Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
A message from BigWave
The shareholders provided a very good livelihood for Michael and Steven Sprague for many years. They know SO MUCH, have many great ideas, and are very creative! Along with Bill Solms, I believe they are the linchpins (if available) for ESW/Wave to be very, very successful. Yes, they didn’t earn a profit while they were at Wave, but the market wasn’t totally saturated with TPMs like it is now. I believe they would be VERY HELPFUL to ESW/Wave and to shareholders as they pursue a Tsunami of success!!!
U.S. charges five in scheme to swindle millions from military personnel
https://www.cyberscoop.com/military-elderly-abuse-stolen-data-veterans/?utm_campaign=CyberScoop%20-%20Editorial&utm_content=99247957&utm_medium=social&utm_source=twitter&hss_channel=tw-720664083767435264
The U.S. Department of Justice on Wednesday announced the indictment of three Americans, an Australian, and a South Korean for their alleged involvement in a plot to steal millions of dollars from current and former American military personnel.
The scheme targeted thousands of people, many of whom were elderly or disabled, and involved the compromise of a U.S. Defense Department portal that military members use to access their benefits online, law enforcement officials said.
Robert Wayne Boling Jr., Frederick Brown, Trorice Crawford, Allan Albert Kerr, and Jongmin Seok were charged with multiple counts of conspiracy, wire fraud, and aggravated identity theft. Three of the accused were arrested in the Philippines, while the other two were apprehended in the U.S. Lawyers for the defendants could not be reached for comment.
The fraud operation allegedly began in 2014, when one defendant, Brown, was working as a “medical records technician” at a U.S. Army base in South Korea. Brown allegedly took photos of names, Social Security numbers and dates of birth of thousands of people affiliated with the U.S. military, then passed that data to three co-defendants based in the Philippines, who accessed victims’ bank accounts, and pension and disability benefits, according to the indictment.
One of the main ways the accused scammers allegedly carried out their fraud was by compromising victims’ Defense Department Self-Service Logon portals, which military personnel use to access more than 70 websites and maintain financial information. With access to these so-called DS Logon pages, outsiders could obtain service members’ personally identifying information (PII), change bank account and routing numbers and intercept other payments.
“The defendants often targeted older military-affiliated individuals, who were less likely to use DS Logon and eBenefits, and disabled veterans, who were more likely to receive larger veterans benefits,” the indictment states.
The amount of money the alleged fraudsters actually stole remains unclear. The indictment says the defendants “caused millions of dollars of actual and attempted losses” to thousands of victims, without specifying the exact figures.
U.S. authorities are working to notify victims of the fraud. They touted the arrest as part of a broader crackdown on elderly abuse.
“Through today’s action, the department is honoring our pledge to target elder fraud schemes, especially those committed by foreign actors using sophisticated means, and to protect the veterans of our great country,” Attorney General William Barr said in a statement.
You can read the full indictment below.
See link for more.
=================================================================
Wave Knowd is a brilliant solution already tested under the auspices of the NSTIC. The damage in the article above could have been avoided if Knowd were implemented in the U.S. government. I believe BS, SKS, and MS could lead the implementation of Wave Knowd in government and other markets!! This brilliant (ahead of its time) solution could be bundled with Wave's other great solutions to give the U.S. government cybersecurity that is state of the art!!
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Lee, MA -
May 9, 2013 -
Wave Systems Corp. (NASDAQ: WAVX), the Trusted Computing Company, today announced Wave Knowd, a new web service available for preview that significantly reduces the vulnerability and use of passwords by leveraging the unique identity of computing devices. With a simple integration of Wave Knowd, any website can establish reliable and consistent identity relationships with the devices its customers use most often for Internet services. Wave Knowd, which signifies “Known Devices,” is being tested by partners to provide the backbone for general purpose machine identity.
“The maturation of the web mandates a change in how we, and our computing devices, connect to the web,” said Steven Sprague, Wave CEO. “With cable television, satellite radio, bank kiosks and mobile phones, the service relationship is tied to the endpoint device. The web needs the security and simplicity of this same model, where our computing devices themselves play an added role in authentication. I access dozens of web services every day from the computer in my home office, and want those sites to know and trust my PC so they’ll stop continually asking me to log in. Wave Knowd enables that trust.”
To make web authentication stronger and simpler, Wave Knowd provides a new approach to signing on and accessing Cloud and Internet services. From online banking to business services and even consumer gaming, passwords are failing to provide a level of security that either service providers or users can trust. Knowd is built upon the concept that only known devices should ever access a protected network. Knowd incorporates all of your access and identity solutions together to establish a relationship of trust between users’ computing devices, and the web services they access.
“We interact online using so many devices now, but from a security perspective those devices aren’t all equal. Accessing medical records or confidential business files from my kid’s smartphone is certainly not as trustworthy as connecting from my business PC with an encrypted drive,” continued Mr. Sprague. “Wave Knowd is all about making the Web simpler and safer, and that new foundation of trust begins with known devices, and known capabilities.”
Once machine identity is established, any web site—from gaming, social networking or shopping; to banking, business and financial services—can use Wave Knowd to create a reliable and persistent identity for the connecting device. Knowd allows Web sites to streamline access for users who repeatedly log on from trusted devices, while bolstering security. Initial authentication creates a unique and anonymous relationship between each computing device and each web service accessed, and then the level of trust between the two grows over time. Knowing the device can also help the site prevent fraud and phishing, or simply provide quicker no-password access. Wave is the partner helping to create and manage these relationships.
“Wave Systems was the obvious choice to provide ID Dataweb’s attribute exchange with device identity services,” said David Coxe, CEO at ID Dataweb. “In Knowd, Wave has provided a system that is rooted in state of the art device security technologies such as the Trusted Platform Module and other secure elements, while also offering a simple web based integration. It’s easy to identify if a connecting device is highly trusted, or whether it requires added screening and security.”
ID Dataweb uses Wave’s Knowd solution as part of the Identity Ecosystem supported through a grant from the U.S. Department of Commerce’s National Institute of Standards and Technology’s NSTIC initiative (National Strategy for Trusted Identities in Cyberspace). ID Dataweb has created a standards-based platform to simplify online identity verification using OpenID credentials.
Providing the Tools to Manage Trust in the Cloud: What’s Your Trust Score?
Wave Knowd is a powerful enhancement for any website. The endpoint identity service links an individual users’ unique device identity, with the Internet services that are typically protected only by username and password access. Users are prompted by their cloud service provider to register their primary computing devices to create a unique and persistent device identity relationship with their Internet services and service providers. No personal ID information is obtained by Wave, as Knowd works purely as a machine identity service. Furthermore, registered devices are given a unique ID for every service provider, establishing a separate trust relationship with each service.
Wave Knowd asserts a Trust Score that helps both consumers and cloud services or relying parties to determine the level of trust granted to each specific computing device. For example, a home PC that is used regularly for banking will quickly build a high Trust Score. Users can achieve a higher Trust Score by installing a small software application (Wave Knowd currently supports Windows 7 and 8, with Apple and Android to follow later this year). Business-class PCs containing a standard Trusted Platform Module (TPM) can establish even greater trust by leveraging the TPM security chip to create and securely store a unique device ID.
Knowd provides a web service with a new capability to enable or disable features based on the device that the user is actively using, providing a new security option for the end user. Perhaps an account password can only be reset from the user’s registered home computer and not from anywhere in the world, thereby linking in all of the user’s investment in the security of their home, from their alarm system to the doorman. Every web service can benefit from integrating Wave Knowd as part of the user’s experience.
Researchers were able to detect what is typed using just a smartphone
https://www.helpnetsecurity.com/2019/08/19/smartphone-intercept-typing/
You likely know to avoid suspicious emails to keep hackers from gleaning personal information from your computer. But a new study from SMU (Southern Methodist University) suggests that it’s possible to access your information in a much subtler way: by using a nearby smartphone to intercept the sound of your typing.
Researchers from SMU’s Darwin Deason Institute for Cybersecurity found that acoustic signals, or sound waves, produced when we type on a computer keyboard can successfully be picked up by a smartphone. The sounds intercepted by the phone can then be processed, allowing a skilled hacker to decipher which keys were struck and what they were typing.
The researchers were able to decode much of what was being typed using common keyboards and smartphones – even in a noisy conference room filled with the sounds of other people typing and having conversations.
“We were able to pick up what people are typing at a 41 percent word accuracy rate. And we can extend that out – above 41 percent – if we look at, say, the top 10 words of what we think it might be,” said Eric C. Larson, one of the two lead authors and an assistant professor in SMU Lyle School’s Department of Computer Science.
It might take only a couple of seconds to obtain information on what you’re typing, noted lead author Mitch Thornton, director of SMU’s Deason Institute and professor of electrical and computer engineering.
“Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone,” Larson said.
The researchers wanted to create a scenario that would mimic what might happen in real life. So they arranged several people in a conference room, talking to each other and taking notes on a laptop. Placed on the same table as their laptop or computer, were as many as eight mobile phones, kept anywhere from three inches to several feet feet away from the computer, Thornton said.
Study participants were not given a script of what to say when they were talking, and were allowed to use shorthand or full sentences when typing. They were also allowed to either correct typewritten errors or leave them, as they saw fit.
“We were looking at security holes that might exist when you have these ‘always-on’ sensing devices – that being your smartphone,” Larson said. “We wanted to understand if what you’re typing on your laptop, or any keyboard for that matter, could be sensed by just those mobile phones that are sitting on the same table.
“The answer was a definite, “Yes.”
But just how does it work?
“There are many kinds of sensors in smartphones that cause the phone to know its orientation and to detect when it is sitting still on a table or being carried in someone’s pocket. Some sensors require the user to give permission to turn them on, but many of them are always turned on,” Thornton explained.
“We used sensors that are always turned on, so all we had to do was develop a new app that processed the sensor output to predict the key that was pressed by a typist.”
There are some caveats, though.
“An attacker would need to know the material type of the table,” Larson said, because different tables create different sound waves when you type. For instance, a wooden table like the kind used in this study sounds different than someone typing on a metal tabletop.
Larson said, “An attacker would also need a way of knowing there are multiple phones on the table and how to sample from them.”
A successful interception of this sort could potentially be very scary, Thornton noted, because “there’s no way to know if you’re being hacked this way.”
=================================================================
Wave VSC 2.0 could become really popular after reading this article!! The hacker (if the user had Wave VSC 2.0) would need the user's computer/TPM in addition to the PIN to access the computer and apps!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
==================================================================
To learn more about enabling Wave's excellent cyber solutions, please see the following links:
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Navy Wrestles With Cyber Policy As China and Iran Hack Away
https://breakingdefense.com/2019/08/navy-wrestles-with-cyber-policy-as-china-and-iran-hack-away/
"We’re spending a lot of money in this area right now, but we don’t understand where we’re spending it” says Navy undersecretary Thomas Modly.
PENTAGON: The Navy doesn’t have a good handle on how it is spending money to protect its networks against cyber attacks, a top leader says. In the wake of a stinging self-assessment of own cyber vulnerabilities released this spring, they’re rushing ahead to bring in a new management team to spearhead change.
“No one at a senior level of this department was responsible for this portfolio,” Navy undersecretary Thomas Modly told reporters here last week. “It was very distributed, so we found we were investing in things without any level of coordination…we’re spending a lot of money in this area right now, but we don’t understand where we’re spending it.”
Navy officials are banking on a soon-to-be-named cyber advisor to Navy Secretary Richard Spencer — who will bring aboard a staff empowered to make change — to be the catalyst to begin tackling these issues as the Pentagon struggles to keep foreign adversaries out of its networks, and those of US defense contractors.
China, Iran and Russia are “relentlessly hacking into our systems,” Modly said, “they’re trying to come at us in every possible way that they can.” Last year, reports emerged of Chinese hackers punching their way into the networks of US defense contractors, and making away with classified data on new weapons systems like a supersonic anti-ship missile and other sensitive plans for submarines.
More recently, the Navy’s Cyber Readiness Review released in March offered a scathing critique, calling weak spots and persistent holes in the system an “existential threat” to the existence of Navy and Marine Corps. The unsparing 80-page assessment concluded the Navy is under “cyber siege” and has so far failed to secure its IT systems.
Pentagon officials have often said the weakest link in the chain are sub-tier suppliers working on weapons systems who don’t have the money or expertise to fully secure their own systems, providing adversaries with an open back door into more sensitive networks.
“To the extent that they come into the places that it’s easiest for them to come in, they are able to go to lower level suppliers,” Modly said, where the hacker can pull information that might not in itself be classified but when pieced together with other information, “then all of a sudden they’re getting bigger and more clear picture of our competitive advantages in certain areas of technology.”
Since many of those smaller suppliers have neither the money or expertise to build and maintain their own firewalls, Modly suggested the possibility of a Navy cloud where the service could help them manage their data. It’s unclear how receptive companies would be to placing their proprietary information into a system potentially accessible by potential competitors.
But that’s all in the future. At the moment, the soon-to-be-named Navy special assistant to the secretary for information management will manage four new subordinate directorates, all which will likely be no larger than 15 to 20 people (as the plan stands now.) “We are not adding a huge staff,” Modly said. “We won’t do that, but we are moving pieces around on the chess board.”
Those directorates include a chief technology officer tasked with leading acquisitions of technical infrastructure, a chief digital officer, a chief data officer, and a chief information security officer. Navy leadership is still working on what authorities those leaders will have to push change inside often entrenched bureaucracies likely to bristle at having a new layer of management telling them how to run their shops.
The first thing out of the gate will be pushing “stronger policies to deal with our industrial base to ensure that as they look at second- and third-tier suppliers that they’re enforcing stricter cybersecurity standards,” Modly said. Specifically, supply and logistics are “our biggest weakness with respect to auditibility and data clarity, and that’s because no one owns it.”
Overall, Modly stressed that this isn’t just some old ideas wrapped up in a new package. March’s cyber report really lit a fire under Navy leadership, and considering that incoming CNO, Adm. Mike Gilday, is the former 10th Fleet commander, which is the Navy’s cyber arm, it’s an effort that will likely get more attention at the top. “I hope that no one thinks this is a rehash of things we’ve done before,” Modly said, “because it’s not.”
=================================================================
Its disturbing to see articles like this when Wave/ESW has better security at less than half the cost!!! The Navy and their suppliers don't need to have a firewall that needs continuous updating, they could buy Wave solutions and have better security at less than half the cost!! Wave's security keeps the bad guys off the network by only allowing known and approved devices on the network!! Bill Solms was with the Army, but his background in government and as ex-CEO of Wave, he could be very helpful here. If Wave/ESW in addition to its current employees had many of the ex-Wave employees, it could be a real standout in cybersecurity.
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
20 Texas Cities Hit by Coordinated Ransomware Attack, State's IT Department Says
https://www.newsweek.com/texas-ransomware-bitcoin-hackers-1454865
wenty local government entities across Texas have been hit by a coordinated ransomware attack, the state's Department of Information Resources (DIR) announced on Friday.
"Currently, DIR, the Texas Military Department, and the Texas A&M University System's Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions," the department, which is leading the state's response, said in a press release. "Further resources will be deployed as they are requested."
Ransomware attacks have been gaining currency among hackers in recent years as a preferred method of extortion, especially among municipal entities. Digital intruders will plant malicious code inside the networks of an agency's information systems—often exploiting the relatively unsophisticated or out-of-date cyber defenses of ill-prepared cities—and shut down access to computers or specific databases.
Users are then extorted for cash in order to regain access to their systems, and they are nearly always asked to pay in Bitcoin, a blockchain currency that is virtually untraceable, allowing hackers to pull off these complex operations from a single room halfway around the world.
It is unknown how much the hackers were demanding from Texas officials, which systems are currently offline and whether the impacted cities are expected to pay the ransom.
Please see rest of the article at the link.
=================================================================
If organizations used Wave VSC 2.0 and Wave SED management with SEDs, they would be protected from this terrible ransomware!! Why organizations continue with products that don't work seems a bit puzzling?
https://www.wavesys.com/
=================================================================
I miss the ole Snackman days: Methinks, Barge, Awk, Helpfulbacteria, Wavxdreamer, Oknpv, Taxi Vader, WEBY, WEETS, FOAM, Tsumanmi 07, cooler, Vacationhouse, Wildman 262 and many others. Still sad about Awk being gone.... If these guys/gals were around Wavx would be a reincarnated Wave/ESW and up with the great technology companies like Microsoft!! I hope they are doing well!!!!! I heard someone once say, "Miracles happen!"
3,813 breaches were reported through June 30, exposing over 4.1 billion records
https://www.helpnetsecurity.com/2019/08/16/2019-midyear-quickview-data-breach-report/
The number of reported breaches has gone up by 54% and the number of exposed records by 52% compared to the first six months of 2018 according to the 2019 MidYear QuickView Data Breach Report, released by Risk Based Security.
The research shows that eight breaches reported within Q1 and Q2 of 2019 accounted for 3.2 billion records exposed; three of these being among the largest breaches of all time.
“Looking over the first six months of 2019, it is hard to be optimistic on the outlook for the year,” commented Inga Goddijn, Executive Vice President of Risk Based Security. “The number of breaches is up and the number of records exposed remains stubbornly high. Despite best efforts and awareness among business leaders and defenders, data breaches continue to take place at an alarming rate.”
The MidYear QuickView Data Breach Report tracks publicly disclosed breaches and records exposed within 2019 so far. The key findings state that The Business Sector accounted for 67% of reported breaches, which continues the trend observed in the Q1 2019 report. From these breaches, further analysis states that The Business Sector was then responsible for 84.6% of records exposed.
When asked about her observations on this activity, Ms. Goddijn commented, “Quarter after quarter the pattern has repeated itself. The vast majority of incidents are attributable to malicious actors outside an organization. Unauthorized access of systems or services, skimmers and exposure of sensitive data on the Internet have been the top three breach types since January of 2018. However, insider actions, both malicious and accidental, have driven the number of records exposed.”
Unauthorized access of systems or services, referred to as hacking in the report, is still the number one breach type with phishing being a tried and true first step for gaining access to systems and services. Interestingly enough, phishing for credentials often leads to providing attackers with access to users’ email accounts.
While the data held in email may not be as easily monetized as other datasets, it does lead to the exposure of unusual or unexpected types of data. Some of the more unusual data elements exposed this year include electronic signatures, calendars, marriage certificates, and company issued employee ID numbers.
Ms. Goddijn concluded, “While the landscape does look bleak, we have seen bright spots this year. Some organizations are choosing to report incidents that might have gone unreported in the past. The most recent example of this came up just a few days ago, when Monzo Bank opted to report customers’ account PINs being inadvertently stored in internal logs that were accessible to their engineering teams. Once the issue was identified, the bank had it corrected and disclosed within 5 days. A breach is rarely good news but a fast response coupled with open communication speaks well of the organization. We hope to see more organizations following Monzo’s lead as the year unfolds.”
==================================================================
If Wave VSC 2.0 makes up a small part of the two factor authentication market (it shouldn't!), it's safe to assume that 3,813 breaches were a result of the other two factor authentication products not being able to protect like Wave has tested successfully in well renowned organizations!! One two factor authentication product covers 25,000 organizations and there are 3,813 BREACHES IN SIX MONTHS!! How effective are products like these at protecting organizations from breaches?! Wave VSC 2.0 is better security at less than half the cost!!!
==================================================================
Please read the Wave Virtual Smart Card White Paper link within the link below.
https://www.wavesys.com/virtual-smart-card-2.0-from-wave
==================================================================
Unauthorized access shouldn't happen. Please read the '1. known devices on the network' - (enabling Trusted Computing) below.
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
Decrease expenses with virtual smart cards
You know what else happens when you take passwords out of the equation? A lot fewer calls to IT. Imagine if you took password resets out of the picture – that frees up a chunk of IT time, lowering your operating expenses significantly.
If your organization currently uses traditional tokens or smart cards, switching to virtual smart cards takes an even bigger burden off of IT – we use the hardware-protected credentials in the TPM to create a virtual smart card, which performs the same functionality as traditional smart cards. That means no need to purchase, deploy, replace or maintain external tokens, smart cards or smart card readers. Because virtual smart cards are already on your machines and can’t be forgotten, lost or stolen, you have lower capital expenses and lower operating expenses.
==================================================================
The links below can help organizations with enabling better cybersecurity solutions:
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Symantec cannot handle SHA-2 and breaks Windows 7 and Server 2008 R2
https://www.zdnet.com/article/symantec-cannot-handle-sha-2-and-breaks-windows-7-and-server-2008-r2/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d549613a341320001ab09d9&utm_medium=trueAnthem&utm_source=twitter
Microsoft withholding updates from machines with Symantec software, because it cannot handle SHA-2 certificates and does stupid things.
If only Symantec had any sort of forewarning about Microsoft moving to use SHA-2 signed updates, everything might have gone smoother.
It seems that six months is not enough for Symantec to get its ducks in a row, as its anti-virus software is unable to handle SHA-2 signatures, and led to Microsoft withholding updates from certain devices.
In an update note for Windows 7 and Server 2008 R2, Microsoft said that when a device runs any Symantec or Norton antivirus program, and attempts to install an update signed only with SHA-2, the antivirus program blocks or deletes the update during installation, which could make the operating system stop working.
"Microsoft has temporarily placed a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available," Microsoft said.
"We recommend that you do not manually install affected updates until a solution is available."
For its part, Symantec said an "upcoming version" of Symantec Endpoint Protection would support SHA-2.
Earlier in the year, Microsoft said it was moving away from dual-signing its updates with SHA-1 and SHA-2 due to the weakness of SHA-1.
"Unfortunately, the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing," Microsoft said at the time.
"Stronger alternatives such as the Secure Hash Algorithm 2 (SHA-2) are now strongly preferred as they do not suffer from the same issues."
Last week, Broadcom picked up Symantec's enterprise security business as well as the Symantec brand name for $10.7 billion.
The remaining portion of Symantec will keep its consumer products, such as Norton.
Reporting its first quarter results at the same time, Symantec said it would cut approximately 7% of its workforce, and disclosed revenue of $1.24 billion.
==================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Insurers Collaborate on Cybersecurity Ratings
https://investorshub.advfn.com/boards/read_msg.aspx?message_id=147813498
https://www.darkreading.com/risk/insurers-collaborate-on-cybersecurity-ratings/d/d-id/1334258
A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval.
It's in the best interest of insurance companies to have their customers protected from cybersecurity losses. That, in a nutshell, is why a number of global insurers are collaborating on a rating system for cybersecurity products.
According to The Wall Street Journal, Marsh & McLennan, a professional services company specializing in risk and insurance, will evaluate enterprise cybersecurity technology in a program called "Cyber Catalyst." The article states, "Marsh will collate scores from participating insurers, which will individually size up the offerings, and identify the products and services considered effective in reducing cyber risk."
Companies that choose security products from among the approved selection may find themselves qualified for improved insurance terms and conditions. Insurers already signed up to participate include Allianz SE, AXA SA, Axis Capital Holdings Ltd, Beazley PLC, CFC Underwriting Ltd., Munich Re, Sompo International, and Zurich Insurance Group AG.
=================================================================
AXA and Wave could show the other insurers how tremendous Wave VSC 2.0 is, (read article below) and the insurers could give Wave VSC 2.0 more than just a stamp of approval!!
==================================================================
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
Wins competitive evaluation against market leader in two-factor authentication tokens
https://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Lee, MA -
December 17, 2015 -
Wave Systems Corp. (NASDAQ: WAVX) announces a five-year master licensing agreement (MLA) with a leading global corporation (as determined by the 2015 Fortune Global 500 List) for its Virtual Smart Card 2.0 solution. This MLA sets the terms and pricing for licenses and maintenance across the customer’s global organization and establishes it as their preferred two-factor authentication solution. Instead of one large license purchase for the entire organization, each of the customer’s subordinate divisions will make separate orders in accordance with the terms of this MLA.
The first purchase of 2,000 VSC 2.0 licenses under this agreement, when added to a previous purchase, completes the requirement for the customer’s global IT division. That division will now lead the internal effort to standardize the remaining 150,000+ endpoints within their organization with the new Wave VSC 2.0 solution. While there are no minimum order requirements under the agreement, discussions for additional orders are underway.
“Our five-year agreement with this customer is the first very large scale contract for VSC 2.0 and is an important milestone for Wave,” said Bill Solms, President and CEO of Wave Systems. “This customer is a major global financial services company and their standards for protecting their systems from unauthorized access and the integrity of their data are of the highest order. Wave had to pass a very rigorous technical and business review to win the competition. We believe that this client’s decision to choose Wave Virtual Smart Card 2.0 over their incumbent solution gives us tremendous credibility in the two-factor authentication market. We will remain engaged with this company in order to complete the additional sales and deployments in the months ahead.”
Wave Virtual Smart Card 2.0 is a tokenless, hardware-based, two-factor authentication solution that offers superior security at less than half the cost of comparable solutions. It is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7, 8 and 10. It also provides management support for the Microsoft Virtual Smart Card on Windows 8 and 10. Wave’s VSC solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, significantly lower total cost of ownership, and a greatly reduced risk of unauthorized access.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure Passphrase and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with both TPM 1.2 and TPM 2.0 security chips
For more information, visit: Wave Virtual Smart Card 2.0
https://www.wavesys.com/
==================================================================
This Insurer's Cybersecurity Ratings (*-AXA) post should be helpful to ESW/Wave and the TCG in light of the last post!! 'Enabling Trusted Computing' based on past experience would reflect better breach statistics going forward so giving an A rating to 'Enabling Trusted Computing would help improve cybersecurity for the enterprise market!! 'Enabling Trusted Computing' would reduce risks for insurers and organizations. Wave could be a leading company of this overlooked, better cybersecurity (Trusted Computing)!!!
==================================================================
The links below can help organizations with enabling better cybersecurity solutions:
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Enabling Trusted Computing...
If all members of the TCG support Trusted Computing being enabled, why doesn't the TCG require Trusted Computing being enabled in companies for their TCG membership or does it?
Also, should cyber insurance companies continue to support the alternatives to 'enabling Trusted Computing' given the number of data breaches in the last year? I would think that Trusted Computing and its successes would be one of the reasons that cyber insurance companies would push it as a standard in organizations they insure!
==================================================================
Please see previous post:
What does Trusted Computing Enable/Provide? Overall market needs addressed:
What does Trusted Computing Enable/Provide? Overall market needs addressed:
— Trusted Computing (@TrustedComputin) August 9, 2019
1. Known devices on networks
2. Known software on devices
3. Secure Authentication
4. Known execution of known code on devices
5. Interoperability across devices
Learn more: https://t.co/CeS9hMjdwH
What does Trusted Computing Enable/Provide? Overall market needs addressed:
What does Trusted Computing Enable/Provide? Overall market needs addressed:
— Trusted Computing (@TrustedComputin) August 9, 2019
1. Known devices on networks
2. Known software on devices
3. Secure Authentication
4. Known execution of known code on devices
5. Interoperability across devices
Learn more: https://t.co/CeS9hMjdwH
What’s cybercriminals’ most effective weapon in a ransomware attack?
https://www.helpnetsecurity.com/2019/08/07/weapon-ransomware-attack/?utm_content=98315213&utm_medium=social&utm_source=twitter&hss_channel=tw-64677310
Cybercriminals’ most effective weapon in a ransomware attack is the network itself, which enables the malicious encryption of shared files on network servers, especially files stored in infrastructure-as-a-service (IaaS) cloud providers, says Vectra.
Attackers today can easily evade network perimeter security and perform internal reconnaissance to locate and encrypt shared network files. By encrypting files that are accessed by many business applications across the network, attackers achieve an economy of scale faster and far more damaging than encrypting files on individual devices.
According to the Vectra 2019 Spotlight Report on Ransomware, recent ransomware attacks cast a wider net to ensnare cloud, data center and enterprise infrastructures. Cybercriminals target organizations that are most likely to pay larger ransoms to regain access to files encrypted by ransomware. The cost of downtime due to operational paralysis, the inability to recover backed-up data, and reputational damage are particularly catastrophic for organizations that store their data in the cloud.
“The fallout from ransomware attacks against cloud service providers is far more devastating when the business systems of every cloud-hosted customer are encrypted,” said Chris Morales, head of security analytics at Vectra. “Today’s targeted ransomware attacks are an efficient, premeditated criminal threat with a rapid close and no middleman.”
Ransomware is a fast and easy attack with a bigger payout than stealing and selling credit cards or personally identifiable information (PII), both of which have perishable values as time passes after their theft. Factor-in cryptocurrency as the ransom payment – an anonymous, hard-to-trace currency – and it’s easy to see why cybercriminals like ransomware’s clean, no-fuss business model.
Preventing widespread damage
“Our research indicates that 53% of organizations say they have a ‘problematic shortage’ of cybersecurity skills today and the ramifications of it are very evident with fast-moving ransomware attacks,” said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group.
“The industry simply doesn’t have enough trained security folks scanning systems, threat hunting or responding to incidents. This Spotlight Report offers important insights into the weaponization, the shift from opportunistic to targeted attacks, and the industries targeted by ransomware that can help organizations be better prepared.”
Artificial intelligence can detect subtle indicators of ransomware behaviors and enable organizations to prevent widespread damage. When organizations recognize these malicious behaviors early in the attack lifecycle, they can limit the number of files encrypted by ransomware, stop the attack from propagating, and prevent a disastrous business outage.
The 2019 Spotlight Report on Ransomware is based on observations and data from the 2019 Black Hat Edition of the Attacker Behavior Industry Report, which reveals behaviors and trends in networks from a sample of over 350 opt-in Vectra customers. The Attacker Behavior Industry Report provides statistical data on the behaviors motivated attackers use to blend in with existing network traffic behaviors and mask their malicious actions.
From January-June 2019, the Vectra Cognito threat-detection and response platform monitored enriched metadata collected from network traffic between more than four million workloads and devices in customer clouds, data centers and enterprise environments. The analysis of this metadata provides a better understanding about attacker behaviors and trends as well as business risks, enabling Vectra customers to avoid disastrous data breaches.
==================================================================
This article helps reveal why Wave VSC 2.0 and Wave ERAS are a great protection against ransomware! These solutions won't allow ransomware attackers onto the network to do incredible damage to an organization. By only allowing known and approved devices onto the network, Wave VSC 2.0 and Wave ERAS along with SEDs and Wave SED management could give organizations an excellent defense against ransomware attackers!!! Since Wave solutions work effectively and efficiently, an organization wouldn't have to hire as many cyber trained employees to combat the ransomware!!
==================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
https://www.wavesys.com/products/wave-self-encrypting-drive-management
==================================================================
The links below can help organizations with enabling better cybersecurity solutions.
https://www.wavesys.com/
https://www.wavesys.com/contact-information
DISA, Cyber Command Are Launching a Zero-Trust Pilot Program
https://www.nextgov.com/cybersecurity/2019/08/disa-cyber-command-are-launching-zero-trust-pilot-program/159007/
The effort will explore frameworks and technologies that would protect the Pentagon’s networks from unauthorized access.
The Defense Information Systems Agency is standing up a lab for researchers to test different strategies for building zero-trust network architectures across the Pentagon.
Located near the agency’s Fort Meade headquarters, the facility will serve as the base of operations for a pilot program run by DISA and U.S. Cyber Command focused on protecting the Pentagon’s IT infrastructure from unauthorized access, according to Jason Martin, acting director of DISA’s cyber directorate.
Once the lab is up and running, security experts from the defense and intelligence communities will use it to experiment with novel approaches to improving identity and access management on military networks, he said Wednesday during a panel at the FCW Cybersecurity Summit. The intelligence community will also be involved in those efforts, he added.
According to Martin, the program will focus on three key areas: creating a framework for continuously monitoring and checking access on different layers of the network, building out tools to manage identity and access, and pushing out those solutions across the Pentagon. Based on the findings, he said, the Pentagon will likely both adapt existing policies and tools to improve security, and acquire new tech to deploy across the enterprise.
“[The efforts] will inform what we actually do need to build out, integrate and configure,” he said in a conversation with reporters. “It’s rethinking how we do continuous security.”
According to Martin, the department has already identified funds to support the pilot program in the years ahead.
At its core, zero-trust security is a network architecture that requires verifying the identity of all people and devices before they can access a given system. Last month, the Pentagon listed zero-trust architectures as a key aspect of its digital modernization strategy.
While network security is a critical part of defending against bad actors, panelists warned the Pentagon can’t ignore the other components of security. Weapons systems, physical infrastructure and government contractors all present possible entry points for digital intruders, and “an adversary can move through any one of those spaces to create an issue,” said Defense Department Director of Cyber John Garstka.
“We’re finding that you can [be] really secure in your network space and lose ... because an adversary has figured out they can attack one of those other layers of the stack,” Garstka said during the event. “We’re focusing on what does it mean to secure different levels of the stack, and how do you develop the workforce ... to understand what cyber hygiene means.”
==================================================================
Wave has the technology now to keep unauthorized (unknown and unapproved - see bolded underline below) devices and users off the network. Why wait for a pilot to run its full course when Russia will have isolated its internet soon? And Wave's technology has been successfully tested for years on large organizations!! There shouldn't be anymore delays in using Wave VSC 2.0 and Wave ERAS given the potential consequences of not using these solutions.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
The links below can help organizations with enabling better cybersecurity solutions.
https://www.wavesys.com/
https://www.wavesys.com/contact-information
China may be trying to hack US utilities, report says
https://www.foxnews.com/tech/china-hack-utilities-report
A phishing campaign against U.S. utilities points to nation-state actors, a new report says.
The phishing emails fraudulently impersonated a licensing body in the utility sector, according to the report from cybersecurity firm Proofpoint. Phishing involves sending malware-infected email that appears to be coming from a trustworthy entity in order to steal sensitive information.
“The profile of this campaign is indicative of specific risk to US-based entities in the utilities sector,” the report states.
The big question, though, is who exactly is behind the attack. The malware uses phishing?tactics used by a group known as APT, Proofpoint added. APT, sometimes referred to as APT10, is a nation-state actor associated with China.
“They’re using a technique that’s been used by Chinese state actors in the past, but enough about these attacks is different that we cannot attribute them to an actor with confidence,” Ryan Kalember, executive vice president of Cybersecurity Strategy at Proofpoint, told Fox News in an email.
The report added, however, that the “risk that these campaigns pose to utilities providers is clear…Persistent targeting of any entity that provides critical infrastructure should be considered an acute risk with a potential impact beyond the immediate targets.”
“There’s not enough data to tell if it was a test, a signal, or regular reconnaissance. [It] might have been all three,” James Lewis, Senior Vice President and Director, Technology Policy Program at the Center for Strategic and International Studies, told Fox News.
The scary thing about these phishing attacks is they were very credible and thus believable – which differs from more run-of-the-mill phishing attacks that are riddled with language and grammatical errors. “These were excellent spear phishing attacks, credibly impersonating an industry licensing association and targeted at people in a role where that license would be essential to their work,” Proofpoint’s Kalember said.
The US National Council of Examiners for Engineering and Surveying (NCEES) is the organization impersonated by the phishing campaign, according to the report.
Emails delivered on July 19?and July 25?pretended to be a “failed examination result” from the NCEES and fraudulently utilized the NCEES logo, Proofpoint said.
Kalember added that though the attacks were successfully thwarted, that only covers their clients. “We blocked all of the ones that targeted our customers, but cannot say definitively whether other organizations were successfully compromised,” he said.
==================================================================
What if Proofpoint can't stop some of these phishing attacks? Wave VSC 2.0 and Wave ERAS could be a better and final layer of defense that protects against Proofpoint or like technology from missing a phishing attack!!
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
Low TCO
• Reduce operating expenses by eliminating password reset and shortening deployment times
• Minimize capital expenses by using hardware you already have
• Integrate with Microsoft Active Directory for IT familiarity
Superior User Experience
• No more tokens or smart cards to achieve two-factor authentication
• Eliminate VPN/WiFi/website passwords for faster access to resources
• No add-on software means improved OS performance
Flexibility
• Compatible with Windows 8.1, 8, 7 and Vista operating systems – manage mixed environments from one console
• Create custom management policies to suit your organization’s needs
• User and device authentication from a common console
Seamless Device Authentication
• Access control over wireless (i.e. 802.1x)
• Single sign-on
• VPN authentication (i.e. Microsoft DirectAccess)
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/
https://www.wavesys.com/contact-information
How powerful are Russian hackers? One new law could transform global crime operations
https://www.theregister.co.uk/2019/08/08/blackhat_russian_internet_law/
Black Hat The introduction of Russia's Sovereign Internet rules is having an impact on the way criminal hackers around the world do business.
This is according to security house IntSights, which says that the law, set to become official in a few months, will force many hacking groups to change the way they operate both in Russia and in other countries.
The rule would lead to Russia developing its own standalone network that could be cut off from all connections outside of the country if need be and continue to function.
"It creates this infrastructure that kind of isolates Russia a little bit," Charity Wright, a threat intelligence analyst with IntSights, told The Register.
"A lot of outsiders feel threatened because they feel they may not have access to the Russian internet, but really Russia's intention is to become sovereign over their own infrastructure so if there is an attack to cut them off, they can go on with business as usual."
While the Russian government is notorious for turning a blind eye to criminal hackers (and in some cases even enlisting them for official activities), the new law will still have a major impact on how cybercrime is conducted both within and outside the country.
In particular, hackers operating within Russia will have to make sure that the services they use to conduct attacks, such as VPNs, are either Russian or operate in compliance with the strict sovereign internet requirements that have lead many VPN providers to already pull out of the country.
"Although Russia is not known for cracking down on crime, this is really going to create a new culture for darkweb usage," Wright said.
"They will really have to consider the VPNs they are using and make sure they comply or stop using them."
Those sentiments were echoed by fellow IntSights security pro Andrey Yakovlev, who said that while Russia is tightening its grip on the internet and becoming more insular, it also gives its domestic hackers more motivation to launch attacks outside their borders.
"The sovereign internet will make it much easier for Russian law enforcement to crack down on hackers that target Russian entities," Yakovlev explained in the IntSights Dark Side of Russia report.
"But the government will still likely turn a blind eye to threat actors that target foreign entities – particularly those operating in enemy states, like the United States."
In other words, as hacking within Russia becomes more difficult and dangerous, expect to see Russian hacking groups focus even more of their attention on western countries, where the attacks will not draw a police response.
This is particularly bad news given the technological advantage many Russian hacking crews enjoy. The IntSights team noted that many of the major attacks and exploits to arise in recent months, such as the Windows RDP BlueKeep flaw, were weaponised in Russia long before hackers in other countries were able to get working attack code launched in the wild.
"The Russian underground covers virtually any known type or method of malicious activity," noted Yakovlev.
"If news outlets are talking about it, it is likely Russian cybercriminals have already had it for some time."
Combine that with the stronger motivation to hack outside of Russian borders, and it is shaping up to be a long year for foreign companies in the crosshairs of Russian hacking crews. ®
==================================================================
With Russia isolating their internet soon and more Russian hackers bringing their criminal business to other countries, the future offensive posture of the U.S. potentially toward Russia appears to be severely weakened! A defense that keeps Russia and its hackers from penetrating U.S. organizations makes a LOT of sense!! Keeping unauthorized (unknown and unapproved) devices off U.S. organizations' networks with Wave VSC 2.0 and Wave ERAS could prevent expensive damage and recovery after huge exposure of sensitive data.
Please see the links below for this very helpful, better security and less than half the cost technology!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
Please see the links below for details on how organizations' cybersecurity can be better protected and to contact Wave!!
https://www.wavesys.com/
https://www.wavesys.com/contact-information
SWAPGS Attack: A new Spectre haunts machines with Intel CPUs
https://www.helpnetsecurity.com/2019/08/07/swapgs-attack/
Bitdefender researchers have uncovered yet another viable speculative execution side-channel attack that can be leveraged against Intel CPUs and the computers running on them.
The SWAPGS Attack, as they call it, circumvents the protective measures that have been put in-place in response to earlier attacks such as Spectre and Meltdown. Still, there is plenty of good news: Microsoft has already released Windows patches for the flaw that makes the attack possible and, even though feasible, the researchers don’t expect the attack to be exploited for widespread, non-targeted attacks.
“A successful attack requires a vulnerable Intel CPU, an unpatched operating system and several hours of continuous probing,” Bogdan Botezatu, Director of Threat Research at Bitdefender, told Help Net Security.
“This attack was not trivial to discover or execute, so, in the absence of a proof of code, I would rate is as difficult to implement for the average cyber-criminal. It might, however, be more than appealing to high profile threat actors, given the fact that exploitation leaves no traces on the system.”
The attack
As Spectre, Meltdown, MDS and other similar attacks before it, the SWAPGS attack takes advantage of speculative execution, a functionality that seeks to speed-up the CPU by having it make educated guesses as to which instructions might come next.
Unfortunately, the discarded instructions produce microarchitectural changes that can leave traces in the system’s caches. Those can be observed by attackers and provide them with helpful information such as passwords, encryption keys, tokens, access credentials, or pointers or addresses that would allow them to perform privilege escalation.
The new attack takes advantage of SWAPGS, a system instruction that is used by the operating system to switch between two Model Specific Registers. The researchers discovered a way to manipulate this instruction to leak out information that should be available to the operating system only. (The SWAPGS attack is, in effect, a variant of the Spectre V1 attack.)
The whitepaper Bitdefender released has much more technical information about it, but what’s important for you to know now is this:
•It affects all Intel CPUs that support speculative execution of the SWAPGS instruction, so basically anything from Intel Ivy Bridge (introduced 2012) until latest processors series available on the market
•Both home users and enterprise users are impacted by this vulnerability: desktops, laptops, servers, etc. running an Intel Ivy Bridge or newer CPU are vulnerable
•This type of flaw can generally be mitigated via hardware fixes (directly on silicon), microcode (firmware) updates (provided by the CPU manufacturer) or software patches.
Should you worry?
“The initial discovery of the vulnerability took great effort as it requires intimate knowledge of the operating system and CPU internals. However, exploiting this vulnerability is easy once the attacker has the proof of concept code and tests it on an unpatched system,” the researchers explained.
“Now, the information exfiltrated is unpredictable – we can extract a lot of junk and only very little relevant information, but if the attackers have a lot of time to gather information, they will eventually stumble upon what they are looking for. This is not a type of attack that we expect to be commercially weaponized in order to plant malware on the users’ computers, but it can serve a highly motivated threat actor as an information gathering tool because exploiting this vulnerability leaves no traces on the system.”
Bitdefender has worked with Intel for more than a year on public disclosure of this attack. The former says it is possible that an attacker with knowledge of the vulnerability could have exploited it to steal confidential information, but that, based on their telemetry, there are no attacks reported yet.
Available fixes and mitigations
“The best fix for that would be to completely remove the CPU and replace it with a redesigned one that is not vulnerable to this type of manipulation,” Bitdefender noted.
Since that is not yet an option and Intel has said they won’t be pushing out microcode updates to fix it on existing CPUs, a software solution (i.e., OS patches) is what’s left. Users and administrators should, therefore, implement Microsoft’s July security updates.
“The focus of our research was Microsoft Windows, as it was a low hanging fruit in terms of demonstrating the exploit. A quick analysis of the Linux kernel revealed that although it contains a gadget which may be used in an attack, it lies inside the Non- Maskable Interrupt (NMI) handler. We therefore believe that Linux would be difficult (if not impossible) to attack,” the researchers noted.
“A quick analysis of the Hyper-V kernel and of the Xen hypervisor kernel revealed that the SWAPGS instruction is not used, so exploitation is impossible. Other operating systems and hypervisors have not been investigated, although Microsoft, during the coordination of the disclosure, notified all the interested partied about this vulnerability.”
Also, since the SWAPGS instruction is present only on x86-64, they don’t expect other CPU architectures, such as ARM, MIPS, POWER, SPARC or RISC-V to be vulnerable.
“However, we don’t exclude the existence of other similarly sensitive instructions that may execute speculatively,” they added.
Botezatu also noted that, while the company’s Hypervisor Introspection technology can detect attacks and mitigate the risk of attack by instrumenting each vulnerable SWAPGS instruction and making sure it won’t execute speculatively, operating system patches should be the first line of defense.
The company said that they expect Apple devices not be vulnerable, but that the final and definite say on that should come from Apple.
Bitdefender is scheduled to present their findings at Black Hat USA 2019.
==================================================================
What is a TPM? Post #245761
Excerpt from the first link in that post:
TPM: How does it work? The basic advantages of a TPM over traditional software are that a TPM can generate keys, store secrets and take measurements all within the secure boundary of a physical hardware chip - independent of a PC's operating system and its core processor.
This means that the TPM keys cannot be copied or exported, the secrets it stores cannot be stolen or used unknowingly and the measurements it takes cannot be altered by malware.
==================================================================
This article shows an important and valuable part of an enabled TPM in it being able to protect secrets (ie. passwords)!!! This could eliminate the effect of the leaking of sensitive information by storing it in the TPM rather than the operating system or processor. Given the potential ramifications discussed in the article above, organizations could immensely benefit from an enabled TPM in addition to many other ways!! Please see Wave's website for those other ways.
==================================================================
wavesys.com
Banks could get fined for cyber breaches, top regulator says
https://www.cnn.com/2019/08/01/investing/fdic-cyber-hack-fine/index.html
New York (CNN Business) — Cybersecurity is the biggest threat facing America's banks, FDIC Chairman Jelena McWilliams told CNN Business.
"It's something we take very seriously," McWilliams said during an interview this week.
Capital One (COF), which is not regulated by the FDIC, recently revealed a massive cyber breach that exposed sensitive information on more than 100 million customers.
McWilliams, a Trump-appointed regulator who helps oversee about 4,000 mostly smaller lenders, said the FDIC could fine a bank that suffers a major breach after failing to fix weak cyber defenses flagged by the agency.
"We could certainly have an enforcement action," she said at the KBW Community Bank Investors Conference.
Beyond a fine, McWilliams said shoddy cyber defenses could force regulators to downgrade their ratings on bank management teams.
Last month, Facebook (FB) was hit with an unprecedented $5 billion fine by the Federal Trade Commission over how the company lost control of massive amounts of personal data. It was the largest fine in FTC history.
McWilliams said the FDIC is "monitoring" the cyber defenses and "continuously" testing the safety and structure of banks' networks and firewalls. The agency then flags deficiencies, orders banks to fix them and monitors whether progress has been made.
An FDIC spokeswoman told CNN Business that the agency has in the past taken enforcement actions against banks for IT-related issues, including for failure to monitor third-party service providers. The FDIC declined to say whether those actions included fines.
McWilliams noted that the FDIC has "limited ability" to examine third-party service providers.
In the Capital One breach, the hacker exploited a misconfigured web application firewall, according to authorities. That gave the hacker access to 140,000 Social Security numbers, 1 million Canadian Social Security numbers, 80,000 bank account numbers and an undisclosed number of people's names, addresses, credit scores and other information.
McWilliams warned that more high-profile breaches could occur in the future.
"I don't suspect that the hackers will stop doing what they do," she said, adding that banks must "continuously" update their protections and firewalls to prevent attacks.
Some major American banks have spent billions of dollars on technology, including investing in cybersecurity and anti-money laundering. Banks have also tried to hack their own systems and even offered awards to ethical hackers who discover weaknesses.
"Protecting the banks and protecting consumer data is prohibitively expensive," McWilliams said.
The FDIC chief said that cybersecurity is the No. 1 risk facing large banks and the banking system as a whole
In addition to cyber, community banks are also facing competitive pressure from credit unions, nonbank lenders and even tech companies.
==================================================================
Please see Capital One post # 245788 for the impact to security by firewalls. Wave has better security solutions. (See https://www.wavesys.com/ for more information.)
'prohibitively expensive' - The TPM security chip is already built into banks' computers and information on the TPM is posted on Wave's website and at the 'What is a TPM?' - post #245761. The organization needs only to buy the software security (Wave VSC 2.0) at less than half the cost, and it works effectively!! (please see article below for a major financial services company using Wave VSC 2.0 for an important part of their security!!). An example of a two factor authentication token is RSA Securid.
==================================================================
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
https://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Wins competitive evaluation against market leader in two-factor authentication tokens
Lee, MA -
December 17, 2015 -
Wave Systems Corp. (NASDAQ: WAVX) announces a five-year master licensing agreement (MLA) with a leading global corporation (as determined by the 2015 Fortune Global 500 List) for its Virtual Smart Card 2.0 solution. This MLA sets the terms and pricing for licenses and maintenance across the customer’s global organization and establishes it as their preferred two-factor authentication solution. Instead of one large license purchase for the entire organization, each of the customer’s subordinate divisions will make separate orders in accordance with the terms of this MLA.
The first purchase of 2,000 VSC 2.0 licenses under this agreement, when added to a previous purchase, completes the requirement for the customer’s global IT division. That division will now lead the internal effort to standardize the remaining 150,000+ endpoints within their organization with the new Wave VSC 2.0 solution. While there are no minimum order requirements under the agreement, discussions for additional orders are underway.
“Our five-year agreement with this customer is the first very large scale contract for VSC 2.0 and is an important milestone for Wave,” said Bill Solms, President and CEO of Wave Systems. “This customer is a major global financial services company and their standards for protecting their systems from unauthorized access and the integrity of their data are of the highest order. Wave had to pass a very rigorous technical and business review to win the competition. We believe that this client’s decision to choose Wave Virtual Smart Card 2.0 over their incumbent solution gives us tremendous credibility in the two-factor authentication market. We will remain engaged with this company in order to complete the additional sales and deployments in the months ahead.”
Wave Virtual Smart Card 2.0 is a tokenless, hardware-based, two-factor authentication solution that offers superior security at less than half the cost of comparable solutions. It is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7, 8 and 10. It also provides management support for the Microsoft Virtual Smart Card on Windows 8 and 10. Wave’s VSC solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, significantly lower total cost of ownership, and a greatly reduced risk of unauthorized access.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure Passphrase and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with both TPM 1.2 and TPM 2.0 security chips
==================================================================
For more information on Wave's solutions, please see link below.
https://www.wavesys.com/contact-information
53% of enterprises have no idea if their security tools are working
https://www.helpnetsecurity.com/2019/07/31/are-security-tools-working/
The majority of organizations don’t know if the security tools they deploy are working, and are not confident they can avoid data breaches, according to AttackIQ.
AttackIQ released the report based on Ponemon Institute research evaluating the efficacy of enterprise security strategies. Ponemon surveyed 577 IT and IT security practitioners in the United States who are knowledgeable about their organization’s IT security strategy, tactics and technology investments.
“The significant number of security experts who have observed a security control falsely reporting it blocked a cybersecurity attack is alarming,” said Larry Ponemon, founder and chairman of Ponemon Institute.
“When processes and solutions like this fail, many companies respond by throwing more money at the problem. Further security spending needs to be put on hold until enterprise IT and security leaders understand why their current investments are not able to detect and block all known adversary techniques, tactics and procedures.”
According to the findings, organizations are investing heavily in cybersecurity technologies, but their IT teams are unsure if these tools are working as expected in terms of truly protecting the network. Key data points include:
•Companies surveyed are spending an average of $18.4 million annually on cybersecurity
•58 percent of companies will be increasing their IT security budget by an average of 14 percent in the next year
•53 percent of IT experts admit they don’t know how well the cybersecurity tools they’ve deployed are working
•63 percent of respondents said they have observed a security control reporting it blocked an attack when it actually failed to do so
•Only 39 percent of respondents say they are getting full value from their security investments
Despite deploying many different cybersecurity solutions, companies are not confident their technology investments, staff and processes can reduce the chances of a data breach.
This lack of confidence stems largely from uncertainty in the efficacy of cybersecurity tools and the ability of staff to identify gaps in security and to respond to security incidents in a timely manner. Key data points include:
•Companies deploy on average 47 different cybersecurity solutions and technologies
•Less than half of IT experts are confident that data breaches can be stopped with their organization’s current investments in technology and staff
•56 percent of respondents say a reason data breaches still occur is because of a lack of visibility into the operations of their security program
•Only 41 percent of respondents say their IT security team is effective in determining gaps in IT security infrastructure and closing those gaps
•75 percent of respondents say their IT security team is unable to respond to security incidents within one day
IT experts believe penetration testing is effective in uncovering cybersecurity gaps, but many are not conducting penetration testing on a continuous basis. Key data points include:
•57 percent of respondents say their IT security teams conduct penetration testing
•65 percent of respondents say their penetration testing is very effective or effective in uncovering security gaps, but almost one-third have no set schedule for penetration testing and only 13 percent conduct penetration testing daily
•Only 48 percent of respondents say their organization leverages a continuous security validation (CSV) platform that allows them to determine how well security solutions are performing, but 68 percent of these respondents say their CSV platform is effective in finding security gaps
“Companies are spending far too much money on cybersecurity solutions without knowing if they are effective,” states Brett Galloway, CEO of AttackIQ.
“More than half of the experts surveyed admit they are in the dark about how well the technologies they have are working and if they’re truly effective, which is alarming considering companies are relying on these technologies to protect sensitive information including customer data.”
==================================================================
The title of this article is alarming!! Wave has solutions that have been tested and used successfully by well renowned organizations. Wave helps stop the bad guys from accessing an organizations' network and its data!! This article, Wave customers and Wave's website reveal why organizations should be using Wave VSC 2.0 - a two factor authentication solution, and Wave ERAS. Wave's solutions would give these enterprises a much better idea that their security tools (Wave solutions) are working than what is currently on the market!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Capital One announces massive data breach; lone suspect arrested in Seattle
https://www.cyberscoop.com/capital-one-data-breach-credit-cards/
Financial giant Capital One announced a large data breach Monday, with the company saying that one person accessed personal information of approximately 100 million people in the United States and 6 million in Canada who had applied for or are currently considered users of the company’s credit cards.
Additionally, the FBI arrested a woman in Washington state who is suspected of hacking into the company to obtain that information. Paige A. Thompson was arrested Monday and appeared in federal court in Seattle.
According to the complaint, Thompson allegedly took wide swaths of personal information from Capital One’s cloud storage instances on March 22 and March 23. The company stored the data taken by Thompson on Amazon Web Services.
The company says this information included names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income. The information ranged from 2005 to early 2019.
Additionally, Capital One says the following information was obtained:
•Customer status data such as credit scores, credit limits, balances, payment history and contact information.
•Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.
•About 140,000 Social Security numbers of credit card customers.
•About 80,000 linked bank account numbers of secured credit card customers.
•Approximately 1 million Canadian Social Insurance Numbers.
According to the FBI, a misconfigured firewall allowed Thompson to access a list of more than 700 folders that contained the data. Sometime shortly thereafter, Thompson allegedly posted on GitHub that she was in possession of the data.
The company was made aware of the breach on July 17 when someone emailed Capital One via their security disclosure email contact and informed it the data was publicly posted on GitHub.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Capital One chairman and CEO, said in a press release. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The company says it will be make free credit monitoring and identity protection available to everyone affected.
In a press release issued Monday, Capital One said it expects the incident to cost the company between $100 million and $150 million this year. It also stated it has a cyber insurance package with a total coverage limit of $400 million.
Thompson was a former employee of Amazon Web Services from 2015 to 2016, according to her LinkedIn profile. If convicted, she faces a five-year prison sentence and a fine up to $250,000.
You can read the full complaint below.
=================================================================
Capital One Breached by Cloud Insider in Major Attack
https://www.infosecurity-magazine.com/news/capital-one-breached-by-cloud?utm_source=twitterfeed&utm_medium=twitter
Capital One has announced a major breach of customers’ personal data, affecting over 100 million Americans and a further six million in Canada.
The financial institution blamed “unauthorized access by an outside individual” who has been arrested by the FBI and is now in custody.
“The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019,” the firm explained.
“This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.”
However, the trove also included 140,000 Social Security numbers, 80,000 linked bank account numbers and one million Canadian Social Insurance numbers.
The bank blamed a “configuration vulnerability” exploited by the suspected attacker, but said “this type of vulnerability is not specific to the cloud.
“The elements of infrastructure involved are common to both cloud and on-premises data center environments,” it added.
In fact, according to a statement from the US Department of Justice, it appears as if the individual is “a former Seattle technology company software engineer” at a cloud computing provider who posted the details of the breach on GitHub.
Reports suggest the person in question, Paige Thompson, worked at Amazon Web Services.
“The intrusion occurred through a misconfigured web application firewall that enabled access to the data,” it revealed.
“On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft. After determining on July 19, 2019, that there had been an intrusion into its data, Capital One contacted the FBI.”
The revelation that a tech insider stole highly sensitive customer data from a client should not affect the overall migration to public cloud environments, according to Igor Baikalov, chief scientist at Securonix.
“Capital One is a standout in the financial institutions community by going public cloud while most of its peers hedged the risk by implementing additional security controls around their private clouds,” he argued.
“This fact alone shouldn't be considered a setback for the adoption of public cloud. It should rather be viewed as another harsh reminder of the importance of third-party security and insider threat programs for both providers and consumers of public cloud services."
==================================================================
Its baffling to see Wave have solutions that would stop the person in the articles from getting all this information and companies are still using firewalls. There are so many instances of firewalls being misconfigured that it makes much more sense to use Wave VSC 2.0 and Wave ERAS to help protect the data. 'Only allowing known and approved devices accessing the network' is a simple message that Wave has that should spread to the masses through the help of ESW/Wave marketing and through partners. Not using these solutions is costing companies millions of dollars. This is also the type of information in the cloud that should be encrypted by using Scrambls for files (see post # 245738). Simple...
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Microsoft buys a start-up whose software limits access to sensitive data
https://www.cnbc.com/2019/07/29/microsoft-buys-bluetalon-adds-it-to-azure-data-governance-team.html
BlueTalon’s software works with data stored in open-source file system Hadoop and other databases.
The BlueTalon buy comes months after Microsoft bought Citus Data, which specializes in the PostgreSQL database.
Microsoft said Monday that it has acquired BlueTalon, a start-up whose software can prevent people from accessing certain high-value data that companies keep. Terms of the deal weren’t disclosed.
Over time, the acquisition could help Microsoft’s campaign to get companies feeling more comfortable with the idea of keeping sensitive data in its Azure public cloud, which competes with Amazon and other companies.
The move continues Microsoft’s pattern of commercializing tools that fall outside of the company’s own technology stack. Microsoft derives revenue when people run the open-source Linux operating system in its cloud, despite its heritage as the maker of proprietary Windows. Microsoft now owns GitHub, a place where developers go to get and contribute to many open-source software projects.
The company has also become more active around data storage mechanisms that don’t necessarily involve Microsoft’s own SQL Server database software. Earlier this year Microsoft bought Citus Data, a start-up that specialized in helping companies use the open-source PostgreSQL database.
BlueTalon’s technology works with a variety of systems for storing data, including Hadoop, Spark and PostgreSQL. The software lets people run queries on sensitive data to make observations, while not revealing the actual underlying information.
This acquisition will enhance our ability to empower enterprises across industries to digitally transform while ensuring right use of data with centralized data governance at scale through Azure,” Rohan Kumar, corporate vice president for Azure Data at Microsoft, wrote in a blog post.
BlueTalon has about 30 employees listed on LinkedIn. They are joining Microsoft’s Azure Data Governance group, BlueTalon CEO Eric Tilenius wrote in his own blog post.
“We began exploring partnership opportunities with various hyperscale cloud providers to better serve our customers, Microsoft deeply impressed us. The Azure Data team was uniquely thoughtful and visionary when it came to data governance,” Tilenius wrote.
BlueTalon was founded in 2013 and was based in Redwood City, California.
==================================================================
What if a company doesn't want to have queries on their sensitive data? 'Scrambls for files' in the cloud could provide better privacy protection for companies along with Wave's MFA solution (Wave VSC 2.0)!! Wave ERAS and Wave VSC 2.0 could limit access to sensitive data by not allowing unknown and unapproved devices on the network and 'Scrambls for files' (see post #245738) could keep queries from working for gathering certain sensitive data. Better security at less than half the cost!!
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/
https://www.wavesys.com/contact-information
50% of organizations believe attackers can infiltrate their networks each time they try
https://www.helpnetsecurity.com/2019/07/25/stop-cyber-attacks/
As organizations increase investments in automation and agility, a general lack of awareness about the existence of privileged credentials – across DevOps, robotic process automation (RPA) and in the cloud – is compounding risk.
According to the CyberArk Global Advanced Threat Landscape 2019 Report, less than half of organizations have a privileged access security strategy in place for DevOps, IoT, RPA and other technologies that are foundational to digital initiatives.
This creates a perfect opportunity for attackers to exploit legitimate privileged access to move laterally across a network to conduct reconnaissance and progress their mission.
Preventing this lateral movement is a key reason why organizations are mapping security investments against key mitigation points along the cyber kill chain, with 28 percent of total planned security spend in the next two years focused on stopping privilege escalation and lateral movement.
Proactive investments to reduce risk are critical given what this year’s survey respondents cite as their top threats:
•78 percent identified hackers in their top three greatest threats to critical assets, followed by organized crime (46 percent), hacktivists (46 percent) and privileged insiders (41 percent).
•60 percent of respondents cited external attacks, such as phishing, as one of the greatest security risks currently facing their organization, followed by ransomware (59 percent) and Shadow IT (45 percent).
Security barriers to digital transformation and the privilege priority
The survey found that while organizations view privileged access security as a core component of an effective cybersecurity program, this understanding has not yet translated to action for protecting foundational digital transformation technologies.
•84 percent state that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials and secrets are secured.
•Despite this, only 49 percent have a privileged access security strategy in place for protecting business critical applications and cloud infrastructure respectively, with even fewer having a strategy for DevOps (35 percent) or IoT (32 percent).
•Further, only 21 percent understood that privileged accounts, credentials and secrets exist in containers, 24 percent understood that they exist in source code repositories and 30 percent understood that they are present in privileged applications and processes such as RPA.
“Organizations are showing increasing understanding of the importance of mitigation along the cyber kill chain and why preventing credential creep and lateral movement is critical to security,” said Adam Bosnian, executive vice president, global business development, CyberArk.
“But this awareness must extend to consistently implementing proactive cybersecurity strategies across all modern infrastructure and applications, specifically reducing privilege-related risk in order to recognize tangible business value from digital transformation initiatives.”
Global compliance readiness
According to the survey, a surprising 41 percent of organizations would be willing to pay fines for non-compliance with major regulations, but would not change security policies even after experiencing a successful cyber attack.
On the heels of more than $300M in GDPR fines being levied on global organizations for data breaches, this mindset is not sustainable.
The survey also examined the impact of major regulations around the world:
•GDPR: Less than half (46 percent) are completely prepared for breach notification and investigation within the mandated 72 hour period.
•Australia’s Data Breach Notification Law: 62 percent of Australian respondents reported that they were completely prepared to comply with the entirety of the statute, which came into force in February 2019.
•California Consumer Privacy Act (CCPA): Only 37 percent are ready for this legislation to go into effect in 2020; 39 percent are actively working to meet deadline requirements.
==================================================================
The title of this article shows a sad statistic when Wave solutions like Wave VSC 2.0 and Wave ERAS can prevent unauthorized (unknown and unapproved) users from accessing an organization's network. The hacker's difficulty is he/she has to have the PIN and TPM (the computer) to be able to access the network when an organization is using Wave!! Wave has many partners who could help spread their simple and powerful message. Post #245762 (In simple terms...) applies to governments, but could also apply to other organizations as well!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/wave-alternative
https://www.wavesys.com/contact-information
New York strengthens cyber-security and consumer privacy protections with new law broadening definition of “breach”
http://www.nydailynews.com/news/politics/ny-shield-act-new-york-law-data-breach-security-20190725-nlbrbrc4mfg6jffde5ef2s4xru-story.html
Excerpt:
The new law also widens the parameters of what counts as a breach, making it so that companies must notify consumers when any of their information is accessed, as opposed to being acquired. It also requires that companies implement “reasonable safeguards” to protect consumer data.
==================================================================
Unknown and unapproved devices would not be able to access the network when Wave VSC 2.0 and Wave ERAS are being used by an organization (see bolded underline below). So it seems that the marketing help of ESW/Wave would reveal to organizations this strong benefit of Wave VSC 2.0 and Wave ERAS to avoid a major problem (unauthorized access) soon caused by the Shield Act!! It would be forward thinking by organizations to prepare for the Shield Act ahead of time because of this potential unauthorized 'access', and to stop breaches in the first place!!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Ransomware incident leaves some Johannesburg residents without electricity
https://www.zdnet.com/article/ransomware-incident-leaves-some-johannesburg-residents-without-electricity/
Some residents of South Africa's biggest city left without electricity after ransomware hits city power provider
A ransomware infection at an electricity provider in the city of Johannesburg, South Africa's biggest city and financial capital, has left some of its residents without power.
The ransomware infection impacted City Power -- a provider of pre-paid electric power for Johannesburg residents and local companies.
The malware encrypted the company's database, internal network, web apps, and official website.
City Power admitted to getting infected in a series of tweets the company posted on its official Twitter account.
The infection, which took root yesterday, is now preventing customers from buying electrical power units, or feeding (selling) electrical power back into the grid, which some residents are producing from solar panels.
Business Insider South Africa is reporting that today, July 25, is also a standard payday for many South Africans, and usually a day when many use their salaries to pay for new electricity packages for the upcoming month.
On Twitter, there have been quite a few Power City customers who complained over the last 12 hours about blackouts at their homes and across the city, and not being able to buy new electricity.
City Power is owned by the City of Johannesburg. The company also said the ransomware has made it more difficult to respond to outages at the same speeds as in the past, due to a lack of access to internal applications.
The company said it was increasing the number of support teams it was keeping on standby, in case of an emergency.
City Power didn't disclose the name of the ransomware that impacted its systems.
Cities increasingly targeted by ransomware gangs
The city of Johannesburg is not the first municipality to have its network infected by ransomware, although it is one of the luckiest.
Some cities have paid huge ransom demands to get access back to city files they hadn't secured via backups -- such as Riviera Beach City, Florida ($600,000); Lake City, Florida ($500,000); and Jackson County, Georgia ($400,000).
Cities in Atlanta and Baltimore have gone through large-scale ransomware infections that have crippled a wide array of city services, and the city ended up paying tens of millions of US dollars when rebuilding their IT networks.
Johannesburg can count its lucky stars that crooks didn't breach its main IT network. All in all, city networks, or city-connected services like City Power, have been increasingly targeted by ransomware gangs in recent months.
Report Finds New Deficiencies in IRS Data Security Security Controls
https://www.securityweek.com/report-finds-new-deficiencies-irs-data-security-security-controls
The Internal Revenue Service’s (IRS) information system security controls require further improvements, a new report from the United States Government Accountability Office (GAO) claims.
An audit of the IRS’ fiscal years 2018 and 2017 financial statements revealed that the agency maintained effective internal control over financial reporting, but new information system security control deficiencies have been identified during GAO’s fiscal year 2018 testing.
“Although the significant deficiency in internal control did not affect our opinion on IRS’s fiscal year 2018 financial statements, misstatements may occur in unaudited financial information that IRS reports internally or externally because of this significant deficiency,” the report reads (PDF).
Of a total of 14 new information system security control deficiencies that were identified, eight were related to access control, four to configuration management control, one to segregation of duties, and one to contingency planning. GAO made 20 recommendations to address these deficiencies.
Of the eight access control deficiencies identified, three were found in identification and authentication, two affected authorization, and three others were related to cryptography.
Specifically, the IRS did not enforce requirements to use certificates to electronically sign documents; enforce limits for password age for user accounts on certain Oracle databases; use multifactor authentication for accessing certain applications; disable functions in an application to download the entire database; limit individual user account access to certain databases; encrypt certain servers; encrypt the email service; and enforce certain encrypted database connections.
In terms of configuration management control, the IRS did not implement mandatory access controls for an application; update unsupported database software and apply vendor-supplied patches for certain applications; update third-party software on workstations consistently; and upgrade certain outdated and unsupported software network devices.
The audit also discovered that the IRS allowed a non-administrator account to be included in an administrator group of accounts for one of its databases and that the agency assigned only one individual to administer the email service.
According to the report, as of September 30, 2018, the IRS had taken actions to address deficiencies associated with 46 of 154 recommendations from prior financial audits. With one deficiency and the associated recommendation no longer relevant, IRS has a total of 127 open recommendations related to identified deficiencies, including 107 recommendations that remained open as of September 30, 2018.
The IRS, the report points out, collects and maintains significant amount of personal and financial information on U.S. taxpayers, data that is essential for carrying out the mission and responsibilities for administering tax laws.
The agency has to protect this sensitive information to ensure taxpayers’ privacy is preserved and financial loss and damages resulting from identity theft and other financial crimes prevented. With the IRS heavily relying on computer systems for its operations, it must ensure these systems are secured to protect the sensitive financial and taxpayer data collected, the report underlines.
“While IRS continued to make progress in addressing information system security control deficiencies and successfully addressed a number of our prior recommendations, these new and continuing information system security control deficiencies, which collectively represent a significant deficiency, increase the risk that IRS’s financial reporting and taxpayer data will remain unnecessarily vulnerable to inappropriate and undetected use, modification, or disclosure,” the report reads.
==================================================================
Wave Systems Announces First U.S. Federal Government Customer for Wave Virtual Smart Card 2.0
https://www.wavesys.com/buzz/pr/wave-systems-announces-first-us-federal-government-customer-wave-virtual-smart-card-2.0
Lee, MA -
October 2, 2014 -
Wave Systems Corp. (NASDAQ: WAVX) marked an important sales milestone by announcing the first U.S. federal government customer for its Virtual Smart Card 2.0.
Since the Virtual Smart Card 2.0 became commercially available in late July 2014, Wave has entered into dozens of pilot deployments in multiple sectors, including healthcare, financial services, automotive, energy and utilities. However, today’s announcement marks the product’s first sale in the government sector.
“This is an important milestone for Wave,” said Bill Solms, CEO of Wave. “Wave Virtual Smart Card 2.0 has been purchased by a government agency with significant security requirements and one that requires redundant means of system authentication due to national security interests. This initial sale is modest compared to the addressable market within the Federal Government sector, but it is important to our strategy for marketing the Virtual Smart Card to address critical government infrastructure defense.”
“We believe that this sale, which was completed on a shorter sales cycle than we had anticipated, supports our view that customers are interested in the type of cyber security solution that Wave’s Virtual Smart Card 2.0 provides,” Solms added.
Wave Virtual Smart Card 2.0 is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7. It also supports Windows 8 and 8.1. Wave’s new solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, lower total cost of ownership, and a reduced risk of unauthorized use.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure PIN and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with TPM 1.2 or TPM 2.0
==================================================================
Government Security News Singles out Wave’s Virtual Smart Card Solution for Homeland Security Award
https://www.wavesys.com/buzz/pr/government-security-news-singles-out-wave%E2%80%99s-virtual-smart-card-solution-homeland-security-aw
Lee, MA -
November 15, 2013 -
Wave Systems Corp. (NASDAQ:WAVX)’s Virtual Smart Card offering has been named winner of the Government Security News’ (GSN) Homeland Security Award competition in the “Best Smart Card Solution” category. This is the second consecutive year that Wave has won this award.
“We’re honored to be recognized by Government Security News as the only vendor offering a complete virtual smart card solution for today’s enterprise – and, importantly, one that is compatible with Windows 7, 8 and 8.1,” said Bill Solms, CEO of Wave Systems. “We see virtual smart cards as a disruptive technology in the user authentication market, offering a more secure and cost effective alternative over more mature technologies.”
Virtual smart cards emulate the functionality of traditional smart cards, but offer added security and cost benefits. Businesses do not incur added material or operational costs (such as the purchase and shipping of external physical smartcards and smart card readers) because virtual smart cards are built into the device itself. Because of an embedded security chip called a Trusted Platform Module (TPM), which is standard equipment on business PCs, virtual smart cards cannot be lost or stolen. Additionally, enterprises gain the added security afforded by hardware-based security, ensuring that only known devices and known users are allowed access to corporate resources. Convenience is another benefit – employees never have to type domain credentials into their devices, improving user experience and reducing the time IT spends resetting forgotten passwords, while offering protection against credential theft.
“We judged an outstanding group of entries this year,” said Adrian Courtenay, Managing Partner, Government Security News. “We’re proud to announce that this year’s winners will be showcased in a digital edition of Government Security News, which will reach more than 40,000 subscribers – a well-deserved honor for Wave Systems and all of this year’s award recipients.”
Sponsors for GSN’s 2012 homeland security awards program included BRS Labs, Cardinal Point Strategies, Objectivity, Vanguard Integrity Professionals and Wave. For a complete list of finalists and pre-emptive winners, visit: www.gsnmagazine.com.
==================================================================
https://www.wavesys.com/
You need multi-factor authentication. Fast. You need Wave Virtual Smart Card.
Better security at less than half the cost.
Wave Virtual Smart Card 2.0.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/contact-information
How Cybercriminals Break into the Microsoft Cloud
https://www.darkreading.com/cloud/how-cybercriminals-break-into-the-microsoft-cloud/d/d-id/1335314
Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.
Even companies that previously said "no" to cloud are migrating their services and resources to cloud-based infrastructure. As they do, many are concerned about maintaining the cloud's rapid update pace and how the new paradigm exposes them to new types of security threats.
Moving to the cloud is one challenge. Knowing how to secure it afterward is another.
"One of the things I recognize, and certainly see for myself, is keeping up with changes at cloud scale is challenging, to say the least," says Mark Morowczynski, principal program manager at Microsoft. "Organizations go from 'never cloud,' to 'maybe cloud,' to 'cloud is an important business component,' and many are trying to figure out how to determine that risk."
It's a challenge from an administrative and operations perspective, he continues, adding that "ultimately the cloud is a huge paradigm shift for people." From Amazon Web Services to Office 365, there are countless applications that reside in the cloud. Identity protection, security settings, and vendor management are all different to track, and all affect organizational risk.
"We found that many organizations are struggling with what to do once they're in the cloud, and how to secure their cloud tenant," says Trimarc CTO Sean Metcalf. We're seeing a lot of customers are moving to a work-from-anywhere model, and one of the things with that is there's lots of good fundamentals and best practices we want people to be doing correctly."
A common concern among businesses is "I don't know what I don't know," he continues. Many organizations simply don't understand the risks, and they're moving into the cloud unsure of what they're doing. The challenge is compounded for those using Microsoft, Google, and Amazon cloud services, he adds, as security controls are often in different cloud environments.
At this year's Black Hat USA, Morowczynski and Metcalf will discuss threats specific to Microsoft cloud services in their talk, "Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)." The goal, Metcalf says, is to help people understand how to secure Microsoft cloud environments, common mistakes made, and which configurations could make them vulnerable.
"Our approach is very much focused on mitigating real world attacks," Metcalf adds.
One of the threats the duo plan to discuss is password spraying, which Morowczynski says is one of the most common attacks leveraged against Microsoft users. Historically, people have a "predictable pattern" in password reset policies: they change every 30 days and often switch their password to whatever month it is; for example, "July2019!"
Attackers recognize this behavior, he continues, so they keep a list of usernames and test the password against each one. If the system uses a legacy protocol that can't support MFA, the attacker will likely succeed. "Good fundamentals really go a long way in protecting against attacks," he notes, recommending companies abandon legacy authentication in favor of MFA.
Of course, "this isn't a new issue," Metcalf points out. "The on-prem environment password spray is something that's been pretty prevalent. It's just the fact that where the data is, what attackers want to get to, is located in the cloud."
As attackers pivot to the cloud, it's easier for them because the default configuration leaves these services available to the Internet at large, he explains. Organizations want their users to be productive from anywhere; with that access, an intruder could bounce around from a few different IP addresses to attempt to break into an account.
Metcalf describes a customer who had no MFA configured on any accounts, enabling an attacker to password-spray any environment. Because cloud and on-premise systems had the same passwords, they could break into one account, connect to a VPN, and gain access to a corporate environment. "That's an extension of how bad an attack like that can be," he says.
The two hope attendees take away a better understanding of security risks inherent to cloud services, how attackers exploit misconfigurations, and where they might be vulnerable. While their content is focused on Microsoft, some attack and defense topics apply to other providers.
==================================================================
One of the key features of Wave VSC 2.0 is that it secures cloud applications. After reading this article, there is a risk in using the cloud without an excellent MFA (Multi Factor Authentication) solution like Wave's (Wave VSC 2.0)!! Wave VSC 2.0 is simple to use, better security and less than half the cost!! Scrambls for files (currently in retirement, see post 245738) could also help with the security of the cloud!! Potential customers having their cloud environments protected by these two Wave solutions would happily put customers ahead of the competition. Additionally, using Wave solutions that could stop ransomware, malware and unknown devices and unknown users from accessing networks could also leave potential customers very satisfied!!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Get better security at less than half the cost
Passwords are weak. Tokens are expensive. Don’t compromise on security or price.
Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
What will you do with >50% TCO savings?*
Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.
Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.
When we say “secure”…
…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).
*Actual number may vary. Contact us today to receive more details and a free quote.
Key Features:
• Full lifecycle management of virtual smart cards
• Intuitive interface to create (or delete) virtual smart cards
• Command line option to create and delete virtual smart cards
• Flexible PIN policies
• Helpdesk-assisted PIN reset and recovery
• Generates reports for compliance
• Integrates with Active Directory
• Supports familiar use cases ? Virtual Private Network (VPN)
? Local logon
? Remote logon
? Remote desktop access
? Intranet/Extranet
? Cloud applications
==================================================================
The first link has information about Wave's solutions. The second link is how to contact Wave for more information!!
https://www.wavesys.com/
https://www.wavesys.com/contact-information
UK poor cyber security practice undermining controls
https://www.computerweekly.com/news/252466953/UK-poor-cyber-security-practice-undermining-controls
UK firms investing in the latest cyber security products and services risk this being undermined by poor security practices, a survey reveals.
UK businesses risk becoming victim to data breaches by failing to take the most basic of cyber security precautions, research shows.
More than four in 10 of 1,253 UK workers polled by IT services firm Probrand said their company had invested in new cyber security products and services in the past year.
However, 67% said they have a basic password that could easily be guessed or hacked, and 63% admitted that they do not change their password regularly, with almost half saying they have not changed their password since they began working at their company.
The data also revealed that more than 1 in 3 (37%) of UK workers report using insecure network connections such as public Wi-Fi or tethering to mobile phones when working remotely.
According to other research by Probrand, 43% of UK businesses polled have suffered a cyber breach or attack in the past 12 months.
Matt Royle, marketing director at Probrand, said that failure by employees to take the most basic steps to protect their company’s networks and data undermines investments in security technology and the work being done to raise the level of cyber security.
“Our findings have shown that a shocking number of UK businesses are struggling at the very basics, so we would encourage business leaders to monitor and regulate even the simple cyber security practices.
“Writing protocols into company handbooks and employee contracts are just some ways of doing this. As the data shows, as only 37% of employees regularly change their password, it’s clear that some internal training is needed,” he said.
A report published by endpoint management and security firm 1E in May showed that many organisations lack IT security and operations basics, including visibility across their IT operations.
The report said that UK and US businesses are still leaving their doors wide open to cyber attacks, despite significant security investments and focus.
In a panel discussion at the CyberUK 2019 conference in Glasgow in April, industry experts said organisations should ensure they are meeting all of the basic security requirements before investing in advanced security systems.
“If you still haven’t got a lot of the [basic] stuff fixed like two-factor authentication on Office 365, those are huge priorities relative to something like an AI-based anomaly detection box sitting on the network somewhere,” said Kris McConkey, threat detection and response lead partner at PricewaterhouseCoopers (PwC).
Speaking at InfoSecurity Europe 2019 in London in June, National Cyber Security Centre (NCSC) CEO Ciaran Martin said: “The biggest threat to online safety is poor cyber security.
“We have learned from analysing 1,600 national-level incidents that these attackers are often relatively simple, using low-level techniques and well-known malware that exploits weaknesses in out-of-date software.
“Typically, these attacks are not particularly advanced, persistent or threatening, so what we have learned is that the biggest threat to cyber security is weak cyber security and that is what needs the most attention.”
==================================================================
Wave VSC 2.0 is simple to use, better security and less than half the cost!!! PWC, a British company mentioned in this article had success with Wave two factor authentication for years. The situation outlined in this article could be helped by using Wave VSC 2.0 (a two factor authentication solution)!!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
==================================================================
Government Security News Singles out Wave’s Virtual Smart Card Solution for Homeland Security Award
https://www.wavesys.com/buzz/pr/government-security-news-singles-out-wave%E2%80%99s-virtual-smart-card-solution-homeland-security-aw
Lee, MA -
November 15, 2013 -
Wave Systems Corp. (NASDAQ:WAVX)’s Virtual Smart Card offering has been named winner of the Government Security News’ (GSN) Homeland Security Award competition in the “Best Smart Card Solution” category. This is the second consecutive year that Wave has won this award.
“We’re honored to be recognized by Government Security News as the only vendor offering a complete virtual smart card solution for today’s enterprise – and, importantly, one that is compatible with Windows 7, 8 and 8.1,” said Bill Solms, CEO of Wave Systems. “We see virtual smart cards as a disruptive technology in the user authentication market, offering a more secure and cost effective alternative over more mature technologies.”
Virtual smart cards emulate the functionality of traditional smart cards, but offer added security and cost benefits. Businesses do not incur added material or operational costs (such as the purchase and shipping of external physical smartcards and smart card readers) because virtual smart cards are built into the device itself. Because of an embedded security chip called a Trusted Platform Module (TPM), which is standard equipment on business PCs, virtual smart cards cannot be lost or stolen. Additionally, enterprises gain the added security afforded by hardware-based security, ensuring that only known devices and known users are allowed access to corporate resources. Convenience is another benefit – employees never have to type domain credentials into their devices, improving user experience and reducing the time IT spends resetting forgotten passwords, while offering protection against credential theft.
“We judged an outstanding group of entries this year,” said Adrian Courtenay, Managing Partner, Government Security News. “We’re proud to announce that this year’s winners will be showcased in a digital edition of Government Security News, which will reach more than 40,000 subscribers – a well-deserved honor for Wave Systems and all of this year’s award recipients.”
Sponsors for GSN’s 2012 homeland security awards program included BRS Labs, Cardinal Point Strategies, Objectivity, Vanguard Integrity Professionals and Wave. For a complete list of finalists and pre-emptive winners, visit: www.gsnmagazine.com.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Researchers Claim They Bypassed Cylance's AI-Based Antivirus
https://www.securityweek.com/researchers-claim-they-bypassed-cylances-ai-based-antivirus
Researchers at Australia-based cybersecurity firm Skylight claim to have found a way to trick Cylance’s AI-based antivirus engine into classifying malicious files as benign.
Cylance, which last year was acquired by BlackBerry and is now called BlackBerry Cylance, told SecurityWeek it has launched an investigation to determine if the researchers’ findings are valid or if their method works as a result of a misconfiguration of the product.
Artificial intelligence and machine learning are increasingly used by cybersecurity products, often being advertised as a solution to many problems, and even described by some as a silver bullet. However, Skylight researchers claim to have demonstrated that AI-based threat detection can be bypassed by malicious actors.
The experts reverse engineered the Cylance antivirus engine and identified what they described as a bias towards an unnamed video game. Researchers believe that Cylance products may be giving special treatment to files associated with this game due to its popularity.
They discovered that taking specific strings from the game’s main executable and appending them to the end of a known malicious file causes the security product to classify it as harmless.
“We chose Cylance for practical reasons, namely, it is publicly available and widely regarded as a leading vendor in the field,” Skylight said in a blog post. “However, we believe that the process presented in this post can be translated to other pure AI products as well.”
Skylight has conducted tests on known hacking tools such as Mimikatz, ProcessHacker and Meterpreter, and malware such as CoinMiner, Dridex, Emotet, Gh0stRAT, Kovter, Nanobot, Qakbot, Trickbot and Zeus.
It achieved a success rate of over 83% in bypassing the Cylance engine when tested against 384 malicious files. The score assigned by the product to the files in many cases shifted from -900, which indicates that the file is clearly malicious, to 900, which indicates that the file is harmless.
“The concept of a static model that lasts for years without update may hold theoretically, but it fails in the arena,” Skylight explained. “Granted, it is harder to find a bias in an AI model than to bypass a simple AV signature, but the cost of fixing a broken model is equally expensive.”
“We believe that the solution lies in a hybrid approach. Using AI/ML primarily for the unknown, but verifying with tried and tested techniques used in the legacy world. This is really just another implementation of the defense in depth concept, applied to the endpoint protection world,” the company added.
Skylight made its findings public without giving BlackBerry Cylance the chance to investigate the issue, but the company has not released detailed technical information to prevent abuse.
“We did not consider this to be a software vulnerability, rather a bypass, for which disclosure is less common,” Shahar Zini, the CTO of Skylight, told SecurityWeek. “Also we had no intention of making the information required to actually bypass Cylance public anyway. In any event, Cylance have been provided with the required information for the fix.”
BlackBerry Cylance said in an emailed statement that it’s “aware that an unvalidated potential bypass has been publicly disclosed by researchers without prior notification.”
“Our research and development teams are looking into whether the issue is a true bypass or due to some misconfiguration of the product on the researchers part or other similar factors. If the bypass is determined valid, remediation efforts will occur immediately. More information will be provided as soon as it is available,” the company stated.
Gregory Webb, CEO of Bromium, a company that provides malware protection through application isolation, commented, “The breaking news on Cylance really draws into question the whole concept of categorizing code as ‘good or bad’, as researchers were able to just rebadge malware as trusted – they didn’t even have to change the code. This exposes the limitations of leaving machines to make decisions on what can and cannot be trusted.”
“Ultimately, AI is not a silver bullet, it’s just the latest craze in doing the impossible – i.e. predicting the future,” Webb added. “While AI can undoubtedly provide valuable insights and forecasts, it is not going to be right every time and will always be fallible; ultimately predictions are just that, predictions, they are not fact. As this story shows, if we place too much trust in such systems' ability to know what is good and bad we will expose ourselves to untold risk – which if left unattended could create huge security blind spots, as is the case here.”
==================================================================
https://www.wavesys.com/malware-protection
Excerpt:
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
https://www.wavesys.com/products/wave-endpoint-monitor
==================================================================
If you are an organization interested in the anti-malware product market, would you rather have an anti-malware solution like Wave Endpoint Monitor or anti-virus software or an AI anti-virus product like Cylance's? After reading this article, the malware protection link, and Wave Endpoint Monitor link, it looks like an easy choice!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
UK Government Staff Lost 500+ Devices Last Year
https://www.infosecurity-magazine.com/news/uk-government-staff-lost-500?utm_source=twitterfeed&utm_medium=twitter
UK government workers have lost over 500 mobile devices and laptops over the past year, with just a small percentage ever recovered, according to new research from MobileIron.
The security vendor issued Freedom of Information (FOI) requests to nine government departments, all but one of which replied.
It found that public sector employees managed to lose 508 mobiles and laptops between January 2018 and April 2019.
It’s unclear whether these devices were password protected and/or if the data on them was encrypted, or if they had a remote wipe functionality to protect sensitive information. However, attackers could theoretically gain access to sensitive accounts if a device gets into the wrong hands without proper security controls in place.
“As the amount of business data that flows across devices, apps, networks, and cloud services continues to increase, it is essential that organizations have the right security protocols in place to minimize risk and prevent unauthorized access to sensitive data if a device is lost or stolen. Even one lost or stolen device provides a goldmine of readily accessible and highly critical data to potential fraudsters and hackers,” argued MobileIron UK and Ireland regional director, David Critchley.
The answer is to implement a zero-trust model, whereby users are forced to authenticate at all times, he said.
“This approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user,” he added. “The zero-trust model allows organisations, including government departments, to significantly reduce risk by giving them complete control over their business data – even on lost or stolen devices.”
It’s not just the government that has been found wanting regarding the loss of devices. Last year, an FOI request revealed that the BBC had reported over 170 lost or stolen devices over the previous two years.
==================================================================
It's my understanding that the laptops in the 500+ devices wouldn't have to be reported missing under GDPR for other organizations because of SED technology!! With EX05 (technology that Wave bought), Wave SED management could help protect missing or stolen laptops and the chances for recovery could be much higher than depicted in this article. For smartphones (see Wave joins ARM post near the end) - 'offer central control over devices which are lost or stolen to protect sensitive data'. At the same time Wave can manage all the TPMs being used in an organization while they use Wave's outstanding TPM based solutions (see wavesys.com for these solutions and why they are so important to an organizations cybersecurity)!! If the UK government losing 500+ devices is indicative of the rest of the organizations in the World, the rest of the World along with the UK government could really use Wave's technology!!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Enterprises choose Wave to manage SEDs
Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.
SEDs are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to encrypt. They also perform this encryption in the hardware of the drive, so you don’t end up with the performance issues software full-disk encryption is infamous for. SEDs are available as HDD or SSD, and are sold by most major drive manufacturers.
Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.
Easy proof of compliance
Your encryption is only as good as you can prove it to be. To comply with most data protection regulations, your organization has to prove encryption was in place at the time of a potential breach. Wave provides secure audit logs to help you demonstrate compliance.
If you lose a device with a Wave-managed SED, there’s no wondering or guessing. You know encryption was on by default, and you can prove it.
No vendor lock-in
SED technology was created and standardized by a consortium of the best in the infosec industry, a standards body called the Trusted Computing Group (TCG). This means you can buy your drives wherever you want, from whatever vendor you want—any SED built to the TCG’s Opal specification can be managed by Wave.
No SEDs yet? No problem.
If your organization hasn’t yet deployed SEDs, you can skip the process of retro-fitting and simply incorporate SEDs on all new laptops as part of your regular refresh cycle. In the meantime, the same Wave console can manage BitLocker and SEDs, so you can protect the devices you have now with BitLocker and add those with SEDs as they are deployed. And if you’re using Wave’s cloud platform, you can also support OSX FileVault2.
Pick your platform
Wave SED management is available via the cloud or on-premise servers. Ask us for more details about which platform is right for your deployment.
Key Features:
Easy security compliance
• Active monitoring, logging and reporting of all user and device events
Data protection
• Local changes are prohibited
• Drive locking is supported in sleep or standby (S3) modes
• Manage clients inside or outside the firewall and on non-domain machines
Simplicity
• Everything is automatically encrypted—users don’t have to identify which data is sensitive
• Windows password synchronization and single sign-on
• Add or remove users remotely
• MMC snap-in is familiar and easy—less administrator training
• Role management allows delegation of tasks with customized or predefined roles.
No compromises
• Encryption is completely transparent to your users—they won’t even notice it's there
• Customizable pre-boot message at authentication screen
Lenovo NAS Firmware Flaw Exposes Stored Data
https://www.darkreading.com/vulnerabilities---threats/lenovo-nas-firmware-flaw-exposes-stored-data-/d/d-id/1335263
More than 5,100 vulnerable devices containing multiple terabytes of data are open to exploitation, researchers found.
Thousands of users of Lenovo network-attached storage devices are at risk of data compromise via a firmware-level vulnerability.
The flaw, which is present in certain models of the NAS products, allows unauthenticated users to view and access data stored on the devices, and is trivially easy to exploit via the Application Programming Interface, researchers from Vertical Structure and WhiteHat Security said this week.
An initial investigation of the issue uncovered at least 5,114 of the devices exposed on the Internet with over 3 million files vulnerable to the issue. But the total number of such at-risk Lenovo storage systems could be higher.
The researchers found that Google had already indexed several of these exposed devices, resulting in some 13,000 spreadsheet files with 36 terabytes of data available on the Web. Many of exposed files had sensitive data in them, including credit card numbers and financial records.
"The API is completely unauthenticated and provided the ability to list, access, and retrieve the files remotely in a trivial manner," says Simon Whittaker, director at Vertical Structure. "It is similar to thousands of open [AWS] S3 [storage] buckets being discovered."
The devices impacted by the issue include several models of Iomega's StorCenter and LenovoEMC's series of NAS systems. Several of the impacted models have reached end-of-life status, so Lenovo is no longer supporting or maintaining them.
High Severity Issue
In an alert Tuesday that lists all impacted devices, Lenovo described the vulnerability as high severity because it allows unauthenticated access to files on NAS shares via the API. The company urged users of vulnerable devices to immediately update their firmware to the latest available version.
In situations where a user might not be immediately able to update the firmware for any reason, they should remove any public shares and use the device only on trusted networks, Lenovo said. By taking this measure organizations can achieve "partial protection" from the vulnerability, according to the vendor.
Whittaker says Vertical Structure uncovered the issue last fall when a routine Shodan scan unearthed a collection of unmarked files that researchers were later able to trace back to external hard drives from Iomega. After some investigating, the researchers found the external hard drives would leak information through specially crafted requests via an API, but not through their Web interface, he says.
Researchers from Vertical Structure then worked with counterparts from WhiteHat Security to confirm the vulnerability and later inform Lenovo about it.
In the devices found directly accessible from the Internet, all that an attacker would need to grab data from them is knowledge of the NAS's IP address, Whittaker says. And for devices not directly accessible from the Internet, an attacker would need to be on the same network in order to exploit the vulnerability, he says.
When Lenovo itself was first informed of the issue, the company pulled three versions of its NAS software out of retirement so users could continue to utilize their product while a fix was being readied, Vertical Structure said.
The firmware update the company has released fundamentally changed the API and the Web interface, in order to secure it, Whittaker explains.
The data in the vulnerable devices presents a treasure trove of information about people and organizations, he notes. "By putting this information online they assumed it would be secure and protected by the username and password," Whittaker says. "But this was incorrect."
==================================================================
If there was a ransomware attack and these back up drives were exploited, it would seem that Lenovo would also want to protect its customers' with Lenovo computers that had their SEDs initialized (by Wave SED management) or else have them buy new computers that have SEDs. This could protect the computers on the front end in case of a ransomware attack! If Lenovo computers were protected by using SEDs and Wave SED management and NAS devices were encrypted, ransomware attacks could be a thing of the past!! Wave was bundled in many millions of Lenovo computers so it seems that they could work effectively with Lenovo at helping to stop ransomware. BS and SKS, unfortunately are with other companies, but it seems like ESW/Wave could get Lenovo/ESW-Wave more strongly together.
==================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Excerpts:
Enterprises choose Wave to manage SEDs
Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.
SEDs are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to encrypt. They also perform this encryption in the hardware of the drive, so you don’t end up with the performance issues software full-disk encryption is infamous for. SEDs are available as HDD or SSD, and are sold by most major drive manufacturers.
Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.
Nearly 20% of Organizations Still Run Windows 7
https://www.infosecurity-magazine.com/news/nearly-20-of-organizations-still?utm_source=twitterfeed&utm_medium=twitter
Despite the awareness that in six months Microsoft will officially end its support for its nearly 10-year-old operating system, Windows 7, 18% of large enterprises have not yet migrated to Windows 10, according to new research from Kollective.
At the start of 2019, researchers found that 43% of companies were still running Windows 7. Of those, 17% didn’t even know about the end of support. In its most recent analysis of 200 US and UK IT decision makers, the report revealed that organizations have a long way to go to prepare for the much anticipated end of Windows 7 support.
Six months later, 96% of IT departments have started their migration, and 77% have completed the move. However, given that the migration from Windows XP to Windows 7 reportedly took some firms more than three years to complete, companies that have not started migration are at risk of missing the final deadline.
In order to aid organizations in deploying a new OS to all endpoints, Microsoft has provided different options for companies still running Windows 7, one of which includes an extended support package at an annual cost of up to $500,000 for a company with 10,000-plus endpoints, the research said.
“The combined versions of Microsoft Windows operating systems equal more than 50 percent of global operating system usage. Windows 10 has the lion’s share of the market, which bodes well for security since Microsoft’s support for Windows 7 will end in January 2020,” wrote the Center for Internet Security (CIS), which released the CIS Controls Microsoft Windows 10 Cyber Hygiene Guide on July 11.
“Though many businesses are better prepared now than they were for the end of Windows XP, the move to Windows 10 comes with its own set of challenges,” said Dan Vetras, CEO of Kollective. “The migration itself is only the first step. IT managers moving to Windows 10 now have to prepare their networks for increasingly frequent ‘as a service’ updates to the OS. They will need to ensure their networks are ready for more testing, more roll outs and more network congestion to keep up to date.”
==================================================================
Some companies may take awhile to fully convert to Windows 10. Wave VSC 2.0 with protection for Windows 7 as well as Windows 8, 8.1 and 10 could be part of the better cybersecurity that companies are willing to increase their cybersecurity spending on. This technology along with Wave's other solutions that help protect against malware and ransomware could finally be what these fortunate organizations discover with ESW/Wave's help.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Organizations expect to boost their cybersecurity investments by 34%
https://www.helpnetsecurity.com/2019/07/15/boost-cybersecurity-investments/
Annual losses from cyberattacks averaged $4.7 million in the last fiscal year — with more than one in 10 firms losing over $10 million —according to a new report from ESI ThoughtLab in conjunction with Willis Towers Watson and other organizations specialized in cybersecurity and risk management.
The study covered 467 firms across multiple industries in 17 countries revealing that companies worldwide expect to boost their cybersecurity investments by 34% in the next fiscal year, after raising them by 17% the previous year.
About 12% of companies surveyed plan to bolster their cybersecurity investments by over 50%. Additionally, since last year, the percentage of companies seeing a significant impact from cybercriminal activities — such as installation of ransomware — has soared, from 57% to 71%.
Peter Foster, chairman, Willis Towers Watson Global FINEX Cyber and Cyber Risk Solutions, said, “It is clear from the findings that companies are experiencing escalating impacts this year from key adversaries, including cybercriminals, malicious insiders and state-sponsored hackers, often from jurisdictions beyond the reach of local law.
“Establishing a continuous assessment through an integrated risk approach to cyber is critical for mitigating this ever-growing risk.”
The research shows that to combat evolving risks, companies need to take a proactive, multilayered defense. Firms are responding by allocating the biggest share of their budgets to technology, while seeking the right balance between investments in people and process.
They are also focusing more on risk identification to address emerging vulnerabilities and are investing more in resilience to ensure they can respond quickly to successful attacks.
Other calls to action from the study include:
•Make sure you are investing enough in cybersecurity. Some industries, such as media and consumer markets, are allocating less and may be more exposed to cyber risks.
•Think of cybersecurity like any other existential threat to your business. The risks are not just about privacy, liability and stealing data; huge operational risks can also occur if business is interrupted, with reputational impacts that can hurt market positions.
•Pay attention to risks from partners and your supply chain. As firms draw on ecosystems of third parties to drive digital transformation, they increase their vulnerabilities to cyber risks.
•Be aware that legal and regulatory risks are also rising substantially. Companies that do not comply with new standards face hefty penalties and legal consequences.
•Measure your full losses, costs and returns. When hit by a successful cyberattack, you need to understand all your costs — direct and indirect, tangible and intangible.
The survey was carried out in the spring of 2019 as part of a global research initiative titled The Cybersecurity Imperative.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Wave Joins ARM TrustZone Ready Program
https://www.wavesys.com/buzz/pr/wave-joins-arm-trustzone-ready-program
Committed to Helping Chip Manufacturers Implement Industry Standard Security for Mobile Platforms
Lee, MA -
September 26, 2012 -
Wave Systems Corp. (NASDAQ:WAVX) today announced that it has joined the ARM TrustZone® Ready Enablement Program to provide support and infrastructure for implementing enterprise security capabilities in mobile devices. As a partner in the program, Wave joins other industry leaders in helping chip manufacturers design and implement new industry standard security capabilities within ARM’s TrustZone architecture to enable full cross-platform interoperability across PCs, tablets, smartphones and other mobile devices.
TrustZone Technology (developed by ARM, the world’s leading semiconductor IP supplier) is a System-on-Chip security concept that involves a hardware-isolated space for a Trusted Execution Environment (TEE). Once integrated, core security services such as cryptography, storage and user interfaces can enable services to be deployed with a new level of security and convenience.
The primary goal of ARM's TrustZone Ready enablement program is to guide chip and device manufacturers to design robust, industry-certified security architecture into their products that will meet the needs of service providers looking to deploy secure services on secured platforms. Companies that implement system-wide security into their platforms can benefit from this program through a cohesive set of design blueprints, market requirements, and checklists aligned with industry standards.
“Smart phones, tablets and other devices are essential for today’s enterprise, and require access to sensitive applications and data. While these devices have excellent security for the mobile operator’s services, they lack basic security for use within an enterprise network,” commented Steven Sprague, Wave’s CEO. “ARM, with the TrustZone Ready Program, is taking the lead in making sure that standards-based security implemented in the TrustZone Trusted Execution Environment (TEE) is integrated into chipsets for mobile devices. Wave is committed to sharing its expertise in Trusted Platform Module (TPM) implementations, application development and trust infrastructure support.”
“Wave’s infrastructure for managing TPM and TPM-mobile-enabled devices will allow enterprise users to exploit the full capabilities of Trusted Computing Group standards across multiple device types,” added Jon Geater, Director of Technology for ARM Secure Services Division and Board Representative of ARM at GlobalPlatform. “ARM welcomes Wave into the TrustZone Ready Program as a valuable partner that will bring secure enterprise services to TrustZone secured devices running GlobalPlatform Trusted Execution Environments.”
Eliminating passwords, Providing Health Measurements for mobile devices
The TPM, shipped on more than half a billion PCs, is a cryptographic component built on specifications from the Trusted Computing Group. The TPM brings strong, enterprise-grade security features to consumer devices that are widely deployed in enterprise networks. The TPM for mobile devices is uniquely designed to support the security needs of multiple stakeholders, allowing enterprises to provide strong security in end-user applications, satisfy the security requirements of third-party application developers, and support other parties.
With a TPM Mobile implemented within the hardware-based security boundaries of ARM’s TrustZone and protected by a full function Trusted Execution Environment, enterprises will be able to take advantage of the strong security of the TPM in the following ways:
• Protect corporate devices and user identities
• Measure and attest to the integrity and health of the mobile device
• Implement secure network access
• Provide secure messaging for corporate traffic
• Reduce the need for user passwords, with reliance on the device itself as a strong authentication token for access to services and data, including cloud-based functions.
• Offer central control over devices which are lost or stolen to protect sensitive data
Increased emphasis on trusted computing is driving the security industry toward hardware-based technologies that offer improved access control, encryption, and the early detection of malware. With Wave’s industry-leading trusted computing solutions, customers are empowered to secure endpoint data, protect data-in-motion and ensure that only trusted devices gain access to the enterprise network. Wave’s solution will provide enterprises with cross-platform interoperability between PCs and mobile devices for trusted computing-based functions and applications.
==================================================================
Given ARM joining the TCG, it appears that Wave was ready 7 years ago and with other catalysts, this should give ESW/Wave a big advantage in the mobile endpoint security market now! This is a very interesting article!!
Technology Brief - TPM Mobile
Mobile Security: Device Authentication and Health
https://www.wavesys.com/system/files/03-000335.1.02_TB_TPM-Mobile.pdf
https://www.wavesys.com/technology-brief-tpm-mobile
==================================================================
This is an older PDF, but shows how Wave was prepared to make an entrance in the mobile market. Arm joining the TCG back in June could be the gate that opens up the TPM-Mobile/TEE market. ESW/Wave has some of the key pieces to massively expand and activate the trusted device market!! With mobile being a highly lucrative market, it would make sense for ESW/Wave to further pursue it!!
This new ransomware is targeting network attached storage devices
https://www.zdnet.com/article/this-new-ransomware-is-targeting-network-attached-storage-devices/
NAS devices are often used to store critical data and back-ups - but many are exposed to the open internet and the cybercriminals behind eCh0raix are taking advantage.
A newly discovered form of ransomware is is targeting network storage devices by brute-forcing weak credentials and exploiting known vulnerabilities in their systems.
Dubbed eCh0raix after a string of code, the new form of file-locking malware emerged in June and has been detailed by cybersecurity researchers at Anomali. The ransomware specifically targets QNAP network attached storage (NAS) devices produced by Taiwanese firm QNAP systems, which has offices in 16 countries and customers around the world.
Several vulnerabilities have been discovered in QNAP NAS devices in recent years, although the company has patched them after they've been discovered and disclosed. However, many organisations struggle to apply patches in a timely manner.
The attacks are opportunistic, with the initial infection coming via unsecured, internet-facing ports and the use of brute-force attacks to bypass weak login credentials. NAS devices make appealing targets for cybercriminals dealing in ransomware, because they're used to store critical data and back-ups – but despite this the devices don't tend to be equipped with security software.
"Publicly exposed systems and devices expand overall attack surfaces and increase the potential for vulnerabilities to be exposed and exploited," Joakim Kennedy, threat intelligence manager in the Anomali threat research team told ZDNet.
"Ransomware attacks are going to continue as a way for threat actors to attempt to monetize their efforts and to disrupt operations for other objectives".
Written in the Go programming language and described as very simple – the source code is fewer than 400 lines - eCh0raix checks to see if the files are already encrypted, before reaching out to a command-and-control server to begin the encryption process and create an AES-256 encryption key to lock the files with a .encrypt extension.
Users are presented with a ransom note informing than that all their data has been locked and directing them to a Tor website to make the ransom payment in bitcoin – users are also warned not to tamper with the encrypted data.
Researchers suggest spelling errors in the ransom note indicate that those behind the ransomware aren't native-English speakers.
In order to protect NAS devices against ransomware attacks, it's recommended that users restrict external access to them so that they can't be found from the outside internet. It's also recommended that security patches are applied and strong credentials are employed to protect systems from brute-force attacks.
==================================================================
This article just shows another reason to use SEDs and Wave SED management to combat ransomware!! One of the other reasons is the extra wasted time and headaches to reconstruct the data with 'proper backups' after a ransomware attack that wouldn't happen with Wave and SEDs. Post #245712 sheds more light on SEDs and Wave SED management as it relates to ransomware attacks.
=================================================================
https://www.wavesys.com/
Arm Security Technologyies joins @trustedcomputin, driving towards secure devices everywhere
#IndustryNews
— Trusted Computing (@TrustedComputin) July 10, 2019
Arm Security Technologies joins @trustedcomputin, driving towards secure devices everywhere.
Discover: https://t.co/rhdQXWPR0F
Maryland Govt Agency Breach Exposes Names, SSNs of 78K People
https://www.bleepingcomputer.com/news/security/maryland-govt-agency-breach-exposes-names-ssns-of-78k-people/
==================================================================
Like the wearing of the seatbelt law, what if an enabled TPM became the law and/or there was a warning light on the computer (like on a car dashboard) if the TPM was not enabled?? Certainly, cybersecurity would show a vast improvement!! Without having a warning light or displaying a warning message for a computer with a TPM not enabled, a company like Microsoft in the future might be held liable for cyber attacks because the user or organization wasn't warned!!
==================================================================
There are over 2 Billion of these TPMs in existence!! The breaches that happened to the Maryland government above shouldn't be happening!!! Wave ERAS and Wave VSC 2.0 with enabled TPMs could prevent these types of breaches from happening again and again! These two solutions with enabled TPMs wouldn't allow 'unauthorized' (unknown and unapproved) devices from entering the network to steal data.
What is a TPM?
https://www.wavesys.com/what-tpm
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
The Federal Data Strategy is a Trump Plan We Should All Support
https://www.nextgov.com/ideas/2019/07/federal-data-strategy-trump-plan-we-should-all-support/158153/
The information the American public provides to the federal government each year is valued at $143 billion. In other words, each household in the country provides $1,133 worth of data to government, spending an average of 90 hours per year filling out tax forms, responding to surveys, or completing documentation to prove eligibility for services.
Needless to say, our government collects a lot of data, imposing a tremendous burden on the American public. If the American public is going to be burdened to provide this information, shouldn’t the government use it effectively?
A Unique Opportunity with the Federal Data Strategy
The Trump administration recently finalized a plan—the Federal Data Strategy—that aims to improve the federal government’s ability to gather insights from data over the next decade, laying out expectations for every federal agency to develop ethical governance processes, design programs to plan for data use and promote continuous learning and improvements in agencies.
If successful, the Federal Data Strategy will enhance how government agencies organize, prioritize and share information. The plan is unique for government: It’s stakeholder-driven, it’s bipartisan and it’s reasonable.
When the President’s Management Agenda was announced by the Trump administration in 2017, there were signs that the discussion about data was changing. The management plan included a goal unlike the others. That goal did not set out to tackle immediate wins like hiring a certain number of employees or reducing inefficient costs—instead, the goal prioritized the need for government to recognize data as a strategic asset.
The goal itself aimed to change the culture of government to better collect, share and use data. But changing cultures isn’t as simple as writing a strategy or plan, it requires leadership, commitment, and time.
Recognizing the need to change government’s data culture, the Trump administration took the rare step of acknowledging that in the short-term the best course of action was consensus-driven strategic planning. That was the genesis of the Federal Data Strategy.
Achieving a Data-Informed Culture
While the administration was in the process of developing the strategy, Congress passed the Foundations for Evidence-Based Policymaking Act. This law strengthens certain privacy protections, encourages data accessibility, and establishes new data-related leadership roles in government, such as chief data officers and evaluation officers.
Ironically, the new law passed during the government shutdown last winter. During that period, some government data became less accessible, certain data collection activities were paused, and there are unknown effects on the quality of information. The publication of the strategy itself was delayed by months as a consequence of the government shutdown.
This is precisely why we need a strong, consensus-driven Federal Data Strategy: Government data are too important to the country to falter when elected leaders fail to compromise. Whether determining the weather during the day or using real estate apps on a smartphone to look at houses, government data are pervasive in modern society and our daily lives. The American public relies on government information to make decisions.
In order to succeed in using data strategically, government has much work to do beyond avoiding shutdowns. Much government data is under-analyzed or unused. Creating more useable systems, aligning policy frameworks, training the workforce, and planning for emerging needs are key features of achieving success.
Next Steps
Now that the 10-year vision for the Federal Data Strategy is complete, the White House is in the process of developing a specific set of tasks over the next year. And the White House is asking for the American public to provide written or verbal feedback on the plan.
The Federal Data Strategy is a promising start to recognizing government data as a strategic asset. It presents a cohesive plan. It encourages agencies to work across traditional silos that limit data use. It articulates a realistic strategy.
But it doesn’t cover every priority. It doesn’t even address all the aspects of new data legislation enacted in early 2019. To succeed in its goals and in changing government’s data culture, the Trump Administration must ensure the strategy and specific action items are useful, perceived as beneficial by agencies, and sustain the plan across leadership changes. That’s how government can ensure data are a strategic asset, today and well into the future.
==================================================================
The protection of the data should be key consideration of this strategy. Only known and approved devices for sensitive networks should be used. Otherwise, there could be a $143 billion breach waiting to happen!!! Wave solutions could be valuable technologies that protects this breach or series of breaches from happening!!! If NASA (see post #245760) is any indication of what could happen with all of this data, using Wave solutions would be a smart, fast (Wave MFA) choice for the strategy!! If ESW/Wave could point this out to the U.S. government, the U.S. government could potentially save billions of dollars and prevent the stress that would go along with a large breach by using Wave solutions (Wave VSC 2.0 and Wave ERAS in particular).
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Financial Industry Hit By Surging Numbers of Cyber-Incidents
https://www.infosecurity-magazine.com/news/financial-industry-hit-by-cyber-1/?utm_source=dlvr.it&utm_medium=twitter
Financial services companies in the UK were hit by 819 cyber-incidents, which were reported to the Financial Conduct Authority in 2018. According to a freedom of information (FOI) request made by accountancy firm RSM, the data showed that there had been a huge rise from the previous year, with 69 reported in 2017.
Retail banks were hit the hardest and had the highest number of reports (486), which is almost 60% of the total. This was followed by wholesale financial markets on 115 reports and retail investment firms on 53.
The majority of reports found that the root causes of the incidents were attributed to third-party failure (21%). Hardware and software issues followed (19%) and change management (18%). The information also shows that there were 93 cyber-attacks in 2018 reported to the FCA, with over half of them identified as phishing attacks, and 20% ransomware.
Steve Snaith, a technology risk assurance partner at RSM, believed that this surge is probably linked to more proactive reporting to the FCA, but worries that there are still many more non-disclosed incidents: “We suspect that there is still a high level of under-reporting and failure to immediately report to the FCA a significant attempted fraud against a firm via cyber-attack could expose the firm to sanctions and penalties.
“As the FCA has previously pointed out, eliminating the threat of cyber-attacks is all but impossible,” he continued. “While the financial services sector emerged relatively unscathed from recent well-publicised attacks such as NotPetya, the sector should be wary of complacency given the inherent risk of cyber-attacks that it faces.”
In 2019, Metro Bank became the first major retail bank to fall victim to the SS7 exploit, which showed momentum continued into the next year. Hackers were able to intercept an additional layer of security offered by Metro Bank, which asks customers to type in a code sent by text message to their phones to confirm transfers and payments.
Snaith also pointed out that some of the incidents were down to human error or IT environments being mismanaged: “The requirements for Privacy Impact Assessments as a formal requirement of GDPR/DPA2018 should hopefully drive a greater level of governance in this area.”
Nigel Hawthorn, data privacy expert at McAfee, commented: “Financial institutions must find the right combination of people, process and technology to effectively protect themselves from attacks and human error, detect any threats as soon as they appear and, if targeted, rapidly correct systems. This means redoubling efforts in training and managing user activities to quickly detect any unusual activity which may signal an attack as well as protecting against accidental errors from staff or partners. With the prospect of damaged customer trust and fines from the FCA or ICO looming as the result of a data breach, the stakes have never been higher.”
=================================================================
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
https://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Wins competitive evaluation against market leader in two-factor authentication tokens
Lee, MA -
December 17, 2015 -
Wave Systems Corp. (NASDAQ: WAVX) announces a five-year master licensing agreement (MLA) with a leading global corporation (as determined by the 2015 Fortune Global 500 List) for its Virtual Smart Card 2.0 solution. This MLA sets the terms and pricing for licenses and maintenance across the customer’s global organization and establishes it as their preferred two-factor authentication solution. Instead of one large license purchase for the entire organization, each of the customer’s subordinate divisions will make separate orders in accordance with the terms of this MLA.
The first purchase of 2,000 VSC 2.0 licenses under this agreement, when added to a previous purchase, completes the requirement for the customer’s global IT division. That division will now lead the internal effort to standardize the remaining 150,000+ endpoints within their organization with the new Wave VSC 2.0 solution. While there are no minimum order requirements under the agreement, discussions for additional orders are underway.
“Our five-year agreement with this customer is the first very large scale contract for VSC 2.0 and is an important milestone for Wave,” said Bill Solms, President and CEO of Wave Systems. “This customer is a major global financial services company and their standards for protecting their systems from unauthorized access and the integrity of their data are of the highest order. Wave had to pass a very rigorous technical and business review to win the competition. We believe that this client’s decision to choose Wave Virtual Smart Card 2.0 over their incumbent solution gives us tremendous credibility in the two-factor authentication market. We will remain engaged with this company in order to complete the additional sales and deployments in the months ahead.”
Wave Virtual Smart Card 2.0 is a tokenless, hardware-based, two-factor authentication solution that offers superior security at less than half the cost of comparable solutions. It is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7, 8 and 10. It also provides management support for the Microsoft Virtual Smart Card on Windows 8 and 10. Wave’s VSC solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, significantly lower total cost of ownership, and a greatly reduced risk of unauthorized access.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure Passphrase and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with both TPM 1.2 and TPM 2.0 security chips
For more information, visit: Wave Virtual Smart Card 2.0
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Scammers Prey on Instagram Vanity and ‘Verified Account’ Status
https://threatpost.com/scammers-prey-on-instagram-vanity-and-verified-account-status/146075/
=================================================================
Facebook could benefit by having Wave Knowd (on potential hiatus) and have strong authentication (please see article below). It could protect Facebook, Instagram and its users and especially with regard to something as sensitive as Facebook's Libra! This Instagram problem could be a thing of the past with Wave Knowd!! And Libra could have strong security with Wave Knowd! It certainly seems that Wave was ahead of its time in the creation of this solution!!
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
Lee, MA -
May 9, 2013 -
Wave Systems Corp. (NASDAQ: WAVX), the Trusted Computing Company, today announced Wave Knowd, a new web service available for preview that significantly reduces the vulnerability and use of passwords by leveraging the unique identity of computing devices. With a simple integration of Wave Knowd, any website can establish reliable and consistent identity relationships with the devices its customers use most often for Internet services. Wave Knowd, which signifies “Known Devices,” is being tested by partners to provide the backbone for general purpose machine identity.
“The maturation of the web mandates a change in how we, and our computing devices, connect to the web,” said Steven Sprague, Wave CEO. “With cable television, satellite radio, bank kiosks and mobile phones, the service relationship is tied to the endpoint device. The web needs the security and simplicity of this same model, where our computing devices themselves play an added role in authentication. I access dozens of web services every day from the computer in my home office, and want those sites to know and trust my PC so they’ll stop continually asking me to log in. Wave Knowd enables that trust.”
To make web authentication stronger and simpler, Wave Knowd provides a new approach to signing on and accessing Cloud and Internet services. From online banking to business services and even consumer gaming, passwords are failing to provide a level of security that either service providers or users can trust. Knowd is built upon the concept that only known devices should ever access a protected network. Knowd incorporates all of your access and identity solutions together to establish a relationship of trust between users’ computing devices, and the web services they access.
“We interact online using so many devices now, but from a security perspective those devices aren’t all equal. Accessing medical records or confidential business files from my kid’s smartphone is certainly not as trustworthy as connecting from my business PC with an encrypted drive,” continued Mr. Sprague. “Wave Knowd is all about making the Web simpler and safer, and that new foundation of trust begins with known devices, and known capabilities.”
Once machine identity is established, any web site—from gaming, social networking or shopping; to banking, business and financial services—can use Wave Knowd to create a reliable and persistent identity for the connecting device. Knowd allows Web sites to streamline access for users who repeatedly log on from trusted devices, while bolstering security. Initial authentication creates a unique and anonymous relationship between each computing device and each web service accessed, and then the level of trust between the two grows over time. Knowing the device can also help the site prevent fraud and phishing, or simply provide quicker no-password access. Wave is the partner helping to create and manage these relationships.
“Wave Systems was the obvious choice to provide ID Dataweb’s attribute exchange with device identity services,” said David Coxe, CEO at ID Dataweb. “In Knowd, Wave has provided a system that is rooted in state of the art device security technologies such as the Trusted Platform Module and other secure elements, while also offering a simple web based integration. It’s easy to identify if a connecting device is highly trusted, or whether it requires added screening and security.”
ID Dataweb uses Wave’s Knowd solution as part of the Identity Ecosystem supported through a grant from the U.S. Department of Commerce’s National Institute of Standards and Technology’s NSTIC initiative (National Strategy for Trusted Identities in Cyberspace). ID Dataweb has created a standards-based platform to simplify online identity verification using OpenID credentials.
Providing the Tools to Manage Trust in the Cloud: What’s Your Trust Score?
Wave Knowd is a powerful enhancement for any website. The endpoint identity service links an individual users’ unique device identity, with the Internet services that are typically protected only by username and password access. Users are prompted by their cloud service provider to register their primary computing devices to create a unique and persistent device identity relationship with their Internet services and service providers. No personal ID information is obtained by Wave, as Knowd works purely as a machine identity service. Furthermore, registered devices are given a unique ID for every service provider, establishing a separate trust relationship with each service.
Wave Knowd asserts a Trust Score that helps both consumers and cloud services or relying parties to determine the level of trust granted to each specific computing device. For example, a home PC that is used regularly for banking will quickly build a high Trust Score. Users can achieve a higher Trust Score by installing a small software application (Wave Knowd currently supports Windows 7 and 8, with Apple and Android to follow later this year). Business-class PCs containing a standard Trusted Platform Module (TPM) can establish even greater trust by leveraging the TPM security chip to create and securely store a unique device ID.
Knowd provides a web service with a new capability to enable or disable features based on the device that the user is actively using, providing a new security option for the end user. Perhaps an account password can only be reset from the user’s registered home computer and not from anywhere in the world, thereby linking in all of the user’s investment in the security of their home, from their alarm system to the doorman. Every web service can benefit from integrating Wave Knowd as part of the user’s experience.
Snapdragon 855 Becomes the First Mobile Chip to Receive BSI Security Certification
https://www.technadu.com/snapdragon-855-first-mobile-chip-bsi-security-certification/71450/
BSI approves the first ever mobile System on Chip, with Qualcomm Snapdragon 855.
•This takes the security level of the particular chip to the smart card level.
•This paves the way for further adoption of eSIMs and cryptocurrency wallets on the mobile.
Qualcomm’s Snapdragon 855, which is to be found on most of this year’s flagship phones have received the “Common Criteria EAL-4+” security certification, becoming the first ever mobile SoC (System on Chip) to attain this accolade. The particular seal of approval is considered the gold standard in the field, as the German certification organization (Bundesamt für Sicherheit in der Informationstechnik) who issues it, is very strict in its evaluation. The relevant statement from Qualcomm was the following:
“Completing the EAL-4+ security certification is a major milestone in our journey to bring smart card levels of security to our Snapdragon customers and users. Use cases that previously required separate security chips will now be fully integrated into Snapdragon 855 powered devices. This certification is a testament to the industry firsts that Snapdragon 855 brings to market and Qualcomm Technologies’ continued leadership in embedded security.”
What this means for the consumers is that the Qualcomm Snapdragon 855 has received smart card level of security assurance, and so the SoC will be enough on its own to ensure the security of your passwords, sensitive data, encryption keys, two-factor authentication tokens, etc. The removal of the “smart card” requirement will result in a lower cost for these complete SoCs, and hopefully, consumers will be able to benefit from this cost-cutting development in the near future.
From a practical perspective, there are two elements that will receive a boost now, and this is the adoption of eSIMs and the use of smartphones for the management of cryptocurrency wallets. eSIMs have been around since 2013, but they were first supported by an actual device in 2016, and their adoption hasn’t quite taken off yet. One of the reasons for the reluctance of the manufacturers was the safety complications that arise from the use of embedded SIM units, but with Snapdragon 855 this worry can be finally crossed off.
Similarly, the rise of the blockchain technologies and the use of cryptocurrencies which are soon to go completely mainstream calls for more secure SoCs. Chips like the Snapdragon 855 pave the way to this new age, with its TPM (Trusted Platform Module) playing a pivotal role on that part. Will people start using crypto wallets more on their 2019 flagships? Maybe they will, or perhaps not yet, but Snapdragon 855 will definitely bring something that is well needed as we enter the age of 5G, and that is higher levels of security on the SoC level.
==================================================================
There are two items that come to mind after reading this article:
1. These TPM based phones could potentially be managed by Wave along with possible multiple branded TPMs in an organizations' device fleet!! It maybe easier for customers to have one Wave management console as opposed to multiple companies to manage all of their organizations' different TPMs (if they have multiple TPMs)!
2. This piece of news could cause users/organizations to demand the TPM Mobile in their existing phones!! Older Samsung smartphones with Trustzone, the TPM Mobile, and Wave software could provide these smartphones with a new level of TPM based security!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Telcos Pwned: Multi-Wave Attacks Stealing 'Obscene Amount of Data' From Providers
https://www.securityweek.com/telcos-pwned-multi-wave-attacks-stealing-obscene-amount-data-providers
China-Linked Hackers Have Breached Deep Inside Teleco Providers and Have Complete Control of Data and Networks
Researchers have uncovered a major international espionage campaign that is ongoing and has been in progress for several years. The targets, the purpose, and the TTPs strongly suggest that this is a nation-state operation that most probably originates from China.
Cybereason Nocturnus researchers have discovered that attackers have gained such a strong presence in numerous telecommunications companies that they effectively control the networks. From within those networks they are able to run their own queries to discover -- and exfiltrate -- mobile phone users' call data records at will.
"What we're talking about," Amit Serper, head of security research at Nocturnus, told SecurityWeek, "is a global campaign against mobile telecoms companies. The attackers are hacking into the service providers, completely controlling the network, and exfiltrating an obscene amount of data out of them. We're talking about gigabytes of data."
This means that if a person of interest's mobile phone number is known to the attackers, they can get a complete view of that person's life: "Where you live, when you get up, where you work, who you speak to, which route you take to get to work -- basically, a complete outline map of your day," said Serper. "This information is only relevant to an intelligence service. This is an intelligence gathering operation by a foreign nation. So far, everything points very strongly back to China."
The user details are obtained from within the target network. These are not attacks that break in and steal whole databases. The attackers gain presence and then query the databases from inside the networks and only download responses of interest. Overall, hundreds of gigabytes have been downloaded, but always in relatively smaller amounts to avoid egress detection.
Hundreds of millions of phone users around the world are affected, and Cybereason's Nocturnus researchers believe that the primary targets may be foreign intelligence agents, politicians, opposition candidates in an election, or even law enforcement officers -- and the primary purpose is espionage.
While the phone number is the key to most searches, the network occupation is so thorough that it could be used to identify new persons of interest. Regular routes between a residential area and an FBI office could, for example, indicate the phone number of an FBI agent. "It's just a question of developing the right queries," Serper told SecurityWeek
After detecting the attack against one of its own customers, Cybereason scanned for similar tools elsewhere and discovered them with other telecommunications companies around the world. "That's when we realized that this is a global campaign, and not just something targeting a single company," Serper told SecurityWeek.
The threat actor made sure that each payload has a unique hash, and some payloads were packed using different types of packers, both known and custom. Nevertheless, the primary tools used in the attacks are similar. A modified version of the China Chopper shell was used for initial compromise, with custom built web shells used in later stages of the attack.
A modified version of Nbtscan was used to identify available NetBIOS name servers locally or over the network, while multiple Windows built-in tools were used for various tasks, including whoami, net.exe, ipconfig, netstat, portqry, and more. WMI and PowerShel commands were used for various tasks.
The Poison Ivy RAT, commonly associated with Chinese state actors, was used to maintain access across the compromised assets.
A modified version of Mimikatz was used to dump credentials, while WMI and PsExec were employed for lateral movement. Winrar was used to compress and password-protect stolen data, and a modified version of hTran was used to exfiltrate the data.
This is a long-term and ongoing operation. Serper told SecurityWeek that he had seen evidence that the campaign goes back at least seven years. The attackers are now so deeply embedded in their victims' systems that they effectively own the networks. Their approach has been different to the usual approach of breaking in, and stealing and exfiltrating as much data as quickly as possible. These attackers have broken in, and quietly consolidated their position.
They have obtained all the networks' credentials allowing them to query databases from within the telecommunications companies. There is no need for large-scale and noisy data exfiltrations -- the attackers can simply search for and steal specific call records. It is such low, slow and stealthy occupation that has enabled the hacks to remain undetected for so long.
One worrying aspect is that the intrusion is so deep and complete, the attackers could easily take down the networks -- which are these days part of a country's critical infrastructure. Nocturnus stresses that it is unable to definitively attribute the attacks, but points out that it is typical Chinese state behavior -- gain access for reconnaissance purpose and just stay there.
The big question whenever a state actor is involved -- and this is clearly state-sponsored activity -- is which nation is the aggressor. "When we look at the tools and the methodologies, it screams APT10 or APT1 or APT3," Serper told SecurityWeek. "Any one of those could be involved. The strongest likelihood is APT10."
But he stressed that this cannot be definitively proven. "The thing is," he continued, "the tools that are used in this operation are not new tools. Sometimes there are new versions of old tools -- but it's not like the state-of-the-art tools that APT10 is using nowadays."
There could be two reasons for this. "Firstly," he said, "this is an old operation that has been going on for years -- and in some cases we have indications that it goes back as far as seven years -- so it could be that it is APT10 still using old tools so as not to reveal their new ones. That's one option." Secondly, he added, "The other option is that many of these old tools have leaked online. So, a skillful attacker could take these tools and modify them and customize them and use them again. So it's either APT10 using old tools, or it's someone who is trying very hard to make it look like it's APT10. But all the data we have supports the idea that this is APT10."
==================================================================
Wave solutions could solve these big problems for these Telco organizations, and their networks. It's so surprising that Wave solutions have existed for these 'unknown devices on networks' for quite sometime and many organizations are still relying on cybersecurity solutions that don't work. These telcos are using the same cybersecurity solutions that many other organizations are and they aren't working. Well renowned organizations have tested and used Wave Solutions, and it has worked well for them. Why not use solutions (Wave) that work well rather than have a Nation State successfully hack the organization for 7 years?!
==================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/
https://www.wavesys.com/contact-information