help enterprises gain better access and understanding of their data - and use that understanding to enhance their security posture.”
The ever-moving target
Financial institutions must be prepared however for cybercriminals’ methods countering new defences with continuing evolving means of their own.
Instead of executing cyberattacks with the intention of stealing money or making fraudulent payments, cyber criminals may target the machine learning processes, embedding fraudulent mechanics into the way the AI engines work.
“One of the big concerns, especially at the regulatory level for the future, is ultimately the underlying data integrity,” Holt says.
“So, if the attackers don’t do big enormous payouts immediately but attempt to alter the underlying data, how would that be spotted?”
Therein lies the danger for financial services companies which are overly optimistic about the potentials for AI in cybersecurity. Dries Watteyne, head of SWIFT’s cyber fusion centre, urges caution in this area.
“When talking about the potential of machine learning, I think we shouldn’t forget everything we achieved to date without it.”
“I’m very pragmatic about these things. We hear a lot about AI, but I think we’re still waiting for the big success stories. So, I think 2020 will be another year of moving into that space, but it might be 2021 before we really see big developments in my view.”
Watteyne compares evangelism around the potentials of AI in cybersecurity to excitement about what a calculator can do when one is faced with a “2+2” sum. Getting the basic things right with basic business processes must be the number one priority.
“I think there’s still a lot to be done around basic security hygiene, and companies need to continue to focus on getting this in place first.”
The full report, The Future of Cybersecurity: 2020 Predictions, looks at the changing methods of cyber criminals, the growing challenges that they pose and the evolving methods that experts believe financial institutions will use to defend against them.
=================================================================
If only known and approved devices were allowed to access the sensitive data on the network, the data integrity would be a concern that is solved. In this case Wave solutions would work better than AI on keeping good data integrity!!! I'm sure that someone has thought of this already like a lot of my posts. But the writer of this article doesn't appear to be aware of Wave's capabilities!!
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
https://www.wavesys.com/
A current WhatsApp hack could put your friends and family at risk
https://www.androidauthority.com/whatsapp-account-hack-1100793/
WhatsApp is one of the best messaging services you can use. It’s been around for more than 10 years, and people all around the world use it every day. Unfortunately, WhatsApp’s popularity makes it a prime target for attackers. That’s exactly what’s happening right now as a current WhatsApp hack is putting users’ accounts at risk.
What is the WhatsApp hack?
According to The Telegraph, Bad actors have been stealing WhatsApp accounts through what’s called social hacking. This is when attackers use already hijacked Facebook, Instagram, Telegram, etc. accounts to contact victims, posing as their friends or family.
An attacker pretends they are having a difficult time getting into their WhatsApp accounts, and trick the victim into handing over their WhatsApp security verification code by claiming it’s the attacker’s. This social hack gives the bad actor full access to the victim’s WhatsApp account, which they can then use to manipulate the victim’s other friends and family into giving them money, sharing their bank account numbers, etc.
Although this WhatsApp hack has been used before, it’s particularly harmful right now since attackers can use the current coronavirus pandemic as leverage when conning victims’ friends and family. The Telegraph reports that hackers are currently using it across the UK, but there is no reason why they couldn’t use it elsewhere.
How to protect yourself
WhatsApp has yet to find a way to fix the issue. For now, the company tells its users not to share security verification codes with anybody, including loved ones.
We recommend implementing two-step verification within your WhatsApp account for further protection. Setting this up is easy. Just navigate to Settings > Account > Two-step verification. This will prompt you to create a six-digit pin for whenever you add WhatsApp to a new device. You’ll also add your email address just in case you forget your PIN.
If an attacker still gets access to your account, getting it back isn’t too difficult. You can get back your stolen account by signing back into your WhatsApp account and re-verifying your phone number as laid out in WhatsApp’s FAQ pages.
=================================================================
With a technology like Wave Knowd tested under the auspices of NSTIC, it makes a WHOLE LOT OF SENSE for Facebook to USE WAVE KNOWD for PROTECTING IT'S USERS and ITSELF!!! THIS TECHNOLOGY HAS JUST BEEN AHEAD OF IT'S TIME!!!
=================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Windows 10 Security: Change Your Password To A PIN, Says Microsoft
https://www.forbes.com/sites/daveywinder/2020/04/04/next-windows-10-update-to-recommend-users-change-passwords-for-pins/#216fb15964c6
==================================================================
Organizations can have what's in the article (2FA) NOW with Wave VSC 2.0, and with a company (Wave) that was BORN to EFFECTIVELY and SUCCESSFULLY manage TPMs. Go with Wave, go with BETTER VALUE!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
Zoom security bug lets attackers steal Windows passwords
https://sea.mashable.com/tech/9861/zoom-security-bug-lets-attackers-steal-windows-passwords
==================================================================
Excerpt:
If a user clicks on such a link, Window will leak the user's Windows login name and password.
==================================================================
Even if the credentials are leaked, the hacker would need the user's computer to access the data if WAVE VSC 2.0 is being USED!!! ANOTHER IMPORTANT use of the TPM and PIN in WAVE VSC 2.0!! Wave solutions should be an essential part of organizations defensive cybersecurity strategy!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
Marriott discloses data breach affecting 5.2 million guests
https://www.cyberscoop.com/marriott-data-breach-2020/
Marriott International on Tuesday revealed a data breach affecting an estimated 5.2 million hotel guests, the second significant security incident to hit the hospitality giant in the last 16 months.
The breach exposed guests’ personal information such as names, addresses, employer, and loyalty account numbers, the company said in a statement. The login credentials of two Marriott employees were used to access guest information in activity that began in mid-January, the statement said.
Marriott said it detected the compromise at the end of February and confirmed the credentials had been disabled.
“[W]e currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers,” Marriott said. An investigation is ongoing.
Hotel chains are a natural target for both criminals looking to sell guests’ personal information and spies looking to track government officials.
In November 2018, Marriott announced a bigger breach of its Starwood Hotels database that affected hundreds of millions of guests. U.S. officials have accused Chinese hackers of carrying out that breach, an allegation Beijing denies.
==================================================================
Marriott shows you TWICE that Wave solutions are still needed in the marketplace. If the Marriott was AWARE of WAVE years ago and used WAVE, and MANY other organizations used WAVE too, they wouldn't have had their DATA BREACHED!!! REPORTED or (MANY) NOT REPORTED breaches would GO AWAY if Wave solutions were being USED EXTENSIVELY in the MARKETPLACE!!! In the case of Marriott, they could AVOID a THIRD STRIKE BY USING WAVE!!! The links below show how Wave PROTECTS organizations' important DATA!!! The last link is important as well!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/virtual-smart-card-2.0-from-wave
Cyber-threats are everywhere, but with Wave Virtual Smart Card 2.0 (Wave VSC 2.0) enterprises have a hardware-based, tokenless, two-factor authentication security solution with the security of a hardware token solution and the convenience and cost savings of a software token solution.
Wave VSC 2.0 delivers strong two-factor authentication using the Trusted Platform Module (TPM), the embedded security chip built into enterprise PCs. Wave empowers IT with management of the TPM and VSC 2.0. Companies successfully use Wave VSC 2.0 to secure VPN access, web applications and other certificate-based applications, like Wi-Fi with 802.1x, remote desktop, or Windows-user login. Use the security that’s already been deployed and save money with Wave VSC 2.0.
Every month we see headlines highlighting mammoth breaches (i.e. EBay, JP Morgan Chase, Sony, Target, etc…). In each case, millions of records were stolen, corporate images were tarnished, and enormous costs were incurred as a result. And equally disturbing, more often than not the attacks go undetected and as a result important information is stolen.
=================================================================
https://www.wavesys.com/data-protection
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Password vulnerability at Fortune 1000 companies
https://www.helpnetsecurity.com/2020/03/25/password-reuse-companies/?utm_campaign=Social%20-%20Third%20party&utm_source=twitter&utm_medium=social&utm_content=Helpnet-Security-SC-2020-F1k-Report
Despite often repeated advice of using unique passwords for online accounts – or at least the most critical ones – password reuse continues to be rampant. And, according to breach discovery firm SpyCloud, employees of the Fortune 1000 are just as bad about reusing passwords as the rest of us.
Compromised credentials
The company has combed through their database of breach data for data tied to Fortune 1000 companies, analyzed it and found that employees in media companies are the worse when it comes to password reuse (rate of reuse: 85%), and those is retailing the best (53%), although even they still reuse passwords way to much.
They also found that the credentials of 127,083 C-level Fortune 1000 executives are available on the criminal underground and that, on average, companies in the Hotels, Restaurants & Leisure sector have the most exposed C-level executives.
“The most common passwords for the Media industry are mostly unprintable. But for Fortune 1000 employees with family-friendly passwords, popular themes include first names, company names, and simple strings of numbers and letters (123456, abc123, password),” they added.
“While most of these examples would fail to pass basic corporate password policies, people tend to transform a base password in predictable ways to bypass complexity rules. For example, ‘password’ might become ‘Password1’ or ‘Passw0rd!’ at work. Unfortunately, criminals are well-aware of these patterns, and sophisticated account checker tools make it easy for criminals to test variations of exposed passwords at scale.”
Other compromised assets
Personally identifiable information, phone numbers, geolocation data, financial information, social media accounts, and secret answers to security questions also get compromised and exposed online.
This data can be used by cybercriminals to steal a victim’s identity, create credible spear phishing messages, submit fraudulent applications, perform SIM swapping and phone porting, make fraudulent purchases, drain funds from accounts, connect the dots between personal and corporate identities (and use that info for targeted attacks), and more.
Interestingly enough, SpyCloud found that employees in the telecommunications sector have the highest average numbers of exposed PII assets, phone assets, geolocation assets, and plaintext corporate credentials per company.
“Although the companies within this sector are large, with an average of about 74,000 employees per company, employee totals do not account for the disparity,” they noted.
“It’s possible that employee tenure could have something to do with the sector’s high exposure levels. Employees who have owned their corporate email accounts for many years would have had plenty of opportunities to use them on third-party sites. Conversely, high levels of churn could also potentially play a part, with many short-term employees racking up a few exposures each before moving on.”
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
==================================================================
Fortune 1000 companies are MISSING OUT on a SOLUTION such as Wave VSC 2.0!!! If only a Wave marketing team or individuals with knowledge of Wave POINTED the above information out to them!!!