Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Fraudulent Transactions a Bigger Worry for Online Retailers During #COVID19
https://www.infosecurity-magazine.com/news/fraudulent-transactions-online/
==================================================================
Wave and Bell ID Partner to Combat Online Payment Fraud
EMV card-present transactions enabled for E-Commerce by integrating TPM technology.
http://www.wavesys.com/buzz/pr/wave-and-bell-id-partner-combat-online-payment-fraud
Lee, MA -
July 31, 2014 -
Wave Systems Corp. (NASDAQ: WAVX) announced it is partnering with chip lifecycle management solutions company, Bell ID, to offer a joint solution aimed at reducing online payment fraud. The solution will be marketed primarily to card issuing banks, as well as online merchants, governments, and enterprises worldwide.
Using Bell ID’s Trusted Service Manager and Secure Element in The Cloud (SEiTC) server, alongside Wave’s ERAS for TPM management and Wave’s endpoint identity and monitoring expertise, the combined offering provides robust protection for transactions and stored payments. The companies have executed a letter of intent and anticipate the signing of a definitive agreement in August.
The incident rate of card-not-present (CNP) fraud has been growing steadily over the past several years. According to a recent FICO Banking Analytics Blog, CNP fraud now accounts for close to half of all credit card fraud. Countries that have already adopted the EMV® card specification have seen CNP fraud rates increase. In the United States, CNP fraud is expected to rise significantly over the next eighteen months, as the EMV standard is put into effect. The EMV directive, which implements a global standard for a secure chip-based payment application, will make merchants liable for any fraud resulting from transactions on systems that are not EMV-capable.
“Wave’s robust product portfolio is very complementary to Bell ID’s strongly positioned solution set in the financial services market,” said Bill Solms, CEO, Wave Systems. “We see the EMV transition creating high demand for more secure transaction capabilities, and are confident that together we can provide financial institutions with a comprehensive solution for payment authorization and storage.”
“Bell ID has been a pioneer in developing and delivering cloud-based payment platforms,” adds Pat Curran, Executive Chairman at Bell ID. “We also have extensive experience in delivering EMV solutions globally and have witnessed fraud transition online as point-of-sale terminals in face-to-face transactions become more secure. We are therefore delighted to extend our offering with Wave to provide a secure online transaction and storage payment solution, which will mitigate against an expected rise in online fraud and provide a trusted link between device identity and internet services.”
=================================================================
It's amazing that Wave has these incredible technologies with better security, and people are searching for these technologies!!! With all the available communication means, and word of mouth these technologies should be communicated to people and organizations who need them. Wave should be a household name given how helpful their security is!
=================================================================
http://www.wavesys.com/
Retail giant Cencosud hit by Egregor Ransomware attack, stores impacted
https://www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/
=================================================================
The information from Wave below could be a big help!!!
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
IoT Security Bill Nears Passage as New Consortium Tackles Open 5G
https://www.nextgov.com/cybersecurity/2020/11/iot-security-bill-nears-passage-new-consortium-tackles-open-5g/169936/
==================================================================
I'm all for drones and security, but shouldn't we be thinking about issues like ransomware, data breaches, and other cyber attacks and how two technology standards could have a great impact on computer devices being made secure!! Activated TPMs and SEDs (hardware) with the right software (Wave) could lessen these problems dramatically. A good hardware seal of approval for activated TPMs and SEDs on public companies (to start) could put the computer security ecosystem on a much better path! 150+ companies already back these standards. This could be rolled up in this legislation or done by executive order. The Nation needs activated TPMs and SEDs now more than ever. After all, the hardware is already built-in!!!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
Democratic think tank: cybercrime enforcement lacks attention, money and resources
https://www.scmagazine.com/home/security-news/cybercrime/democratic-think-tank-cybercrime-enforcement-lacks-attention-money-and-resources/
=================================================================
Excerpt: One finding from the report that underscores just how rampant cybercrime has become for every thousand reported cyber incidents, only three ever result in an arrest.
=================================================================
What if organizations were using Wave solutions en masse? With enough organizations using Wave solutions, cybercriminals could start to take up new occupations that won't give them headaches because of the frustration of not getting access to organizations' networks because of Wave solutions!!! Thus there wouldn't be as many cybercriminals!!!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
Info of 27.7 million Texas drivers exposed in Vertafore data breach
https://www.zdnet.com/article/info-of-27-7-million-texas-drivers-exposed-in-vertafore-data-breach/
=================================================================
While not the same instance as a unencrypted computer being lost or stolen this is WHAT COULD HAPPEN if computer was not using an SED (Self Encrypting Drive)!!! Organizations should use SEDs and Wave SED management TO AVOID A SITUATION LIKE THIS!!! Many SEDs are already built into computers, they need to be initialized, and Wave can do that with Wave SED management!!!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
==================================================================
Methinks, having Wave Knowd available for users would be one way to help protect against the fraud that you had mentioned with your article. Good article!!!
Most Americans Reuse Passwords for Work Devices
https://www.infosecurity-magazine.com/news/most-americans-reuse-passwords-for/
New research into the security behavior of employees in the United States has found that most Americans reuse passwords on work devices.
A September 2020 survey of 500 full-time US employees by portfolio website Visual Objects found that 63% increased their vulnerability to cyber-attacks by recycling the same passwords for multiple accounts on work devices.
The majority of those surveyed (63%) said that they weren't concerned about where they stored their personal data and were comfortable keeping it on their work devices.
This could be because they see cybersecurity as something that their employer should take care of. Almost all (91%) said that they feel companies are more responsible for cybersecurity efforts than employees are.
A Visual Objects spokesperson commented: "Most companies sent office devices home with employees during COVID-19, allowing workers to intermix work and personal data. Employees risk introducing malware onto work devices when using them for personal activities."
The findings revealed a link between the age of the workers and their attitude to cybersecurity. While only 2% of baby boomers said that they always reuse work-related passwords, 13% of millennials confessed to always using duplicate passwords.
More survey respondents in the baby boomer age group (27%) said that they were not concerned with where they stored their personal data than in any other age group. Only 17% of millennials felt very unconcerned about storing personal data on work devices.
Christine Sabino, a senior associate at data breach claims company Hayes Connor, said that millennials have a natural inclination to keep personal and work information separate.
“[Millennials] have more technological devices, like a personal laptop, tablet, mobile phone, and games console,” Sabino said. “They are less likely to require the use of their work laptop for these [personal] activities.”
More than three-quarters of US workers (76%) said that they felt at least somewhat accountable for ensuring cybersecurity measures were followed at their company.
“Employees have a responsibility to ensure guidelines and processes are followed,” commented Cyphere's Harman Singh.
“Employees must take small actions that have a bigger impact on improving culture, such as appropriately reacting to suspicious emails, calls, or information online.”
==================================================================
I believe Wave has a headline on its website: 'Get rid of your passwords.' Wave VSC 2.0 is simple to use and more secure!! This solution would alleviate the problem that is happening in this article!!! Wave VSC 2.0 (MFA) is very useful, versatile, and effective for organizations and their employees!!!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
Price Dropped on Hacked Educational RDP Details
https://www.infosecurity-magazine.com/news/price-educational-rdp/
Hackers selling network access to 7500 educational establishments have reportedly dropped their asking price.
Reports emerged last week that access was being sold by a threat actor on multiple Russian hacker forums and as well as educational organizations. The package also included access to corporate networks from other verticals, such as entertainment and the bar industry.
In particular, access to the networks via remote desktop protocol was being sold, with the initial bid for the entire package starting at 25 BTC (roughly $330,000) and the buy now option at 75 BTC (about $1,000,000).
In an email to Infosecurity, Kacey Clark, security researcher at Digital Shadows, said these were posted on the Russian-language cyber-criminal forums Exploit and XSS; however, they are yet to receive any responses from other forum users on either platform.
“There are no indications yet as to which entities/organizations are involved, and this will likely remain the case to keep the offering available,” Clark said.
Digital Shadows also confirmed that the threat actor reduced the asking price to BTC 10 (USD 155,300) from BTC 25 (USD 387,000) on November 4, “but this is still a significant amount of money even on these forums, hence why it might be taking longer to sell,” Clark said.
Clark also made the point that whilst the user only registered on the forums relatively recently, they have deposited significant funds into both of their forum accounts, likely in an effort to substantiate their credibility on these forums and justify the legitimacy of their presence.
“Interestingly, they have even sponsored the most recent articles competition on XSS, which indicates they have developed an effective relationship with the administrator on this platform and again highlights their potential prowess,” she said. “Although this does not provide insight into the actual legitimacy of the offering, it likely indicates the vendor is legitimate and credible in their offering.”
Mark Kerrison, CEO at New Net Technologies, said: “Educational establishments could be a particularly tantalizing target for research and intellectual property theft, especially if linked to COVID-19 research. Cyber-criminals are economically rational in their behavior and will price their ‘offer’ of credentials to maximize returns, in the shortest time, for the smallest of efforts.”
Commenting, Matt Walmsley, EMEA director at Vectra, said, as we move to a world of zero trust, identity is the new perimeter, and so access to live credentials makes an attacker’s task significantly easier. “Whether captured from data dumps of inadvertently public repositories, gained through social engineering or through more traditional vulnerability exploitation and network penetration, these credentials offer an open door through which attackers will pay to walk through then move and expand their influence and establish the privileged access needed to meet their nefarious goals,” he said.
=================================================================
Here is another reason to use Wave VSC 2.0 to protect MANY organizations' networks from this potentially awful set of circumstances!!!
=================================================================
wavesys.com
=================================================================
Use Wave solutions, use better security!!!
The Double-Edged Sword of Cybersecurity Insurance
https://www.darkreading.com/edge/theedge/the-double-edged-sword-of-cybersecurity-insurance/b/d-id/1339412
With ransomware on the rise, more organizations are opting to purchase cyber insurance -- tipping off criminals about how much to demand for access back to pilfered systems and data.
Cybersecurity insurance is no longer a luxury. As attacks have accelerated — and become more costly — the idea of hedging against a breach has gone mainstream. The global cyber-insurance market now stands at $7.8 billion, but it's projected to reach $20.4 billion by 2025, according to an October 2020 report from ResearchAndMarkets.
Indeed, companies are incorporating cybersecurity insurance into their overall business strategies, says Alexander Chaveriat, chief innovation officer at Tuik Security Group. But – and should we really be surprised? – cybercriminals have also recognized that where there's insurance, there's opportunity.
"Many gangs do reconnaissance before they pull the trigger on a ransomware attack," Chaveriat explains. "They'll see that the business has $2 million in cyber-insurance, and so they make this their ransom."
At the center of all of this is a harsh reality: Many organizations are opting to pay the ransom. Their desire to get systems up and running fast rather than deal with the time and expense of restoring data — even when the data exists — is fueling decision-making. However, this approach is also driving up the price of policies and contributing to more aggressive tactics. A 2019 ProPublica report notes that insurance companies are contributing to a rise in ransomware attacks by paying ransoms as large as six or seven figures.
Money for Nothing
The uptick in ransomware over the past few years is staggering. Cybersecurity firm Sophos reports that 51% of organizations have been hit by ransomware attacks within the past year, and the total cost to remediate an attack has risen to $761,106 per incident. There has even been a death associated with ransomware.
Just over 40% of cyber-insurance claims now involve ransomware, according to the 2020 "Cyber Insurance Claims Report" from insurance provider Coalition. The firm also reports a 260% increase in the frequency of ransomware among its policyholders. Cyber losses for a typical claim ranges from $1,000 to $2 million, it notes.
"We see many organizations either consider cyber-insurance for the first time or taking a closer look at their current cyber-insurance programs as an effective way to provide some balance sheet protection," says Robert Barberi, director of FINEX cybersecurity and professional risk at global risk management consultancy Willis Towers Watson.
In fact, ransomware is increasingly mentioned in US Securities and Exchange Commission (SEC) filings as a key risk factor. Yet large enterprises aren't the only ones feeling the pain.
"Cyber-insurance plays a big role for organizations that may not have the financial strength to survive a ransomware attack on their own," Barberi explains.
All of this has led to an uneasy reality: Cybergangs, peering inside a company's network or using public sources, can determine the ransom it can afford to pay and adjust the sum accordingly. Making matters worse, crooks increasingly pluck sensitive data — legal information, HR records, intellectual property, for example — and threaten to post it publicly if a company doesn't comply with their ransom demands.
Protection Schemes
There's good news and bad news. Despite cybergangs adopting more menacing and potentially destructive tactics, including cyber extortion, Willis Towers Watson reports that even with claim frequency rising by about 18% in 2020, an effective backup strategy can reduce ransomware costs by upward of 70%, Barberi says.
Nevertheless, the cost of a typical policy renewal is up by 10% to 20% as the industry updates actuarial tables to reflect increased risk and payouts, including an uptick in attacks that has occurred during the pandemic, according to Willis Towers Watson.
"In addition to the continued spike in ransomware attacks, increased incident response costs are driving higher losses for companies in highly regulated industries who experience data breaches because they are requiring more resources to navigate a more complex regulatory landscape, Barberi notes.
Unfortunately, there's no end in sight.
"With so many high-profile recent events, the expectation is that the marketplace for cyber-insurance will continue to harden, especially for companies that don't implement certain compensating controls," Barberi adds.
In fact, ransomware recovery firm Coveware indicates that the average ransomware payment in Q3 reached $233,817, reflecting an increase of 31% quarter over quarter.
Finding an effective solution is difficult. Barberi says that an outright ban on payments — an idea that the US Treasury Department has promoted — would be difficult to implement and introduce unanticipated consequences.
For example, "An outright ban could keep hospitals shutdown for weeks or months, which would have a disastrous impact to patient care," he points out.
Amid all the chaos, the insurance industry is pushing for more stringent cybersecurity measures. This includes policyholders using protections like multifactor authentication, wire transfer verification, specific time frames for installing critical patches, endpoint application isolation, and implementing an effective backup strategy. Some also require cybersecurity training for employees.
"Policies are becoming much more defined and stringent," Chaveriat observes.
Adds Barberi: "Companies that haven't yet implemented these controls, or those who have suffered recent losses, may experience premium increases well in excess of the average increases we're currently observing."
In the end, perhaps only one thing is certain: Insurance will continue to play a key role in protecting companies.
"With bad actors getting more sophisticated and with easier access to malware, ransomware attacks will likely continue to increase in frequency and severity, which, in turn, will continue to increase the demand for comprehensive cyber-insurance solutions," Barberi says.
==================================================================
Use better security, Wave solutions, to avoid ransomware attacks, and avoid large insurance premium increases!!!
=================================================================
wavesys.com
Fifth of UK Firms Planning to Downsize Security Teams
https://www.infosecurity-magazine.com/news/fifth-uk-firms-planning-downsize/
Over a fifth (22%) of UK businesses are planning to downsize their cybersecurity teams, despite COVID-19 pressures giving the function a greater role at the heart of organizations, according to PwC.
The consulting giant polled 3249 business and technology executives globally, including 265 from the UK, in order to compile its Cyber Security Strategy 2021 Report.
It revealed that, although 96% of UK respondents have shifted their strategy due to the pandemic, and half claimed that they will now bake security into every business decision, they’re still lagging globally on several fronts.
In terms of headcount, just 16% of global respondents said they are planning to cut the size of their security team, for example, while 51% said they were expecting to hire more staff, versus 42% in the UK.
Elsewhere, just 38% of UK respondents claimed they were very confident their security budget is being allocated to the right risks, versus 44% globally. However, on the positive side, 56% said they were planning to increase these budgets next year, despite only 36% being confident they are getting a good return on their investments.
PwC cybersecurity chair, Richard Horne, said it was surprising that so many organizations lack confidence in their cybersecurity spend.
“It shows businesses need to improve their understanding of cyber-threats and the vulnerabilities they exploit, while changing the way they think about cyber-risk so it becomes an intrinsic part of every business decision,” he argued.
Another area the UK appears to be lagging behind the rest of the world relates to the role of the CISO. Over two-fifths (43%) of global respondents agreed that there will be more frequent interactions between the CISO and CEO or board, but this fell to 34% in the UK.
All of this matters because COVID-19 is accelerating digital transformation and therefore expanding the potential corporate attack surface for many organizations.
A third (34%) of UK leaders said they plan to accelerate digitalization in light of the pandemic, and a majority cited attacks on cloud services (58%), “disruptionware” attacks on critical business services (52%) and ransomware (50%) as the most likely threats over the coming year, according to the report.
==================================================================
If they used every endpoint with baked-in security (TPM), there wouldn't be so many organizations that lack confidence in their cybersecurity spend!!! PwC did this successfully!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
Hackers Can Grab Passwords By Watching Your Shoulders Move On Zoom
https://www.forbes.com/sites/daveywinder/2020/11/07/surprising-new-zoom-hacking-threat-revealed-what-users-need-to-know/
=================================================================
Excerpt:
When it comes to passwords, the software correctly calls them 75% of the time if they were included in the reference database of one million commonly used passwords.
=================================================================
With all the great things that Wave VSC 2.0 does, the article and the problem in it could be prevented by using Wave VSC 2.0!!!
=================================================================
wavesys.com
=================================================================
Use Wave solutions, use better security!!!
Deloitte's 'Test your Hacker IQ' site fails itself after exposing database user name, password in config file
https://www.theregister.com/2020/11/05/deloitte_hacker_test/
Security quiz site created by advisors includes inadvertent bonus round
Updated A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking.
The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site's mySQL database.
The site invites visitors to "Test Your Hacker IQ" by entering a username. It then poses a series of multiple choice questions about techniques employed by hackers to obtain corporate information. The quiz doesn't cover the possibility of publicly exposed passwords.
The blunder was spotted on Wednesday by Tillie Kottmann, a Switzerland-based IT consultant and developer who uses the handle deletescape. The website was taken down on Wednesday.
Kottmann in August published leaked Intel technical materials as well as SonarQube source code.
The deloittehackeriq.com domain was registered by Tank Design, a Massachusetts-based digital marketing firm, in 2015 and the site includes a 2015 Deloitte Development LLC copyright notice.
Kottmann told The Register that the last commit to its .git repo was in 2017 and said it's not clear how actively the site is being used. The site was first captured by the Internet Archive's Wayback Machine in 2018.
Further compounding the vulnerability of the site, the quiz is hosted on Ubuntu Linux 14.04, which stopped receiving security patches in April last year and is potentially vulnerable to 11 known flaws.
Kottmann said, "Maybe it's worth mentioning that a whole lot of sites, including some other bigger corporations have .git [repositories] exposed on various domains."
The Register asked Deloitte and Tank Design to comment, but we've not heard back. ®
Updated to add
In a statement sent to The Register after this story was published, a spokesperson for Deloitte distanced the firm from the now-removed hacking contest site.
“We are aware of an incident that involved unauthorized access to an interactive game/website which was developed for a cybersecurity event in 2015,” the company spokesperson said.
“The platform is hosted by a third-party and is distinct from any other Deloitte system; there is no impact to any other Deloitte system. The site has not been actively used since 2015 and has now been taken down. We remain vigilant in assessing this incident and other potential cyber threats. We are deeply committed to maintaining cyber defenses that are aligned to best-in-class practices, to investing heavily in protecting confidential information, and to continually reviewing and enhancing our cyber security.”
==================================================================
Several years ago there was a Deloitte executive who had very good things to say about the TPM and its security. If Deloitte was using Wave VSC 2.0 (2FA) or Wave Knowd with the TPM, the situation in the article above could have been avoided. One of their competitors, PwC, was able to see just how effective the TPM was with its 2FA and Wave's software. Deloitte and its customers could benefit tremendously by using Wave solutions!!!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
FBI: Hackers stole source code from US government agencies and private companies
https://www.zdnet.com/article/fbi-hackers-stole-source-code-from-us-government-agencies-and-private-companies/
FBI blames intrusions on improperly configured SonarQube source code management tools.
The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses.
Please see the article at the link above.
=================================================================
Excerpts:
However, some security researchers have been warning about the dangers of leaving SonarQube applications exposed online with default credentials since as far back as May 2018.
At the time, data breach hunter Bob Diachenko warned that about 30% to 40% of all the 3,000 SonarQube instances available online at the time had no password or authentication mechanism enabled.
=================================================================
If authentication from Wave VSC 2.0 had been required to access this source code, there wouldn't be articles like this written. Its hard to believe that governments haven't embraced Wave VSC 2.0 and its usefulness and effectiveness!!! With Wave VSC 2.0 and Wave ERAS, only known and approved devices are allowed to access your network!!!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
==================================================================
GDPR lawsuit against Oracle and Salesforce moves forward
https://www.computerweekly.com/news/252491537/GDPR-lawsuit-against-Oracle-and-Salesforce-moves-forward
Class action suit seeks claims worth more than £10bn over the processing of personal information
==================================================================
What if organizations leave personal data to be stolen because they don't have excellent cybersecurity like Wave solutions to protect the data? The previous post talks about European Consumer groups beginning to sue over data breaches. Salesforce and Oracle are facing expensive lawsuits for 10 to 15 billion. One would figure that with class action lawsuits such as these, many organizations would be demanding better security: Wave solutions in a hurry!!! It's a lot less to pay for Wave solutions up front and protect the organization than wait for a disaster to hit!!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
European Consumer Groups Begin Suing Over Data Breaches
https://www.wsj.com/articles/european-consumer-groups-begin-suing-over-data-breaches-11604658602
Class-action lawsuits for privacy violations are becoming more common in Europe
==================================================================
INTERESTING Article!!!
==================================================================
If organizations were using Wave VSC 2.0, Wave SED management, and Wave Endpoint Monitor (WEM), they wouldn't have the problems that companies in the article will be having with class-action lawsuits. Prepare ahead of time with these Wave solutions, and avoid data breaches rather than paying substantially more later on!!!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
Two-Thirds of Financial Services Firms Suffered Cyber-Attack in the Past Year
https://www.infosecurity-magazine.com/news/two-thirds-financial-services/
================================================================
When you see a statistic like this in the title of the article, it has become common for financial services firms to suffer a cyber-attack. This is just unacceptable. There was a Global Financial Services firm with in excess of 150,000 employees, and after they tested Wave VSC 2.0, they signed up with Wave. It's better security, and this Global Financial Services firm agreed!!!
Why not use solutions that work effectively: Wave solutions!!!
==================================================================
wavesys.com
Fewer than 25 percent of companies deployed adequate security access control systems
https://www.scmagazine.com/home/security-news/fewer-than-25-percent-of-companies-deployed-adequate-security-access-control-systems/
==================================================================
From this survey, it appears that MANY companies could use Wave VSC 2.0!!!
==================================================================
Excerpt: On the plus side, 58.7 percent said they either planned to implement network security monitoring in the next 12 to 24 months or had a pilot project in place.
==================================================================
It seems that unauthorized access to the network is in the headlines quite often, and when affected organizations already had network security monitoring. How successful is the monitoring? Why not try only known and approved devices being allowed to access your network. Instead of the bad guys slipping through to get on the network, they would be kept from accessing it!!
=================================================================
wavesys.com
=================================================================
Use Wave solutions, use better security!!!
23,600 hacked databases have leaked from a defunct 'data breach index' site
https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/
================================================================
Excerpts:
Zdnet was not able to download the entire dataset estimated at around 50GB and 13 BILLION user records.
Currently this data is now being used by other cybercrime gangs to orchestrate spam campaigns and credential stuffing and password spraying attacks against users who might have reused passwords across online accounts.
Even if some of these databases are from old hacks, mega leaks like these are incredibly damaging to the security posture of most internet users.
=================================================================
This article is a great reason to use Wave VSC 2.0 (MFA)!!! Organizations could keep from getting hacked into if they used this Wave solution!!
=================================================================
wavesys.com
=================================================================
Use Wave solutions, use better security!!!
Why Defense, Not Offense, Will Determine Global Cyber Powers
https://www.darkreading.com/edge/theedge/why-defense-not-offense-will-determine-global-cyber-powers/b/d-id/1339237
Darktrace director of strategic threat Marcus Fowler explains what to expect from nation-state attackers in the months to come -- and why kindergarten classes are a good model for solid cybersecurity.
==================================================================
Excerpt: "We need technology like AI to make that split-second decision about what is threatening."
==================================================================
We don't need AI to make split second decisions about what is threatening! What will get missed with these decisions?? What governments really need is only known and approved devices to be allowed access to the network. Therefore, unauthorized (unknown and unapproved devices) don't get access to the network and its data: use Wave solutions, use better security!!!
=================================================================
wavesys.com
Interview: Ian Pratt, HP Security
https://www.infosecurity-magazine.com/interviews/interview-ian-pratt-hp/
=================================================================
Articles like this one are ok, but then you read this:
Rising Ransomware Breaches Underscore Cybersecurity Failures
https://www.darkreading.com/attacks-breaches/rising-ransomware-breaches-underscore-cybersecurity-failures/d/d-id/1339340
Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone.
==================================================================
Lenovo, HP, DELL, and others could use a simpler and more secure cybersecurity set of solutions that gets the job done and in timely fashion: Wave solutions!!!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
Lenovo Q2 2020: Revenue tops $14.5 billion as PC demand climbs
https://www.zdnet.com/article/lenovo-q2-2020-revenue-tops-14-5-billion-as-pc-demand-climbs/
================================================================
The #1 computer maker bundled Wave's software with their computers!!! Lenovo could increase its services business by adding outstanding cybersecurity to its lineup with Wave solutions! The hardware (TPMs and SEDs) is already built-in to computers and Wave/Lenovo can help turn it on and make excellent use of it!!!
=================================================================
wavesys.com
=================================================================
Use Wave solutions, use better security!!!
Cybersecurity threats to corporate America are present now 'more than ever,' SEC chair says - CNBC
https://www.cnbc.com/2020/11/02/secs-jay-clayton-on-cybersecurity-threats-to-corporate-america.html
==================================================================
Coming from the SEC chair, this is a BIG DEAL!! Previous posts could be helpful.
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
Interview: John O’Malley, Director of Cybersecurity, AT&T Cybersecurity
https://www.infosecurity-magazine.com/interviews/interview-att-cybersecurity/
=================================================================
Why did a Global Financial Services company and PwC choose to work with Wave software? It must have partly been due to Wave solutions being very effective. These are two companies with in excess of 150,000 employees each. Managed security service providers (MSSP) could benefit tremendously by using Wave VSC 2.0 and Wave's other solutions. Hardware (TPMs and SEDs) and software are stronger than software only solutions. The Trusted Computing Group (TCG) has been behind the TPM and SED standards for many years. Are the MSSP's aware of the better security in Wave's solutions, and that Wave incorporates the TPM and SED into its security offerings, and that the SEDs and TPMs are built-in security?
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
Technology solutions providers must empower end users to improve cybersecurity standards
https://www.helpnetsecurity.com/2020/11/02/tsp-cybersecurity/
==================================================================
Do the technology solutions providers (TSP) really know about tried/tested cybersecurity standards: TPMs and SEDs? PwC was able to see what a useful and powerful technology Wave software and the TPM is!! Why not share this information with the TSPs? They could have better cybersecurity for their clients!!!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
Ransomware Surge Imperils Hospitals as Pandemic Intensifies
https://www.securityweek.com/ransomware-surge-imperils-hospitals-pandemic-intensifies
Hackers are stepping up attacks on health care systems with ransomware in the United States and other countries, creating new risks for medical care as the global coronavirus pandemic accelerates.
Alerts from US authorities and security researchers highlight a wave of cyberattacks on hospitals coping with rising virus infections.
An unusual warning this week from the FBI with the Departments of Homeland Security and Health and Human Services, underscored the threat.
The three agencies "have credible information of an increased and imminent cybercrime threat to US hospitals and health care providers," said the alert issued Wednesday, calling on health systems to "take timely and reasonable precautions to protect their networks from these threats."
Media reports have cited several US hospitals hit by ransomware.
One of them, the University of Vermont Medical Center, said in a statement Thursday it was working with law enforcement on "a now confirmed cyberattack that has affected some of our systems" which has had "variable impacts" on patient care.
Daniel dos Santos of the computer security firm Forescout said cash-strapped medical centers are particularly attractive targets for hackers and that at least 400 hospitals had been hit in the past few weeks in the US and Britain.
Hackers are aware that "health care is the most likely to pay the ransom because their services are critical," dos Santos said."Stopping services means that people will literally be dying."
For hospitals unable or willing to pay, "it would mean going back to pen and paper, which can cause huge slowdowns," he added.
Forescout said in a report that while many hospitals have upgraded computer systems, most use a variety of connected devices such as patient monitors or CT scanners which "act as the weak links in the network" because they transmit data over insecure channels.
In one sign of the troubles looming, dos Santos and fellow researchers said they discovered data on some three million US patients online, "unprotected and accessible to anyone who knows how to search for it.," the Forescout report said.
- Most targeted -
Ransomware is a longstanding security issue and health care has been a frequent target. A September attack disrupted Universal Health Services, which operates hospitals in the US and Britain.
But security experts say the attacks are accelerating as the pandemic worsens.
Researchers at the security firm Check Point said its survey showed health care has been the most targeted industry by ransomware, with a 71 percent jump in attacks on US providers in October from a month earlier.
Check Point said there have been significant rises in ransomware attacks on hospitals in Asia, Europe and the Middle East as well. Globally, the firm said ransomware attacks were up 50 percent in the third quarter compared with the first half of this year.
Many of the attacks use a strain of ransomware known as Ryuk, which security researchers say may be tied to North Korean or Russian cybercriminals.
The US government warning said health organizations are being targeted by phishing attacks to get access to the systems, with hackers using sophisticated tools including TrickBot software which can harvest credentials and exfiltrate data.
The Canadian government's Cyber Centre issued a similar warning in early October, warning of Ryuk ransomware "affecting multiple entities, including municipal governments and public health and safety organizations in Canada and abroad."
"The ransomware problem is steadily worsening and a solution desperately needs to be found," said Brett Callow of the security firm Emsisoft.
"We believe that solution is a prohibition on the payment of demands. Ransomware exists only because it's profitable. If the flow of cash stops, the attacks will stop and hospitals will no longer be at risk."
==================================================================
With Wave's technology to stop ransomware, there are ways to protect hospitals and other organizations from this terrible problem.
I heard it once nicely said, "Alone we are smart. Together we are brilliant!" Too bad all the Wavoids and Wave Employees couldn't band together somehow to solve the problems that exist that shouldn't exist.
=================================================================
wavesys.com
=================================================================
Use Wave solutions, use better security!!!
Auditors assessing cybersecurity risks
https://www.accountingtoday.com/news/auditors-assessing-cybersecurity-risks-for-boards
==================================================================
PwC used the TPM and Wave software for its 2FA several years ago. PwC didn't appear to be in the headlines with a cyber attack on the company during that time. This help of the 2FA in PwC's cybersecurity with Wave and the TPM could be important information that companies would want to know when audited given it was successful!
Wave VSC 2.0 (2FA) which uses Wave software and the TPM can be set up much faster for organizations than the PwC implementation, partly because now organizations have near 100% TPMs in their computer fleets. Wave VSC 2.0 has a number of advantages over the competition.
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
Marriott fined £0.05 for each of the 339 million hotel guests whose data crooks were stealing for four years
https://www.theregister.com/2020/10/30/marriott_starwood_hack_fine_just_18_4bn/
UK watchdog's mooted £99m penalty comes in at just £18.4m
==================================================================
What has been missing from Marriott is better security and Wave solutions!! Other companies/organizations that are missing better security should try Wave solutions. They'd see what they are missing, and be able to feel confident in Wave's security!!! The previous post was missing some information, and that was 36 BILLION records were exposed. Wave solutions can do better!!!
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
First the Good News: Number of Breaches Down 51% Year Over Year
https://www.darkreading.com/attacks-breaches/first-the-good-news-number-of-breaches-down-51--year-over-year/d/d-id/1339331
But the number of records put at risk experiences a massive increase. Here's why.
In the first three quarters of 2020, the number of data breaches fell to its lowest level in five years, while the number of records put at risk by those breaches skyrocketed to more than four times the level of the same nine months in 2019, according to Risk Based Security's (RBS) latest quarterly breach report.
The massive rise in the number of records exposed during breaches in 2020 is partly due to a handful of large misconfigured databases, RBS states in the Q3 report. Two breaches exposed more than 1 billion records each, and another four breaches put at risk more than 100 million records each.
While the number of breaches is typically a measure of malicious activity, the number of records exposed to risk is generally due to an increase in the discovery of misconfigured databases and services, says Inga Goddijn, executive vice president at RBS.
"When we look at the records exposed, it is important to keep in mind that the real driver behind that is the misconfigured databases and services, where folks find the open data sets, they explore and look around, and then the incident gets reported," she says. "They are more focused on the entire dataset put at risk."
There may not necessarily be fewer breaches, says Goddijn. The different numbers underscore the differences in what can be considered a data breach. RBS defines a data breach as the "unauthorized access to, or loss of control of, confidential or sensitive information," the report states.
In addition, companies hit with ransomware do not always report the incident as a breach, especially if they do not know what data has been copied by the attackers. For the first nine months of the year, RBS researchers found reports of 440 ransomware attacks that also contained a data-breach angle — whether information had been taken or the attacker had access to the information in the course of the attack.
Add to that the uncertainty of the pandemic, which has pushed a lot of breach news from the headlines, and fewer breaches may gain public notice, Goddijn says.
"I hate blaming everything on COVID because everyone does that, but I really do think that there is COVID effect," she says. "Because of world events, less breach news is being surfaced ... and information that does become public is a little bit slower to come out."
RBS also notes the election has spurred the interest of data thieves. Voter databases have appeared for sale in underground forums where stolen data is often sold. A variety of actors were selling data dumps of purported voter databases, including information on 7 million voters from Michigan, 8 million voters from North Carolina, 5 million voters from Washington state, and several files containing information of Florida voters, RBS states in its report.
Since voter registration information is often publicly available, the files do not necessarily represent breaches, but they do underscore that such data may allow attempts to meddle in the US election or enable cybercriminals to craft convincing lures as part of phishing campaigns.
"While much of this data might have been collated from older or publicly accessible sources, the potential dangers are still very real," RBS states in the report. "The increased attention and cooperation between hackers points to a growing interest and overall risk. They would most likely prefer for us to think that hacktivism isn't a real issue, given the current climate, but circulating these types of databases can leave voters feeling vulnerable and feed mistrust of voter systems."
The healthcare industry, information brokers, and the financial industry represent the top three reporting industries for breaches, highlighting how companies with the most personal information are often attacked by cybercriminals.
Companies cannot expect a one-size-fits-all approach to securing their data, Goddijn adds. They should take the effort to assess their risk, create a strategy around that risk, and keep those valuable assets protected.
"I come back to process, process, process," she says. "Your security process needs to be strong. You need to be double checking, triple checking, and having ways to discover those security weaknesses on their own."
=================================================================
Remember years ago when Wave announced a solution to tackle the data breach problem? If Wave was more prevalent, we could very well not be having a data breach problem!! Fast forward a few years and there are billions of records exposed and who knows what goes unreported!! If you are a company worried about your brand or reputation, give Wave VSC 2.0 and Wave ERAS a try! The technology built into these solutions, and TPMs can prevent the bad guys from getting on your network. This keeps the bad guys from being able to access your sensitive data!!!
=================================================================
wavesys.com
=================================================================
Use Wave solutions, use better security!!!
Wisconsin Republicans say last minute hack cost party $2 million meant to reelect Trump
https://www.cyberscoop.com/wisconsin-gop-alleges-late-race-hack-cost-party-2-3-million-from-fund-to-reelect-trump/
Less than a week before Election Day in a vital swing state, Wisconsin Republicans said on Thursday that hackers made off with $2.3 million devoted to reelecting President Donald Trump.
The Republican Party of Wisconsin said it first detected the attack on Oct. 22, then notified the FBI the following day about doctored invoices in the names of its vendors.
“Cybercriminals, using a sophisticated phishing attack, stole funds intended for the re-election of President Trump, altered invoices and committed wire fraud,” the party’s chairman, Andrew Hitt, said in a statement. “These criminals exhibited a level of familiarity with state party operations at the end of the campaign to commit this crime.”
It’s common for hacking victims to claim they were the victims of “sophisticated” attacks, whether the attacks were rudimentary or not. Hitt and a party spokesperson did not immediately respond to questions seeking further details, including any evidence the hack occurred. The FBI said it would neither confirm nor deny any investigation, as its is standard practice, and declined to comment.
The alleged hack comes as Trump is slightly behind in the Wisconsin polls against Democratic challenger Joe Biden, and as the president has laid the groundwork for undermining election results should he lose. Wisconsin, too, has been the setting for court battles over the 2020 election, including a case the Supreme Court decided this week.
News of the incident first emerged in an Associated Press interview with Hitt. Hitt offered additional information in that story, which also reported on Democrats’ fundraising edge in the state.
If the hack proves genuine, it would be the most significant hacking-related incident of this year’s campaign season.
Hitt’s description of what happened matches that of the definition of a business email compromise scam. The FBI’s Internet Crime Complaint Center estimates that between early 2014 and late 2019, BEC scams have cost U.S. businesses more than $2 billion.
BEC scams aren’t usually listed among the top threats to elections or political campaigns, but the Democratic Party of Wisconsin said it, too, has encountered financially motivated attacks.
“According to our IT team, we’ve been the target of over 800 phishing attempts this cycle, with at least half of them seeking financial gains, all of which have been stopped and recorded,” a spokesperson for the party, Philip Shulman, said via email.
The 2016 campaign was of course marked by Russia hacking Democrats’ emails, subsequently leaked in what the U.S. government said was an attempt to influence the election.
The Wisconsin case also isn’t the only time a late-race hacking allegation has surfaced. When Georgia’s then-Secretary of State Brian Kemp was running for the governor’s seat he would eventually win in 2018, he accused Democrats of trying to hack the state’s voter registration system. The Georgia attorney general found no proof of claim.
It’s likewise not uncommon for incidents originally identified as cyberattacks to prove to be something else, as happened in 2018 in Knox County, Tennessee. The Wisconsin GOP said it was still ready for the 2020 stretch run.
“While a large sum of money was stolen, our operation is running at full capacity with all the resources deployed to ensure President Donald J. Trump carries Wisconsin on November 3rd,” Hitt said.
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!
'Act of War' Clause Could Nix Cyber Insurance Payouts
https://www.darkreading.com/attacks-breaches/act-of-war-clause-could-nix-cyber-insurance-payouts/d/d-id/1339317
The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance "is not a get-out-of-jail-free card."
==================================================================
Invest in better security (Wave solutions) so you don't have to encounter lawsuits such as the ones in this article.
==================================================================
wavesys.com
==================================================================
Use Wave solutions, use better security!!!
Survey Uncovers High Level of Concern Over Firewalls
https://www.darkreading.com/vulnerabilities---threats/survey-uncovers-high-level-of-concern-over-firewalls/d/d-id/1339301
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.
A relatively high percentage of cybersecurity leaders apparently perceive most firewall technologies — long a linchpin of enterprise security — as being ineffective in protecting their applications against attack.
The Ponemon Institute recently surveyed 603 US security professionals on their firewall use. The survey, sponsored by Guardicore, asked respondents to evaluate the effectiveness of firewalls in blocking ransomware and a range of other existing and emerging threats.
For purposes of the research, Ponemon defined legacy firewalls as including network appliances, virtual firewalls, and so-called next-generation firewall technologies. The survey encompassed both "stateful" firewalls that inspect incoming and outgoing network traffic and firewalls that integrate threat intelligence, intrusion prevention, application access control, and other features.
The results reveal that organizations are highly unhappy with their current firewall technologies. More than half (53%) of the respondents say they're either moving away from or reducing their dependence on firewalls and looking at other options.
Six in 10 of the security leaders in the survey believe legacy firewalls don't have the capabilities to protect critical application and systems from attack. An identical 60% describe legacy firewalls as being of little help in enabling a zero-trust environment, and 76% say it took them too much time to secure new applications or to change configurations with their legacy firewalls.
"The biggest complaints we're hearing from organizations on legacy firewalls is that they kill speed and flexibility and are not providing the required needs around security," says Dave Burton, vice president of product marketing at Guardicore.
According to Burton, 57% of respondents say they sometimes take as much as three weeks to a month to change firewall rules to accommodate an updated or new app. Sixty-two percent describe the access control policies available with their firewalls as not being granular enough.
Network segmentation — something considered critical to containing damage from a ransomware incident or other attack — is another major issue. "The inability to ensure proper segmentation of east-west traffic is a big reason why we're seeing companies reduce their firewall footprints," Burton says. "Less than half of all respondents trust their legacy firewalls to provide even adequate security for internal data center east-west traffic."
At least partly because of this, results of the Ponemon survey also suggest that legacy firewalls have become something of a roadblock for organizations that want to implement a zero-trust security model.
In a zero-trust model, all access requests to enterprise applications and data are fully vetted and authenticated each time, regardless of whether the request is from inside the enterprise network or outside. Sixty percent of the respondents in the Ponemon survey say their firewall technologies don't support the flexibility and high-speed requirements of a zero-trust environment.
"When it comes to zero trust, the failures of firewalls are intrinsically linked with their inability to rapidly accommodate new access rules and applications," Burton says. "Protecting assets in the cloud and across distributed workforces requires speed and agility, which legacy firewalls simply can't address.
Growing threat sophistication and trends such as cloud adoption and enterprise mobility have exposed some limitations in firewalls and other network security controls in recent years. The trend has focused greater attention on endpoint- and workload-focused security controls.
More than two-thirds (67%) of the respondents in the Ponemon survey, for example, say they are shifting security controls from the network closer to the endpoint and to enterprise workloads, whether on-premises or in the cloud.
"The first thing organizations need to do is realize the limitation of legacy network security technologies like the firewall and stop trying to retrofit network solutions for the way business is conducted today," Burton says. Instead, they need to consider approaches such as microsegmentation to compensate for the limitations in current network security controls, he says.
"Microsegmentation is the technique of inserting security services between two workloads to isolate them from one another and secure them individually," Burton says. "This allows system administrators to deploy flexible security policies that restrict traffic between workloads based on the principle of least privilege."
=================================================================
Instead of spending money on firewalls, spend the money towards Wave solutions which can prevent ransomware, protect against phishing, prevent data breaches, stop the stealing of sensitive data, keep unauthorized devices off your network and more...
=================================================================
wavesys.com
=================================================================
Use Wave solutions and the Wave Alternative, use better security!!!
Trump Campaign Website Defaced by Cryptocurrency Scam
https://threatpost.com/trump-website-defaced/160634/
==================================================================
Imagine if the Trump campaign used computers with Self-Encrypting Drives (SEDs) and Wave SED management!! Imagine further if the computers used Wave VSC 2.0 and Wave ERAS!! They could keep the bad guys from stealing sensitive data off their network by not allowing them on the network. For the Trump campaign and organizations in the same predicament, it's never too late!!!
=================================================================
wavesys.com
=================================================================
Use Wave solutions, use better security!!!
Enel Group hit by ransomware again, Netwalker demands $14 million
https://www.bleepingcomputer.com/news/security/enel-group-hit-by-ransomware-again-netwalker-demands-14-million/
=================================================================
Investing in Wave solutions is a small price to pay to prevent these ransomware attackers from having a field day with your data!! So many companies/organizations have tried other products for ransomware and failed. Why not try solutions that work, Wave solutions!!!
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
Attackers finding new ways to exploit and bypass Office 365 defenses
https://www.helpnetsecurity.com/2020/10/26/exploit-and-bypass-office-365-defenses/
=================================================================
Wave solutions protect against phishing, malware and other network security threats by storing authentication credentials in hardware. Wave solutions can protect against phishing in this article!!! Simple to use and better security!!!
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
78% of Microsoft 365 admins don’t activate MFA
https://www.helpnetsecurity.com/2020/10/27/activate-microsoft-365-mfa/
=================================================================
Wave VSC 2.0 (MFA) is simple to use and could protect Microsoft 365 more easily and securely for users and organizations. Because the MFA for Microsoft 365 is difficult may be why the admins don't activate MFA!!
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
Swedish Authorities, Banks Hit by Security Data Leak: Report
https://www.securityweek.com/swedish-authorities-banks-hit-security-data-leak-report
Details of bank vault floor plans, alarm systems and the security arrangements for Swedish authorities have been leaked online after a security company was hacked, local media reported Tuesday.
A total of 19 gigabytes of information and around 38,000 files were stolen from security group Gunnebo by one or more hackers in August, according to newspaper Dagens Nyheter.
"It's of course unfortunate that we've had a theft of data," Gunnebo CEO Stefan Syren was quoted as telling the paper.
"We are now reviewing the material and in the cases where there is sensitive information we are contacting the client," he said.
Among the leaked documents are details of the security arrangements for the Swedish parliament and confidential plans of the Swedish Tax Agency's new office on the outskirts of Stockholm, the paper said.
Plans for bank vaults in at least two German banks were leaked, while other documents show the alarm systems and surveillance cameras at a branch of the SEB bank in Sweden, it reported.
Headquartered in Sweden, Gunnebo is a multinational company with nuclear power plants, hospitals and airports among its international customers.
The hack was reported to the Swedish Security Service in August.
"We can only speculate on what the target of the attack was, but as we cannot rule out that it was an attempt at industrial espionage, it has been important to follow the regulations and we have therefore decided to inform Sapo," Syren said in a statement at the time.
The company also said it had concluded that the attack was "well organized," but no details of what data had been compromised was disclosed.
AFP has contacted Gunnebo for a comment.
Dagens Nyheter said hacking attacks based on extortion have hit many companies in recent times, in which criminals steal sensitive information and then demand a ransom not to leak the data online.
Neighboring Finland is currently dealing with an unprecedented hack after the private records of thousands of psychotherapy patients were stolen from the private healthcare company Vastaamo.
The records were first used to try to blackmail the company but then emails demanding ransoms were sent directly to patients at the weekend.
=================================================================
Gunnebo and other companies with sensitive data could have helped prevent disasters such as this by using the Wave Alternative!!!
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
Neural Networks Help Users Pick More-Secure Passwords
https://www.darkreading.com/endpoint/authentication/neural-networks-help-users-pick-more-secure-passwords/d/d-id/1339283
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary
==================================================================
Does a user need Neural Networks when he/she and his/her organization should use Wave VSC 2.0?!!! Does the above work with phishers?? Use better security, use Wave VSC 2.0!! Simpler and more secure!!
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Massive Nitro data breach impacts Microsoft, Google, Apple, more
https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/
Please read this interesting article.
==================================================================
It's a shame that data breaches like Nitro's occur when there are cybersecurity solutions like Wave solutions. Wave solutions allows IT to entrust that only known and approved devices are accessing your network. Therefore, unknown and unapproved devices don't get access to the network, and therefore don't get access to 1TB of sensitive data as in this case.
Wave solutions is a small price to pay for what could turn out to be an expensive disaster (70 million user records) if Wave is not used.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Cybersecurity is failing due to ineffective technology
https://www.helpnetsecurity.com/2020/10/23/cybersecurity-is-failing-due-to-ineffective-technology/
Excerpts:
A failing cybersecurity market is contributing to ineffective performance of cybersecurity technology, a Debate Security research reveals.
Based on over 100 comprehensive interviews with business and cybersecurity leaders from large enterprises, together with vendors, assessment organizations, government agencies, industry associations and regulators, the research shines a light on why technology vendors are not incentivized to deliver products that are more effective at reducing cyber risk.
The report supports the view that efficacy problems in the cybersecurity market are primarily due to economic issues, not technological ones. The research addresses three key themes and ultimately arrives at a consensus for how to approach a new model.
Cybersecurity technology is not as effective as it should be
90% of participants reported that cybersecurity technology is not as effective as it should be when it comes to protecting organizations from cyber risk. Trust in technology to deliver on its promises is low, and yet when asked how organizations evaluate cybersecurity technology efficacy and performance, there was not a single common definition.
Please see the rest of the article at the link above.
==================================================================
The Wave Alternative is unique. The technology works effectively and efficiently!!!
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
US Army Base's Twitter Account Hacked
https://www.infosecurity-magazine.com/news/us-army-bases-twitter-account/
Excerpt:
This was not the work of our admins. Our account was hacked.
==================================================================
It would be nice if Bill Solms were still with Wave. The two previous posts relate to this. I don't use Twitter, Facebook, or LinkedIn, but others may find them very effective for things they have learned.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
5 Tips for Fighting Credential Stuffing Attacks
https://www.darkreading.com/edge/theedge/5-tips-for-fighting-credential-stuffing-attacks/b/d-id/1337896
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
Sumit Agarwal takes credit for coining the term "credential stuffing." He served as deputy assistant secretary of defense under President Obama, and in 2011, while working at the Pentagon, he began to notice a pattern of brute-force attacks on public-facing military websites, where threat actors were using credentials, like usernames and passwords, stolen from one site and to gain access to other sites.
Today, Agarwal is co-founder and CTO of Shape Security, and credential stuffing has gone mainstream, making life miserable for security managers in many types of organizations.
"Credential-stuffing attacks are a massive problem today, especially with the extreme shift to online-only services due to COVID-19," says Agarwal. "Something becomes spontaneously popular - we saw this with Disney+ as soon as it came out - and is overwhelmed with targeted credential-stuffing attacks. Any time a service gets any substantial amount of traffic, they see surges in credential stuffing. We're going to see these attacks increase for online grocers, delivery services, and telehealth providers."
Simply put, credential stuffing takes place when cybercriminals obtain stolen credentials through some means – usually on the Dark Web – and then use botnets or other automation tools to try and use these stolen usernames and passwords to gain fraudulent access to multiple, other user accounts.
"Credential stuffing is a type of cyberattack where the hacker attempts to sign into a user's account using usernames and passwords that have been leaked during a data breach," says Charlotte Townsley, director of security engineering at Auth0. "During the attack, a hacker can steal a user's credentials and sell them on the Dark Web for other hackers to purchase. Other hackers can gain access to billions of leaked credentials and use bots to try different combinations of passwords, quickly, into hundreds of accounts from social platforms to banking apps."
"Credential stuffing is really a subset of brute force attacks," adds Adam Darrah, director of intelligence with Vigilante. "The major difference is the fact that threat actors are working with previously cracked or dehashed passwords, and passwords that were compromised by other attack vectors, like keyloggers and other malware, so they already have an attack-ready set of credentials at their disposal. Threat actors utilize a litany of brute force checkers, varying in sophistication, to run targeted account takeover campaigns against corporate infrastructure and websites alike."
Once in, of course, that means corporate sensitive assets could be leaked, or the attacker can possibly gain access to other private accounts or trick unsuspecting colleagues into sharing information. The potential for damage is limitless.
Attacks Are Growing and Easy to Execute
From Agarwal's early days of identifying credential-stuffing attacks on government sites, the problem is now pervasive. The most recent Verizon Data Breach Investigations Report (DBIR) from 2019 finds credential stuffing was used in 29% of all data breaches. And currently HaveIBeenPwned.com (HIBP), a free site that offers data breach notification, has information on nearly 9 billion compromised credentials from hundreds of data beaches.
I's unsurprising that criminals are drawn to it for quick success as its fairly easy today to obtain stolen credentials cheaply.
"The skills required to purchase credentials to a victim's bank account or online retail account could be learned in an afternoon of Google searches," says Darrah. "There are seemingly endless deep and Dark Web marketplaces offering account credentials for as little as $2, depending on the service or website. In some cases, they even offer refunds if the credentials don’t work as advertised."
But there are some tools and techniques security managers can put in place to mitigate credential-stuffing attacks. Security researchers we spoke with recommend the following.
1. Boost user awareness on password management: With many users still reusing passwords across accounts, one place to start is education, says Townsley: "Improving user password habits is a great start in defending against credential stuffing-attacks. Educating employees on best practices and reminding them to change their passwords on a more regular basis can make it harder for hackers to pull off a successful attack."
2. Implement multifactor authentication: Two-factor/multifactor authentication should be enabled on every account where it is allowed and available. This adds another layer that makes it more difficult for a threat attacker to penetrate.
3. Use anomaly detection tools: "These could be either free or enterprise-grade online threat intelligence tools that can help identify risk signals – such as a breached password or a higher than usual number of failed authentication attempts," says Townsley. "These can also be used to determine a sudden or unusual increase in the amount of IP addresses visiting a website – this can be a tip off that there is malicious activity happening."
4. Deploy password managers: Several enterprise password managers are available, free of charge, that can help users create unique and strong passwords for every secure account and can help cut down on the common password reuse problem. A variety of password managers suitable for both enterprises and small businesses alike, are available, among them, according to recent market research from Ovum (now part of Omdia), 1Password Business, Dashlane Business, Keeper for Business, LastPass Enterprise, ManageEngine Password Manager Pro, Pleasant Password Server, and RoboForm for Business are the leaders. Ovum also gave kudos to Bluink, Passwork, Bitwarden, TeamPassword and Passbolt for unique features.
5. Embed security into website design: "Security professionals and web developers can make a threat actor's job a little tougher by ensuring that websites use any available bruting countermeasures, including CAPTCHAs and MFA," says Darrah. "Simple changes to website functionality can also be implemented - the prompt given after a login attempt, for example.”
=================================================================
#246172 was a post on credential stuffing and so this post might help explain that post.
=================================================================
For those who do or do not believe their Twitter account can be hacked, I think this article shows what hackers can do. Check out Wave VSC 2.0 and Wave Knowd which could prevent hackers from hacking your online accounts. Both authentication solutions use the TPM as a factor of authentication to stop hackers. What is a TPM? and "Hardware-based encryption is the key to future proofing", posts 246168 and 246170. Hardware and software is stronger than software only. After reading this article, it becomes quite apparent that the TPM could help in providing better security than what exists on Twitter now! Intended messages may not find their destination without the help of readers. Thank you readers!
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!