Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Why the focus is shifting to boards on cyber security
https://www.ft.com/content/c70caa94-2d88-3ece-b802-79e9bac2f32c
Great article on Board of Directors' and large asset management firms' relationships around cybersecurity and their approaches.
I believe Wave could simply market their awesome products to these highly influential parties.
How the Equifax hack happened, and what still needs to be done
https://www.cnet.com/news/equifaxs-hack-one-year-later-a-look-back-at-how-it-happened-and-whats-changed/
A year after the revelation of the massive breach, there's unfinished business.
Excerpt:
The thieves spent 76 days within Equifax's network before they were detected. According to the report, the hackers stole the data piece by piece from 51 databases so they wouldn't raise any alarms.
=================================================================
These hackers should have been unknown to the network and therefore not allowed access. That would have been the case if Equifax was using Wave's ERAS. See links below for more details on how Wave's awesome products can effectively keep hackers out of company and government networks and much more. It's a revolution in the making! imo.
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/
US government releases post-mortem report on Equifax hack
https://www.zdnet.com/article/us-government-releases-post-mortem-report-on-equifax-hack/
GAO report takes us inside Equifax from March 2017 onward, showing how a few slip-ups led to one of the biggest breaches in US history.
The Government Accountability Office (GAO) has published a report to detail how the Equifax hack went down and how the credit reporting company answered during and after the incident.
The report comes a day before the one-year anniversary of the public announcement of the Equifax breach that exposed the personal details of 145.5 million Americans, but also of millions of British and Canadian citizens.
Some of the details included in the report were already known and previously reported, but there was also some new information. Below is a summary of the most important details surrounding the Equifax hack included in GAO's reconstruction of events.
On March 8, 2017, the Apache Foundation patches a severe vulnerability (CVE-2017-5638) in the Apache Struts Java framework that at the time was being exploited by hackers to take over applications coded on top of the framework.
US-CERT issues a security advisory on the same day, warning companies across the US about this new security flaw.
Equifax IT administrators circulate this advisory on an internal mailing list. Unbeknownst to its IT administrators, the mailing list was out-of-date and did not include all its systems administrators, indirectly leading to an incomplete patch of Equifax's servers.
Equifax told GAO that on March 10, two days after the US-CERT advisory, it detected attackers scanning its servers for that particular vulnerability.
Equifax officials stated that, as a result of this scanning, the unidentified individuals discovered a server housing Equifax's online dispute portal, running a vulnerable Struts version. Attackers gained access to this system, tested the level of access they had, but did not steal anything.
A week after the US-CERT advisory, Equifax staff scans its own systems for the presence of the Struts vulnerability, but the dispute portal does not show up as vulnerable.
Hackers return on May 13, and this time, according to the GAO report, they came back with a plan and the proper tools to execute it.
During this second intrusion, Equifax says attackers issued queries from the online dispute portal systems to other databases in search of personal data.
"This search led to a data repository containing PII, as well as unencrypted usernames and passwords that could provide the attackers access to several other Equifax databases," the report says.
This data helped attackers to expand their initial access from three databases to 48. Logs showed attackers then ran approximately 9,000 queries to gather Equifax customer info.
The GAO report says this happened because Equifax failed to segment its databases into smaller networks. This, in turn, allowed the attacker direct and easy access to all of its customers' data.
"After successfully extracting PII from Equifax databases, the attackers removed the data in small increments, using standard encrypted web protocols to disguise the exchanges as normal network traffic," GAO investigators said.
Hackers exfiltrated data for 76 days until July 29, 2017, when Equifax staff discovered the intrusion during routine checks of the operating status and configuration of IT systems.
Also: British Airways hit with customer data theft
Equifax said that the reason hackers were not detected for 76 days was because a device meant to inspect network traffic had been misconfigured and didn't check encrypted traffic for signs of malicious activity.
The reason the device didn't work, Equifax said, was because a digital certificate that would have helped the equipment inspect encrypted traffic had expired about ten months before the breach, preventing the equipment from doing its job.
As soon as Equifax staffers renewed the certificate, they immediately saw signs of suspicious activity.
Also: 143M consumers at risk in massive Equifax data breach TechRepublic
After investigating what happened and discovering the intrusion, Equifax took down the dispute portal on July 30, 2017, and reported the incident to its CEO the next day. At this point, the company started its internal investigation, which concluded with a public announcement of the breach on September 8, 2017.
During preparations for publicly disclosing the breach, various people also learned of the security incident. The US Securities and Exchange Commission (SEC) charged an Equifax executive and an engineer for insider trading in March and June, this year.
Huge public backlash followed in the wake of the Equifax breach announcement. While some might think that the Equifax breach was a cornerstone moment in protecting consumer rights after data breaches, things haven't changed at all during the past year. If anything, they left a bad taste in everyone's mouth.
For starters, the Consumer Financial Protection Bureau pulled back from a full-scale probe of Equifax in February 2018. In May 2018, the Federal Trade Commission named a former Equifax lawyer head of its consumer protection office that was tasked with investigating Equifax in the first place. A bill introduced to sanction companies like Equifax in case of appalling breaches slowly died out, while another bill that would reward Equifax despite privacy breaches was introduced a few months later.
The GAO report released today opens old wounds and comes as a slap in the face of all those affected who expected actions and more than endless talks around the subject.
=================================================================
With Wave this hacker would not have been allowed on the network if Equifax used Wave ERAS. Wave's simple, straightforward message needs to spread to companies and their Board of Directors rather than to continue with the ineffective means that are currently in place or there are going to be more breaches like Equifax. imo.
Wave VSC 2.0 would also help these companies out in a big way.
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
GAO Urges Government Action to Combat Cybersecurity Risks
https://www.thinkadvisor.com/2018/09/07/gao-urges-government-action-to-combat-cybersecurit/?slreturn=20180808213640
Its latest audit of efforts by government agencies to address these risks shows many failing to adopt previous GAO recommendations.
Federal agencies are failing to adequately address cybersecurity risks, jeopardizing not only the operations of the federal government and its agencies but also the personal information of U.S. citizens, according to a new audit by the Government Accountability Office.
The report, called Urgent Actions Needed to Address Cybersecurity Challenges Facing the Nation, notes that of the more than 3,000 recommendations the agency issued since 2010, 1,000 have not been implemented as of August. In addition, 31 of 35 priority recommendations also haven’t been addressed.
Many relate to the systems and structures the agencies need to implement in order to stave off security breaches and, if they occur, to respond as quickly as possible. The audit was conducted from February to September.
Citing the “inconsistent” security over IT systems and data, the report states, “The federal government needs to implement a more comprehensive cybersecurity strategy and improve its oversight, including maintaining a qualified cybersecurity workforce; address security weaknesses in federal systems and information and enhance cyber incident response efforts; bolster the protection of cyber critical infrastructure; and prioritize efforts to protect individual’s privacy and PII.” (PII refers to personally identifiable information.)
The audit cites multiple agencies for various failures relating to cybersecurity protections, including the Department of Homeland Security as well as the Securities and Exchange Commission, Internal Revenue Service, Federal Deposit Insurance Corp., the Center for Medicare and Medicaid Services (CMS) and the Department of Education’s Office of Federal Student Aid. In many cases, the GAO had issued recommendations previously, but even if the agency agreed with the recommendations — and sometimes they didn’t — they still failed to implement them.
“Until our recommendations are addressed and actions are taken to address the four challenges we identified, the federal government, the national critical infrastructure, and the personal information of U.S. citizens will be increasingly susceptible to the multitude of cyber-related threats that exist,” the report concludes.
Examples of agencies’ failings concerning cybersecurity include:
•SEC not always maintaining complete or accurate security plans or implementing continuous monitoring, as required by its own policy
•IRS failing to update some system security plans
•FDIC failing to insure that major security incidents can be identified and reported in a timely manner, a recommendation of its own Inspector General report
•CMS not implementing two of three procedures to oversee the security of state-based marketplaces
•DOE’s Office of Federal Student Aid failing to adequately oversee the information security programs of its school partners
The report also noted “limited efforts” by the Office of Management and Budget to reduce the use of Social Security numbers by government agencies despite the fact that millions of Social Security numbers had been stolen in the Equifax breach in 2017 and the breach of the Office of Personnel Management in 2017.
The GAO plans to issue an assessment of this high-risk area in February 2019.
================================================================
If the government only tried Wave's products and used them, they could find the numbers in their list greatly reduced and probably solve other problems they weren't even aware of. Wave has great products and could solve a lot of problems for companies as well. With the backing of ESW, future government contracts for Wave/ESW should be well within reach. imo.
The next 9/11 will be a cyberattack, security expert warns
https://www.cnbc.com/2018/06/01/the-next-911-will-be-a-cyberattack-security-expert-warns.html
•A cyberattack of devastating proportions is not a matter of if, but when, numerous security experts believe.
•Almost 40 percent of all industrial control systems and critical infrastructure faced a cyberattack at some point in the second half of 2017.
•Many companies are still running critical infrastructure on Windows XP and other platforms that are unpatchable — meaning they can't be updated for vulnerability and bug fixes.
A cyberattack of devastating proportions is not a matter of if, but when, numerous security experts believe.
And the scale of it, one information security specialist said this week, will be such that it will have its own name — like Pearl Harbor or 9/11.
"The more I speak to people, the more they think that the next Pearl Harbor is going to be a cyberattack," cybersecurity executive and professional hacker Tarah Wheeler told a panel audience during the Organization for Economic Cooperation and Development's (OECD) annual forum in Paris.
"I think that the most horrifying cybersecurity attack is going to have its own name and I think it's going to involve something more terrifying than we've thought of yet."
Wheeler is CEO and principal security advisor at Red Queen Technologies, a cybersecurity fellow at Washington, D.C.-based think tank New America, and former cybersecurity czar at multinational software firm Symantec.
Explaining her premonition, Wheeler pointed to vital health and transport infrastructure she described as grossly under-protected.
"I think about the fact that most American healthcare technology is secured, if at all, with ancient, crumbling security infrastructure. I think of planes full of people, the kind of infrastructure that protects flu vaccinations. I think about fertility clinics losing years' worth of viable embryos," she said, stressing that people are not paying attention to that crumbling infrastructure.
Critical infrastructure and industry
Wheeler is not alone in her apocalyptic outlook. Not a single report from technology companies and researchers in this field claims that the cyberthreat environment is becoming less hostile or less significant.
The World Economic Forum's (WEF) Global Risks Report 2018 names cyberattacks and cyber warfare as a top cause of disruption in the next five years, coming only after natural disasters and extreme weather events.
"In a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning," the report said. Industry and critical infrastructure like power grids and water purification systems could be potential targets for hackers, whether they are small groups or state actors.
Retired Admiral James Stavridis, who served as NATO Supreme Allied Commander for Europe, echoed these warnings in a prior interview with CNBC: "We're headed toward a cyber Pearl Harbor, and it is going to come at either the grid or the financial sector... we need to think about this cyberattack as a pandemic."
Artificial intelligence-focused security firm BluVector reported in February that almost 40 percent of all industrial control systems and critical infrastructure faced a cyberattack at some point in the second half of 2017.
Unpatchable devices and the internet of things
Companies and governments aren't doing enough to protect these systems, Wheeler said.
"The inevitability is based in the easy access to the kinds of exploits that still work 10, 15, 20 years after they've been revealed," she said, noting that there are still companies running critical infrastructure, including health infrastructure, on Windows XP and other platforms that are unpatchable — meaning they can't be updated for vulnerability and bug fixes. Many internet of things (IOT) devices, she described, are unpatchable by design.
IOT, which has been described as "merging physical and virtual worlds, creating smart environments" through devices connected to the internet and that communicate with one another, represents a whole new level of vulnerabilities.
And cybercriminals have an exponentially increasing number of potential targets, the WEF report said, "because the use of cloud services continues to accelerate and the internet of things is expected to expand from an estimated 8.4 billion devices in 2017 to a projected 20.4 billion in 2020."
The chief executive of defense firm Raytheon International, John Harris, recently called cyberattacks the "single biggest threat to global security," adding that "the more we are connected, the more we are vulnerable."
Listen to the hackers
But Wheeler didn't specify who would likely be behind such acts, stressing that the nature of cyber warfare is asymmetric — and while there are state actors with hostile intentions, cyber weapons are accessible to just about anyone with the skills to deploy them.
What's needed, Wheeler stressed, is "sensible, deep, not broad, cybersecurity regulation that has teeth." She urged the private sector to listen to its "early warning system" — what she called the information security community, or hackers — rather than criminalizing their activity.
Industry experts have encouraged best practices and a greater awareness of the threats across the public and private sectors, and call on both sides to improve collaboration.
The last two years have tested relations between countries amid allegations of Russian election hacking in the U.S. and cyberthreats emanating from North Korea, Iran and China, among others.
In March, the Donald Trump administration blamed Russia for a string of cyberattacks going back at least two years that targeted the U.S. power grid. International attacks like the WannaCry virus, which affected 300,000 computers in 150 countries and NotPetya, the alleged Russian-directed attack that caused $300 million in damages to multinational companies, may be just a small glimpse of what is on the horizon.
=================================================================
Why hasn't ERAS and VSC 2.0 been instituted on a grander scale when it could be put in place efficiently (especially after reading this article)?!?! Wave's products could go a long way in helping prevent a cyber 911. Wave's products could be used to benefit millions and keeping them safe and then there are articles like this is truly baffling. imo.
The Trump administration hopes to change the ‘entire ecosystem’ of cybersecurity norms
https://www.fifthdomain.com/civilian/dhs/2018/09/07/the-trump-administration-hopes-to-change-the-entire-ecosystem-of-cybersecurity-norms/
Top administration officials used a Sept. 6 Billington Cybersecurity Summit to preview a plan that aims to make digital security a household issue in the United States.
Discussed during a panel titled “Envisioning a ‘Cybersecurity Moonshot,’” the agenda is expected to improve collaboration between the public and private sector in order to defeat what Homeland Security Secretary Kirstjen Nielsen called a “pandemic” of cyberattacks during a Sept. 5 speech at George Washington University.
The plan — set to be formally announced by the Trump administration in the coming weeks — calls for increasing the number of qualified cybersecurity experts into the American workforce, spreading good digital hygiene and having the government work with the private sector to stop online hacking and elevate cybersecurity norms into everyday American life.
“It’s really more about the second- and third-order effects, about changing the culture and having a mindset of cybersecurity,” said Grant Schneider, senior director for cybersecurity policy at the National Security Council. “It’s not an end state; it is a journey.”
Joking that she hoped the campaign would lead to something like the discovery of plastics, Jeanette Manfra, assistant secretary at Homeland Security, said that “an entire ecosystem” needed to change.
=================================================================
It would be nice if the TPM/TCG/Wave light was finally seen! and acted upon! There is a super cybersecurity benefit largely untapped in the three!
6 ways companies fail at security fundamentals
https://www.csoonline.com/article/3303582/security/6-ways-companies-fail-at-security-fundamentals.html#tk.twt_cso
A new report suggests many organizations are failing in the basic cyber hygiene efforts and leaving themselves exposed to hackers.
Excerpt:
Taking too long to remove unauthorized devices from a network.
Sixty-two percent of organizations reported that it took them hours at best to detect new devices on the network and hours on top of that to remove any unauthorized devices. All it takes is one malicious attacker to be connected for a few minutes to start potentially causing damage. Best Practice: Organizations need accurate inventory of authorized devices and network level authentication to prevent unauthorized connection.
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
================================================================
A related post:
https://investorshub.advfn.com/boards/read_msg.aspx?message_id=143175511
Data breach reports to Information Commissioner increase by 75%
https://www.helpnetsecurity.com/2018/09/04/data-breach-reports-ico/
The number of reports of data security incidents received by the Information Commissioner (ICO) has increased by 75 per cent over the past two years, according to new analysis by Kroll.
The findings, obtained from a request made under the Freedom of Information Act and analysis of publicly available ICO data, reveal details of data breaches which have compromised a broad range of individuals’ personal data, including health or clinical information, financial details, employment details and criminal records or endorsements.
Kroll says the increase in reports indicates that organisations have been gearing up for a new era of transparency around data breaches under the GDPR, which came into force in May. Kroll expects both the number of reports and value of fines issued to increase significantly under the new regulation, creating much greater regulatory and reputational risks for businesses.
Andrew Beckett, Managing Director and EMEA Leader for Kroll’s Cyber Risk Practice, explained: “Reporting data breaches wasn’t mandatory for most organisations before the GDPR came into force, so while the data is revealing, it only gives a snapshot into the true picture of breaches suffered by organisations in the UK.
The recent rise in the number of reports is probably due to organisations’ gearing up for the GDPR as much as an increase in incidents. Now that the regulation is in force, we would expect to see a significant surge in the number of incidents reported as the GDPR imposes a duty on all organisations to report certain types of personal data breach.”
Human error risk versus hacker risk
Kroll’s analysis reveals that the data breach risks posed by human error are at least as great as those from cyber attacks. In the past year, of the incidents where the type of breach is specified, 2,124 reports could be attributed to human error, compared to just 292 that were deliberate cyber incidents.
The most common types of incidents due to human error include data being emailed to the incorrect recipient (447 incidents), loss or theft of paperwork (438) and data left in an insecure location (164). The loss or theft of unencrypted devices (133) is another common reason for data breach reports.
Of the deliberate cyber incidents reported, specific circumstances logged include unauthorised access (102), malware (53), phishing attacks (51) and ransomware (33).
Andrew Beckett noted: “Effective cybersecurity is not just about technology. Often, companies buy the latest software to protect themselves from hackers, but fail to instigate the data management processes and education of employees required to mitigate the risks. The majority of data breaches, and even many cyber attacks, could be prevented by human vigilance or the implementation of relatively simple security procedures.”
Sectors submitting the most data breach reports
The health sector is responsible for the highest number of reported data security incidents over the past financial year (1,214), a 41 per cent increase over two years. This is followed by general business (362), education and childcare (354) and local government (328).
Kroll says the health sector is top of the list partially due to mandatory reporting requirements that only applied to certain sectors pre-GDPR, but under the new regulation the firm expects to see a much broader spread of business sectors reporting incidents.
The analysis reveals that health or clinical data is the most common type of personal data compromised, specified in 39 per cent of reports over a three-year period. This is likely to be due to the high percentage of reports originating from the health sector. Other kinds of personal data compromised include financial details (10%), social care data (7%), employment details (5%), criminal records or endorsements (4%) and education records (3%).
Andrew Beckett said: “Following the introduction of the GDPR, the business case for investing in cyber defence has never been stronger. Our analysis of incidents reported to the ICO in the UK shows that people are still the critical factor, and investment in training staff, either to follow correct procedures or to spot phishing attacks before they click on the link/email, offers the best return for helping to prevent data losses. The increased scope for mandatory reporting of breaches under the GDPR may significantly alter these trends and results, and Kroll will continue to monitor and analyse breach data. What won’t change is the increasing number of breaches/data loss events and the need for companies to have an effective, tested plan for how they deal with these situations, including the need for having specialist partners identified for forensic incident response, specialist legal counsel, crisis communications and breach notification.”
=================================================================
Wave employees and showing what is in the two links below could have a big, positive impact on protecting companies from GDPR. imo.
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Your PIN is no longer available message on Windows 10
https://www.thewindowsclub.com/your-pin-is-no-longer-available
Do you face any issue while signing into your Windows 10 computer using a PIN? A recent update caused a few glitches, and a few users reported that they were not able to sign in using a PIN and neither were able to reset it later. This post aims to resolve issues that you might be facing while signing in using your PIN or fingerprint with Windows Hello. The exact message you may see is-
Your PIN is no longer available due to a change in the security setting on this device on this device.
If you see this message while signing in to your computer, then you can follow the steps mentioned here to resolve it.
see rest of article at link for the steps to solve the problem -
================================================================
This may be a problem in Windows 10; Windows Hello and those users with Windows 7 or Windows 8 probably don't have this problem with Wave VSC 2.0. Sounds like a tedious problem to have with Windows Hello if you want to use a PIN number or fingerprint and I believe Wave VSC 2.0 avoids it. imo.
=================================================================
For the many other reasons to purchase Wave VSC 2.0!
https://www.wavesys.com/products/wave-virtual-smart-card
Microsoft to offer paid Windows 7 Extended Security Updates
https://www.zdnet.com/article/microsoft-to-offer-paid-windows-7-extended-security-updates/
Microsoft is stepping up its Windows 7 migration campaign with a paid security update option, Desktop App Assure service and more
With the Windows 7 end-of-support clock slowly winding down to January 14, 2020, Microsoft is announcing it will offer, for a fee, continuing security updates for the product through January 2023. This isn't the first time Microsoft has done this for a version of Windows, but it may be the first time it has been so public about its plans to do so.
Windows 7 still has a large share of the overall Windows market, especially among business customers. Moving off older versions of Windows is a slow process, even with advance planning, for companies with multiple thousands of Windows desktop machines.
The paid Windows 7 Extended Security Updates (ESUs) will be sold on a per-device basis, with the price increasing each year. These ESUs will be available to any Windows 7 Professional and Windows 7 Enterprise users with volume-licensing agreements, and those with Windows Software Assurance and/or Windows 10 Enterprise or Education subscriptions will get a discount. Office 365 ProPlus will continue to work on devices with Windows 7 Extended Security Updates through January 2023.
There are a number of key differences between the old Custom Support Agreements, which enabled enterprise customers to continue receiving security updates for a version of Windows that Microsoft was no longer supporting and these ESUs, said Jared Spataro, corporate vice president of Microsoft 365.
Before, Microsoft ran this program through its consulting practice, meaning the extended updates were available only to the largest customers with deep pockets -- and active Premier Support Agreements (in the case of Windows XP, at least). In the past, customers had to show Microsoft their plans for migrating off the no-longer-supported version of Windows. They needed to provide quarterly deployment milestones and a project completion date, in addition to paying multiple millions of dollars for extended patch coverage.
This time around, the ESU program is being run out of Microsoft's Volume Licensing Unit and Core Windows Engineering "is producing these updates like a product," Spataro explained.
=================================================================
It could be looking better to go with Wave VSC 2.0 (and Wave products) by extending the windows 7 computer's life (now until 2023) rather than purchasing a new computer with Windows 10. It seems like a good selling point for Wave.
Do you still need a firewall?
https://www.csoonline.com/article/3301354/security/do-you-still-need-a-firewall.html#tk.twt_cso
Traditional firewall software no longer provides meaningful security, but the latest generation now offers both client-side and network protection.
Six years ago I wrote, “Firewalls need to go away. I'm just saying what we all already know. Firewalls have always been problematic, and today there is almost no reason to have one.” Firewalls were—and still are—no longer effective against modern attacks.
rest of the article is at the link -
==================================================================
Companies could use investments earmarked for 'firewall' for products like Wave VSC 2.0, Wave Endpoint Monitor, Wave SED Management, and Wave ERAS and get better protection from IP theft and cyberattacks. imo. (Wave - Cybersecurity that works better!)
=================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
=================================================================
https://www.wavesys.com/malware-protection
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
https://www.wavesys.com/
NSA official: Foreign hackers have 'pummeled' U.S. by stealing IP
https://www.cyberscoop.com/george-barnes-nsa-us-china-ip-theft/
Hackers sponsored by foreign governments have chipped away at the United States’ global economic advantage through a steady campaign of intellectual property theft, according to a top National Security Agency official.
“It pains me to see the core of how we’ve defined ourselves over the last century” – in terms of innovation and intellectual property – “be continuously pummeled by external nation-state and non-nation-state-sponsored malicious cyber activity,” NSA Deputy Director George Barnes said Tuesday at the Intelligence and National Security Summit (INSA) in National Harbor, Md.
Rather than one, devastating cyberattack, Barnes said there has been a “slow drop” of “continual theft of intellectual property from our industries.”
Former NSA director Keith Alexander has repeatedly called the theft of U.S. intellectual property “the greatest transfer of wealth in history.” In a New York Times op-ed last year, Alexander and Dennis Blair, a former Director of National Intelligence, said such theft costs the U.S. $600 billion per year.
While Barnes did not name names in discussing that theft, Director of National Intelligence Dan Coats singled out China as a stealer of trade secrets in a speech at the same event.
“[W]e are all aware of Chinese continuing efforts through the use of cyber to exploit…activities that bolster their economy and their military assets,” Coats said at the INSA conference.
The U.S. intelligence community has in recent weeks ratcheted up its public warnings that intellectual property is a risk to national security. In July, the National Counterintelligence and Security Center released a report detailing persistent efforts by China, Iran, and Russia to steal U.S. trade secrets. NCSC Director William Evanina said then that China had not been honoring a 2015 agreement to refrain from economic espionage, pointing to multiple indictments of Chinese nationals in recent years.
In addition to concerns over intellectual property, U.S. officials have sought to warn companies about what they say are the broader national security risks of doing business with Chinese telecom companies Huawei and ZTE, and Russian antivirus vendor Kaspersky Lab. U.S. officials worry Beijing and Moscow could leverage those companies to spy on Americans, an allegation the companies deny.
For Barnes, the key to better defending U.S. trade secrets from hackers is to share threat information across “the public-private divide.”
“Our [threat] information is no good unless we gets it into the hands of critical infrastructure” as well as government personnel defending federal networks, he said.
================================================================
The government and many companies have tried to protect their IP using various cyber solutions to no avail; why not give the Wave Alternative and Wave products a try! Its the solution that works!
================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/products/wave-self-encrypting-drive-management
‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass
https://threatpost.com/embargo-banking-malware-camubot-tries-to-bypass-some-biometric-account-protections/137131/
CamuBot is a unique malware targeting Brazilian bank customers that attempts to bypass biometric account protections.
Brazilian bank customers are being warned of malware dubbed CamuBot that hides in plain sight and presents itself as a required end-user security module provided by a bank.
The malware goes so far as to include bank logos that look and feel as if they’re part of a real security application. In some cases, the malware can also hijack one-time passwords used for biometric authentication.
In a report by IBM X-Force released Tuesday, researchers said CamuBot was first spotted in August 2018 in a targeted attack against business-class banking customers. The name, CamuBot, was given to the malware because it attempts to camouflage itself as bonafide branded security software.
“The malware’s operators are actively using [CamuBot] to target companies and public-sector organizations, mixing social engineering and malware tactics to bypass strong authentication and security controls,” said Limor Kessem, a global executive security advisor with IBM Security, in a technical breakdown of the attacks posted Tuesday.
Distribution of the malware is believed to be highly individualized. “It is very possible that [the threat actors] gather information [on potential targets] from local phone books, search engines or professional social networks to get to people who own a business or would have the business’ bank account credentials,” Kessem wrote.
Once a target is defined, the attackers pose as bank employees via phone calls, and instruct victims to visit a specific URL to verify that their “security module” is up-to-date. The fake verification site will then indicate a fake “required update” for the supposed security software. Next, victims are told to close all running programs, and to download and install the malicious software using the Windows admin profile.
“At this point, a fake application that features the bank’s logos starts downloading. Behind the scenes, CamuBot gets fetched and executed on the victim’s device,” the researcher said. “The name of the file and the URL it is downloaded from change in every attack.”
As the attacker is on the phone with the victim, “a pop-up screen redirects the victim to a phishing site purporting to be their bank’s online banking portal,” Kessem explained. Victims are instructed to log into their account via the fake site maintained by the attacker. Once accomplished, the victim has shared their banking credentials with the attacker.
Outsmarting Biometric Hardware Protections
In some circumstances, such as the presence of biometric authentication or other strong authentication hardware attached to the targeted PC, CamuBot goes the extra mile. “The malware can fetch and install a driver for that device,” researchers said.
To perform this type of authentication end-run, attackers take advantage of the malware’s advanced features. That includes CamuBot creating new firewall and antivirus rules to make sure the malware is a trusted program. Communication is then established with the adversary’s command-and-control via an SSH-based SOCKS proxy. Next, port forwarding is enabled and used “in a two-way tunneling of application ports from the client’s device to the server,” researcher said.
“The tunnel allows attackers to direct their own traffic through the infected machine and use the victim’s IP address when accessing the compromised bank account,” she said.
Now, CamuBot asks the victim to install remote access to their USB-connected device.
“Trusting that they are speaking to a bank representative, the victim may authorize the access, not knowing that by sharing access to the connected device they can allow the attacker to intercept one-time passwords generated for authentication purposes,” Kessem wrote. “If the same remote sharing is authorized by a duped user, they could unknowingly compromise their biometric authentication.”
The CamuBot malware code distinguishes itself from copious banking malware and trojans found targeting Brazil-based financial institutions over the past year. For one, it does not attempt to hide itself as does Brazilian banking malware samples: Trojan-Proxy.PowerShell.Agent.a, Metamorfo, MnuBot and one malware family that used Compiled HTML Help files to deliver a banking trojan.
“CamuBot is more sophisticated than the common remote-overlay type malware used in Brazil in its M. O. (modus operandi) and fraud tactics. Instead of simplistic fake screens and a remote access tool, CamuBot tactics resemble those used by Eastern European-made malware,” she said.
Kessem said CamuBot is most similar to Europe-based TrickBot, Dridex and QakBot, which target business banking and leverage social engineering for account and device takeover.
===============================================================
My hunch is Wave Knowd could protect against Camubot with the TPM as a factor of authentication (that the hackers couldn't get) rather than biometric or one-time passwords that are being hacked in the article. imo.
=================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Lee, MA -
May 9, 2013 -
Wave Systems Corp. (NASDAQ: WAVX), the Trusted Computing Company, today announced Wave Knowd, a new web service available for preview that significantly reduces the vulnerability and use of passwords by leveraging the unique identity of computing devices. With a simple integration of Wave Knowd, any website can establish reliable and consistent identity relationships with the devices its customers use most often for Internet services. Wave Knowd, which signifies “Known Devices,” is being tested by partners to provide the backbone for general purpose machine identity.
“The maturation of the web mandates a change in how we, and our computing devices, connect to the web,” said Steven Sprague, Wave CEO. “With cable television, satellite radio, bank kiosks and mobile phones, the service relationship is tied to the endpoint device. The web needs the security and simplicity of this same model, where our computing devices themselves play an added role in authentication. I access dozens of web services every day from the computer in my home office, and want those sites to know and trust my PC so they’ll stop continually asking me to log in. Wave Knowd enables that trust.”
To make web authentication stronger and simpler, Wave Knowd provides a new approach to signing on and accessing Cloud and Internet services. From online banking to business services and even consumer gaming, passwords are failing to provide a level of security that either service providers or users can trust. Knowd is built upon the concept that only known devices should ever access a protected network. Knowd incorporates all of your access and identity solutions together to establish a relationship of trust between users’ computing devices, and the web services they access.
“We interact online using so many devices now, but from a security perspective those devices aren’t all equal. Accessing medical records or confidential business files from my kid’s smartphone is certainly not as trustworthy as connecting from my business PC with an encrypted drive,” continued Mr. Sprague. “Wave Knowd is all about making the Web simpler and safer, and that new foundation of trust begins with known devices, and known capabilities.”
Once machine identity is established, any web site—from gaming, social networking or shopping; to banking, business and financial services—can use Wave Knowd to create a reliable and persistent identity for the connecting device. Knowd allows Web sites to streamline access for users who repeatedly log on from trusted devices, while bolstering security. Initial authentication creates a unique and anonymous relationship between each computing device and each web service accessed, and then the level of trust between the two grows over time. Knowing the device can also help the site prevent fraud and phishing, or simply provide quicker no-password access. Wave is the partner helping to create and manage these relationships.
“Wave Systems was the obvious choice to provide ID Dataweb’s attribute exchange with device identity services,” said David Coxe, CEO at ID Dataweb. “In Knowd, Wave has provided a system that is rooted in state of the art device security technologies such as the Trusted Platform Module and other secure elements, while also offering a simple web based integration. It’s easy to identify if a connecting device is highly trusted, or whether it requires added screening and security.”
ID Dataweb uses Wave’s Knowd solution as part of the Identity Ecosystem supported through a grant from the U.S. Department of Commerce’s National Institute of Standards and Technology’s NSTIC initiative (National Strategy for Trusted Identities in Cyberspace). ID Dataweb has created a standards-based platform to simplify online identity verification using OpenID credentials.
Providing the Tools to Manage Trust in the Cloud: What’s Your Trust Score?
Wave Knowd is a powerful enhancement for any website. The endpoint identity service links an individual users’ unique device identity, with the Internet services that are typically protected only by username and password access. Users are prompted by their cloud service provider to register their primary computing devices to create a unique and persistent device identity relationship with their Internet services and service providers. No personal ID information is obtained by Wave, as Knowd works purely as a machine identity service. Furthermore, registered devices are given a unique ID for every service provider, establishing a separate trust relationship with each service.
Wave Knowd asserts a Trust Score that helps both consumers and cloud services or relying parties to determine the level of trust granted to each specific computing device. For example, a home PC that is used regularly for banking will quickly build a high Trust Score. Users can achieve a higher Trust Score by installing a small software application (Wave Knowd currently supports Windows 7 and 8, with Apple and Android to follow later this year). Business-class PCs containing a standard Trusted Platform Module (TPM) can establish even greater trust by leveraging the TPM security chip to create and securely store a unique device ID.
Knowd provides a web service with a new capability to enable or disable features based on the device that the user is actively using, providing a new security option for the end user. Perhaps an account password can only be reset from the user’s registered home computer and not from anywhere in the world, thereby linking in all of the user’s investment in the security of their home, from their alarm system to the doorman. Every web service can benefit from integrating Wave Knowd as part of the user’s experience.
Wave Knowd is free to consumers, and reduces the authentication cost to providers. Knowd is available to relying parties using the standard OpenID protocol, and also offers a simple web API. For more information visit: ID.Wave.com
Majority of UK firms not insured for data breaches
https://www.computerweekly.com/news/252447970/Majority-of-UK-firms-not-insured-for-data-breaches
Many UK firms are not insured against information security breaches and data loss, and would have to spend £1m on average to recover from a breach, a report reveals
Only a third of UK organisations have insurance that covers them for security breaches and financial impact of data loss, a survey shows.
The survey also shows that only 29% of firms have dedicated cyber insurance in place, despite 81% of senior executives polled saying it is “vital” their organisation is insured against data breaches, according to the Risk:Value 2018 report by NTT Security.
However, the survey, conducted by Vanson Bourne, also shows that nearly half of senior executives are not aware of what their company insurance covers.
The report, which looks at the attitudes of 1,800 global senior decision-makers from non-IT functions to risks to the business and the value of information security, reveals that UK businesses would have to spend £1m, on average, to recover from a breach.
While the UK compares poorly with other markets such as the US and Singapore (53%) when it comes to insuring against information security breaches and data loss, it fares better than Benelux (27%) and the Nordics (23% in Sweden and 28% in Norway).
The UK also ranks second from last for having dedicated cyber insurance, alongside Germany (29%) and just above Benelux (27%).
Just 6% of UK respondents said their company insurance covers only information security breaches, while 11% are covered only for data loss. However, the fact that nearly half (45%) of those surveyed do not know if their company insurance covers either of these is a concern, the report said, given that it is the highest figure for any of the countries in the report and well above the global average of 23%.
Kai Grunwitz, senior vice-president for Europe at NTT Security, said: “With estimated annual losses from cyber crime now topping $400bn (£291bn), according to the Center for Strategic and International Studies, you would hope more organisations would be beating a path to insurers’ doors. But while the insurance sector is certainly seeing growth in the number of policies being taken out to cover such losses, it’s an issue that many senior decision-makers are not on top of.”
According to figures, the number of insurers now offering cyber insurance via Lloyd’s of London has leapt to more than 70, nearly double the number a few years ago, while insurance giant Allianz predicts that global cyber insurance premiums will grow to $20bn by 2025, up from around $3bn to $4bn currently.
According to the NTT Security report, half of respondents in UK organisations believe a failure to maintain or apply updates to existing IT systems would or could invalidate their company insurance, while 37% point to lack of compliance with industry regulations, including the General Data Protection Regulation (GDPR), which came into force in May.
While 63% of respondents in the UK said they have an incident response plan in place, and another 18% are in the process of implementing one, 38% agreed that the lack of an incident response plan could or would also invalidate their company insurance.
Incident response is a basic requirement of best practice security and is even more important with the GDPR mandating 72-hour notifications following a breach, the report notes, adding that the GDPR and Network and Information Systems (NIS) Directive both require organisations in one way or another to follow best practices in cyber security, threatening huge fines of up to £17m or 4% of global annual turnover for non-compliance.
“While cyber risk insurance should be put in place to help mitigate the potential fallout of a data security breach, a policy must not be seen as a ‘get out of jail free’ card,” said Grunwitz.
“Cyber insurance must be complementary to an effective risk-based information security strategy, not a replacement for it. You wouldn’t expect your house insurance provider to pay out if you were burgled when the doors and windows were left unlocked. So don’t expect a payout – or indeed an insurance policy – if you haven’t put in place the right processes and policies,” he said.
================================================================
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
Wins competitive evaluation against market leader in two-factor authentication tokens
https://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Lee, MA -
December 17, 2015 -
Wave Systems Corp. (NASDAQ: WAVX) announces a five-year master licensing agreement (MLA) with a leading global corporation (as determined by the 2015 Fortune Global 500 List) for its Virtual Smart Card 2.0 solution. This MLA sets the terms and pricing for licenses and maintenance across the customer’s global organization and establishes it as their preferred two-factor authentication solution. Instead of one large license purchase for the entire organization, each of the customer’s subordinate divisions will make separate orders in accordance with the terms of this MLA.
The first purchase of 2,000 VSC 2.0 licenses under this agreement, when added to a previous purchase, completes the requirement for the customer’s global IT division. That division will now lead the internal effort to standardize the remaining 150,000+ endpoints within their organization with the new Wave VSC 2.0 solution. While there are no minimum order requirements under the agreement, discussions for additional orders are underway.
“Our five-year agreement with this customer is the first very large scale contract for VSC 2.0 and is an important milestone for Wave,” said Bill Solms, President and CEO of Wave Systems. “This customer is a major global financial services company and their standards for protecting their systems from unauthorized access and the integrity of their data are of the highest order. Wave had to pass a very rigorous technical and business review to win the competition. We believe that this client’s decision to choose Wave Virtual Smart Card 2.0 over their incumbent solution gives us tremendous credibility in the two-factor authentication market. We will remain engaged with this company in order to complete the additional sales and deployments in the months ahead.”
Wave Virtual Smart Card 2.0 is a tokenless, hardware-based, two-factor authentication solution that offers superior security at less than half the cost of comparable solutions. It is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7, 8 and 10. It also provides management support for the Microsoft Virtual Smart Card on Windows 8 and 10. Wave’s VSC solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, significantly lower total cost of ownership, and a greatly reduced risk of unauthorized access.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure Passphrase and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with both TPM 1.2 and TPM 2.0 security chips
For more information, visit: Wave Virtual Smart Card 2.0
==================================================================
If this global financial services company sells cyber insurance, it would seem to make sense to pass this agreement information along to its potential cyber insurance customers. Or for Wave to show prospective large companies this agreement who still have two factor authentication like Securid. imo. See the link below for a description of Wave VSC 2.0 and its advantages.
================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Avast Users Having Internet Issues & Malwarebytes Conflicts After Upgrade
https://www.bleepingcomputer.com/news/security/avast-users-having-internet-issues-and-malwarebytes-conflicts-after-upgrade/
This week users of Avast's antivirus product have reported Internet problems after performing an upgrade of a product. If users also have Malwarebytes installed, reports are coming in that Avast is causing conflicts with that program as well.
Unfortunately, at this time in order to get both programs working properly together, you will need to disable a protection module from one of the programs in order to avoid the conflicts.
Avast 18.6.2349 causing connectivity problems
After upgrading to Avast 18.6.2349, numerous users on the Avast Forums have started to complain about not being able to browse web sites. When users attempted to diagnose the issue they found that this is not a total loss of connectivity as they could ping IP addresses, but could were able to not access web sites via a browser.
When disabling the Avast WebShield component, which protects users from browsing to malicious sites or scripts, users reported that they were once again able to browse the web as normal.
In one support forum post, a Avast employee named Filip Braun stated that this problem could be caused by a failed update that left old Avast drivers behind.
Avast forum regulars are suggesting that users perform a clean install of Avast to see if that resolves the issue.
Avast causing conflicts in Malwarebytes
To make matters worse, Malwarebytes users who have Avast installed are also reporting numerous problems this week as well after upgrading Avast. Some of the issues being reported include being unable to open the program's dashboard, errors using Malwarebyte's support tool, Malwarebytes crashing, or the inability to keep real time protection enabled.
Some users have reported that they can get Malwarebytes working again by disabling the program's Web Protection component, which protects users from malicious sites. Others have reported that they can Malwarebyte's Web Protection component again if they disable Avast's similar "Real Site Protection" feature.
According to a post by a Avast developer on the Malwarebytes forum, this issue is supposedly a conflict between the two program's web protection modules. The developer further indicates that Malwarebytes is not performing UDP filtering using a MS recommended solution.
While this could be one cause of conflict, there is obviously something else going on as users on the Avast forums have indicated that they are having problems after the 18.6.2349 even when they do not have Malwarebytes installed.
For now, according to Malwarebytes support engineer Devin Collins, if you are a MBAM user and wish to continue using their Web Protection module, you need to disable Avast's "Real Site Protection". Collins further stated that Malwarebytes is working with Avast/AVG to resolve these issues.
Bleeping Computer has contacted both Malwarebytes and Avast for comment, but had not heard back at the time of this publication.
much more at the link -
================================================================
Sounds like it is time for business users of antivirus (like Avast) to upgrade to a better product like Wave Endpoint Monitor. Now all we need is a little marketing. imo.
================================================================
https://www.wavesys.com/malware-protection
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.
=================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
An open standard means Wave works with everything
Wave Endpoint Monitor works on your existing hardware, across platforms. That’s because our solutions are based on an open standard that’s already been implemented on many laptops and is now working its way onto mobile devices. We’re talking about those TPMs. We just don’t think that expensive new equipment and vendor lock-in are great selling points.
Be proactive on compliance
No new regulations here—yet. But government agencies recognize malware as a growing threat. In 2011, NIST published guidelines for basic input/output system (BIOS) integrity measurement, the BIOS being what initializes a computer when it boots up. When this critical system is malware’s target, the consequences are big. The guidelines describe what’s needed to establish a chain of trust for the BIOS: Has it been tampered with? NIST actually looked to Wave for feedback on this document (see the acknowledgments). We know what’s needed, because Wave Endpoint Monitor is already doing it.
Key Features:
Easy security compliance
• Comports with NIST guidelines for BIOS integrity
Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
• Real-time alerts for zero-day detection of APTs
• Get Windows 8 Malware protection now—WEM covers previous versions of Windows
Simplicity
• Uses standards-based security that’s in every PC you own
• Measurement notifications and reports can be customized for your processes and work flows
• Centralized, remote activation and management of your TPMs
• E-discover which PCs in your organization are enabled for endpoint monitoring
No compromises
• Ensure host integrity—without expensive hardware or excessive administrative overhead
Windows 8 Tablet Compatibility
• Get the same device integrity assurance on Windows 8 Pro & Enterprise tablets that you want for your enterprise PCs - with Wave Mobility Pro - Tablet Edition
Exclusive: U.S. accuses China of 'super aggressive' spy campaign on LinkedIn
https://www.reuters.com/article/us-linkedin-china-espionage-exclusive/exclusive-us-accuses-china-of-super-aggressive-spy-campaign-on-linkedin-idUSKCN1LG15Y
WASHINGTON (Reuters) - The United States’ top spy catcher said Chinese espionage agencies are using fake LinkedIn accounts to try to recruit Americans with access to government and commercial secrets, and the company should shut them down.
William Evanina, the U.S. counter-intelligence chief, told Reuters in an interview that intelligence and law enforcement officials have told LinkedIn, owned by Microsoft Corp., about China’s “super aggressive” efforts on the site.
He said the Chinese campaign includes contacting thousands of LinkedIn members at a time, but he declined to say how many fake accounts U.S. intelligence had discovered, how many Americans may have been contacted and how much success China has had in the recruitment drive.
German and British authorities have previously warned their citizens that Beijing is using LinkedIn to try to recruit them as spies. But this is the first time a U.S. official has publicly discussed the challenge in the United States and indicated it is a bigger problem than previously known.
Evanina said LinkedIn should look at copying the response of Twitter, Google and Facebook, which have all purged fake accounts allegedly linked to Iranian and Russian intelligence agencies.
“I recently saw that Twitter is cancelling, I don’t know, millions of fake accounts, and our request would be maybe LinkedIn could go ahead and be part of that,” said Evanina, who heads the U.S. National Counter-Intelligence and Security Center.
It is highly unusual for a senior U.S. intelligence official to single out an American-owned company by name and publicly recommend it take action. LinkedIn says it has 575 million users in more than 200 counties and territories, including more than 150 million U.S. members.
Evanina did not, however, say whether he was frustrated by LinkedIn’s response or whether he believes it has done enough.
LinkedIn’s head of trust and safety, Paul Rockwell, confirmed the company had been talking to U.S. law enforcement agencies about Chinese espionage efforts. Earlier this month, LinkedIn said it had taken down “less than 40” fake accounts whose users were attempting to contact LinkedIn members associated with unidentified political organizations. Rockwell did not say whether those were Chinese accounts.
“We are doing everything we can to identify and stop this activity,” Rockwell told Reuters. “We’ve never waited for requests to act and actively identify bad actors and remove bad accounts using information we uncover and intelligence from a variety of sources including government agencies.”
Rockwell declined to provide numbers of fake accounts associated with Chinese intelligence agencies. He said the company takes “very prompt action to restrict accounts and mitigate and stop any essential damage that can happen” but gave no details.
LinkedIn “is a victim here,” Evanina said. “I think the cautionary tale ... is, ‘You are going to be like Facebook. Do you want to be where Facebook was this past spring with congressional testimony, right?’” he said, referring to lawmakers’ questioning of Facebook CEO Mark Zuckerberg on Russia’s use of Facebook to meddle in the 2016 U.S. elections.
China’s foreign ministry disputed Evanina’s allegations.
“We do not know what evidence the relevant U.S. officials you cite have to reach this conclusion. What they say is complete nonsense and has ulterior motives,” the ministry said in a statement.
But Senator Mark Warner, the top Democrat on the Senate Intelligence Committee, said Beijing’s exploitation of LinkedIn “demonstrates the length to which Chinese intelligence will go, and the 21st Century counter-intelligence challenges facing us in a world where everybody’s got an online footprint.”
EX-CIA OFFICER ENSNARED
Evanina said he was speaking out in part because of the case of Kevin Mallory, a retired CIA officer convicted in June of conspiring to commit espionage for China.
A fluent Mandarin speaker, Mallory was struggling financially when he was contacted via a LinkedIn message in February 2017 by a Chinese national posing as a headhunter, according to court records and trial evidence.
The individual, using the name Richard Yang, arranged a telephone call between Mallory and a man claiming to work at a Shanghai think tank.
During two subsequent trips to Shanghai, Mallory agreed to sell U.S. defense secrets - sent over a special cellular device he was given - even though he assessed his Chinese contacts to be intelligence officers, according to the U.S. government’s case against him. He is due to be sentenced in September and could face life in prison.
While Russia, Iran, North Korea and other nations also use LinkedIn and other platforms to identify recruitment targets, the U.S. intelligence officials said China is the most prolific and poses the biggest threat.
U.S. officials said China’s Ministry of State Security has “co-optees” - individuals who are not employed by intelligence agencies but work with them - set up fake accounts to approach potential recruits.
They said the targets include experts in fields such as supercomputing, nuclear energy, nanotechnology, semi-conductors, stealth technology, health care, hybrid grains, seeds and green energy.
Chinese intelligence uses bribery or phony business propositions in its recruitment efforts. Academics and scientists, for example, are offered payment for scholarly or professional papers and, in some cases, are later asked or pressured to pass on U.S. government or commercial secrets.
Some of those who set up fake accounts have been linked to IP addresses associated with Chinese intelligence agencies, while others have been set up by bogus companies, including some that purport to be in the executive recruiting business, said a senior U.S. intelligence official, who requested anonymity in order to discuss the matter.
The official said “some correlation” has been found between Americans targeted through LinkedIn and data hacked from the Office of Personnel Management, a U.S. government agency, in attacks in 2014 and 2015.
The hackers stole sensitive private information, such as addresses, financial and medical records, employment history and fingerprints, of more than 22 million Americans who had undergone background checks for security clearances.
The United States identified China as the leading suspect in the massive hacking, an assertion China’s foreign ministry at the time dismissed as `absurd logic.`
UNPARALLELED SPYING EFFORT
About 70 percent of China’s overall espionage is aimed at the U.S. private sector, rather than the government, said Joshua Skule, the head of the FBI’s intelligence branch, whose responsibilities include ensuring the flow of intelligence to the bureau’s counter-espionage operations.
“They are conducting economic espionage at a rate that is unparalleled in our history,” he said.
Evanina said five current and former U.S. officials - including Mallory - have been charged with or convicted of spying for China in the past two and a half years.
He indicated that additional cases of suspected espionage for China by U.S. citizens are being investigated, but declined to provide details.
U.S. intelligence services are alerting current and former officials to the threat and telling them what security measures they can take to protect themselves.
Some current and former officials post significant details about their government work history online - even sometimes naming classified intelligence units that the government does not publicly acknowledge.
LinkedIn “is a very good site,” Evanina said. “But it makes for a great venue for foreign adversaries to target not only individuals in the government, formers, former CIA folks, but academics, scientists, engineers, anything they want. It’s the ultimate playground for collection.”
=================================================================
Since LinkedIn is a business site and most members have enterprise computers with TPMs, why not require users to register with an activated TPM. imo. Another words keep the bad guys off the LinkedIn network. Mobile could use the MTM in phones to identify the user to the network.
=================================================================
Wave Knowd could work well here as well. imo.
=================================================================
May 9, 2013
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
... WAVX), the Trusted Computing Company, today announced Wave Knowd, a new web service available for preview that significantly reduces the ... of computing devices. With a simple integration of Wave Knowd, any website can establish reliable and consistent identity relationships ...
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Key Areas Governments Can Benefit from Social Media
https://www.nextgov.com/ideas/2018/08/key-areas-governments-can-benefit-social-media/150770/
Real-time communications with citizens are just one of the advantages of a social media plan.
Social media has become a critical communications tool for government agencies. It’s a direct lifeline to their constituents and the use cases of social media are endless. Take for example the ability to encourage constituents to sign up for health care directly, or altering commuters in real time any delays or outages in public transportation. When it comes to emergencies, social media could literally be a life or death resource, directing citizens to the nearest disaster relief centers or educating them on the latest rescue efforts.
Yet, despite the clear benefits associated with social media, many government agencies are still struggling to include social media in their broader outreach programs. A recent survey conducted by Hootsuite found that 87 percent of government agency respondents felt that their social media programs have room for improvement, but only 40 percent had a clear path moving forward with social.
Taking into account the growth and importance of social media, there are some key areas that government agencies would see clear, actionable benefits from increasing their commitment to social media use.
A More Informed Public
According to Hootsuite’s survey, citizen engagement ranked as the highest priority for government agencies on social media, this holds particularly true for state and local governments, with nearly 90 percent reporting that they use social media for citizen engagement.
By using social media for citizen engagement, government agencies are seeing a two-way benefit, not only are their citizens more informed but the agencies themselves are better understanding the needs of their constituents, leading to a happier overall community.
Tapping into Unused Resources
Government agencies often struggle with budget constraints related to service teams. Social media empowers government customer service teams to quickly identify and engage with unhappy or unsatisfied constituents through the use of hashtags, agency mentions and relevant keywords. Cost savings are possible if governments integrate social media as a real-time channel for responding to individuals, rather than relying on a ticket-based help desk or call center.
Take for example the use case of New York City’s 311 service as a compelling example of how governments can use social media to support an effective service delivery strategy. 311 has encouraged city residents to file complaints digitally to report potholes, damaged roads, missed garbage collections and similar issues. This allows the agency to collect the information in a more efficient manner and frees up other resources within the department.
Communications in Real Time
Traditional forms of communication no longer cut it when it comes to crisis response; citizens want to be informed in an immediate and up-to-date manner, which is where social media plays a critical role. In fact, critical response should be the number one use of government social media, simply because during a time of crisis, people turn to social channels first.
Nearly 84 percent of respondents to Hootsuite’s survey identified keeping citizens better informed as the number one benefit of social media for critical response communications. Rumor control and faster response times also rank highly, at 60 and 50 percent respectively.
Creating an Employer Brand that Attracts and Retains Talent
Government agencies struggle to find suitable recruits and the issue is only going to become more complicated as more and more vacancies open up due to baby-boomer retirements. At the moment, most agencies use social media as a simple job posting board in the hopes that someone applies. However, the creative capabilities of employer branding have not been realized yet.
Nearly 20 percent of survey respondents said they have seen no benefit in recruitment, indicating untapped potential in the area of using social media for employee branding. A strong employer brand is a direct correlation between increased talent attraction and employee retention. By creating a social media presence that informs and engages potential, and current, employees agencies can generate goodwill and positive branding that entices people to want to be a part of what’s happening. The tertiary benefit to this is it also creates a brand that becomes engaging from a citizen perspective, increasing the number of conversations and use cases the agency has with the public.
The power of social media to quickly and efficiently share information with citizens and stakeholders is clear. This dynamic has changed the way government engages with citizens, replacing traditional one-way communication with two-way conversations. There is still much to be done, especially in an era that demands efficiency, modernization and rapid response. By adopting social media strategies and tools that can improve collaboration, remove silos to social media success, and provide deep insights, governments can continue taking steps to transform their operations and take the social advantage.
================================================================
https://www.wavesys.com/buzz/pr/protect-content-cloud-scrambls-files
Palo Alto, CA -
November 13, 2012 -
Today scrambls announced Scrambls for Files as the next enhancement to the free service designed to allow you to control your social media, manage your online privacy, and decide who to share with. Scrambls for Files brings the power of scrambls into Microsoft Windows, for easy encryption of all types of files and folders before they are sent over the open Web.
Cloud storage and social media services have become increasingly prevalent in the market, with consumers quick to embrace the benefits. Yet there are vulnerabilities in the current model of uploading information into the cloud, and then trusting third parties to apply the proper privacy, security and authentication policies. Scrambls for Files brings a more secure method of data transfer for sharing files and folders anywhere you happen to be on the Web. With scrambls, users even maintain control to change who can read messages and files even after the fact.
“This is an important solution to consider for anyone that wants to safely and securely use cloud storage services like Dropbox™ or Microsoft SkyDrive™. Only members of your specified scrambls groups are aware of and can access the content, and you maintain the dynamic control to change those permissions anytime,” said Michael Sprague, scrambls co-creator. “Cloud storage and social media services see only the encrypted data, and we don’t even see it here at scrambls—we only manage the keys and groups as a trusted third party.”
The power lies in the dynamic groups offered by scrambls. Users choose exactly who can see and read anything scrambled, by forming groups (based upon email address, Facebook contacts/groups, etc.). With the same simplicity of scrambls text messages, users just choose what individuals or groups are permitted to read a file. Scrambls will decrypt and display both text and files. Retract messages and/or files by changing the groups or individuals authorized; schedule a specific time for messages and files to appear or expire; and much more.
“Scrambls can be used to encrypt your posts and files for enterprise-caliber protection wherever they travel across the networked social web,” continued Sprague. “Secure what you place in cloud storage and take control over who can read sensitive information. The keys to unlock your encrypted data remain separate from the content, only to be brought back together when the people you authorize look to pull that message down from the cloud. Everyone else will only see scrambled text.”
While encryption concepts are not new, they’ve traditionally been a burden to use. The simplicity and power of scrambls’ groups mechanism sets it apart. Sharing scrambled files does not require circulation of a password or management of enterprise encryption key servers. Users simply choose who is authorized to read anything and those people or groups are granted rights—all they need is a scrambls account of their own.
Scrambls is a platform that can be used with any service, to add the protection of scrambls into any web service and infrastructure you already know and use (Facebook, DropBox, email, Active Directory, etc.). The new model of information sharing supports file and folder encryption for all Microsoft Windows platforms.
Introducing Scrambls Professional for Power Users:
Scrambls continues to introduce more functionality, expanding what users can do with their groups & connections. Scrambls for Files is the latest of these innovations, following the recent Facebook Integration for login and group creation and several mobile apps.
With Scrambls for Files, a premium offering of scrambls will be introduced for heavier usage that brings added benefits to scrambls’ most active users. Scrambls is committed to keeping basic use free for any consumer to secure their social communications over the open Web. The professional version allows unlimited use of Scrambls for Files, along with more features and functionality that are yet to come.
During an initial free trial period, every scrambls user will be given one free year of the professional offering (both new and existing users). Visit www.scrambls.com to sign up for free today.
Build scrambls Into Your Next App:
Scrambls also serves as a platform for integrating security and control for third-party solutions, protecting users’ interactions with the social web. App developers and social media providers interested in augmenting the privacy and security of their own applications and services can leverage scrambls’ software developer kit. The SDK enables third-party apps and sites to integrate directly with scrambls, for a comprehensive and reliable solution backed by enterprise security veteran Wave Systems. For more information, visit: http://developer.scrambls.com.
CEIDPageLock Rootkit Hijacks Web Browsers
https://www.securityweek.com/ceidpagelock-rootkit-hijacks-web-browsers
A new rootkit that has been distributed via the RIG exploit kit over the past few weeks can manipulate web browsers and also contains sophisticated defense mechanisms, Check Point says.
Dubbed CEIDPageLock, the malware was initially discovered a few months ago, when it was attempting to modify the homepage of a victim’s browser. The rootkit is currently attempting to turn the victim browser’s homepage into a site pretending to be a Chinese web directory.
On top of these sophisticated features, the latest versions of the malware monitors user browsing and, when the user attempts to access several popular Chinese websites, it dynamically replaces the content of those sites with the fake home page.
“Browser hijacking employed by malware like CEIDPageLock, can be profitable due to revenue earned via redirecting victims to search engines that share ad revenue with the referrers,” Check Point explained.
The malware’s operators also use a series of hijacking tricks to gather data on the victims’ browsing habits, such as the monitoring of visited sites, which could be used for its own ad campaigns or sold to other companies.
A dropper is used during infection, to extract a digitally signed 32-bit kernel-mode driver. The certificate was issued by Thawte but has been already revoked. After registering and starting the driver, the dropper sends the infected machine’s MAC address and user-id.
The driver is launched during startup and remains fairly stealthy, being able to evade antivirus solutions. It was designed to connect to one of two command and control (C&C) domains hardcoded in it and to download a homepage configuration to tamper the browser with.
The newer version of the malware is also packed with VMProtect, thus making analysis and unpacking difficult, especially since it is also a kernel mode driver, Check Point notes.
The iteration also includes a “redirection” capability, to send victims to the fake homepage whenever they attempt to access targeted sites. The rootkit also checks every outgoing HTTP message for specific strings and adds the process to the redirected list when a string is encountered.
The malware also blocks browsers from accessing a series of anti-virus’ files and includes the ability to create registry key in a security product.
The vast majority of CEIDPageLock’s targets are located in China, with only a negligible number of infections outside the country, Check Point says.
“At first glance, writing a rootkit that functions as a browser hijacker and employing sophisticated protections such as VMProtect, might seem like overkill. However, it seems that this simple malicious technique can be very profitable and thus the attackers believe that it is worthwhile to invest in building a stealthy and persistent tool for it,” the security firm notes.
Furthermore, the malware has the ability to execute code on an infected device. Coupled with the fact that it operates from the kernel and its persistence mechanism, CEIDPageLock is “a potentially perfect backdoor,” Check Point concludes.
=================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
An open standard means Wave works with everything
Wave Endpoint Monitor works on your existing hardware, across platforms. That’s because our solutions are based on an open standard that’s already been implemented on many laptops and is now working its way onto mobile devices. We’re talking about those TPMs. We just don’t think that expensive new equipment and vendor lock-in are great selling points.
Be proactive on compliance
No new regulations here—yet. But government agencies recognize malware as a growing threat. In 2011, NIST published guidelines for basic input/output system (BIOS) integrity measurement, the BIOS being what initializes a computer when it boots up. When this critical system is malware’s target, the consequences are big. The guidelines describe what’s needed to establish a chain of trust for the BIOS: Has it been tampered with? NIST actually looked to Wave for feedback on this document (see the acknowledgments). We know what’s needed, because Wave Endpoint Monitor is already doing it.
Machine Identity Failings Expose Firms
https://www.infosecurity-magazine.com/news/firms-failing-crucial-machine/?utm_source=dlvr.it&utm_medium=twitter
Nearly all IT decision makers believe that protecting machine identities is as important or more important that human identity management, but most struggle to deliver that protection, according to a new Forrester study.
The analyst firm was commissioned by Venafi to poll 350 global IT leaders about the challenges facing them from securing machine identities, which 80% said they are having difficulties with.
In this context, “machine” could mean any kind of digital entity on a network, according to Venafi vice-president of security strategy and threat intelligence, Kevin Bocek.
“This means that everything including websites software, applications, devices, even algorithms, are machines,” he told Infosecurity. “And every single one of them needs an identity in order to communicate with other machines securely.”
Unfortunately, while IAM in the context of human identities is maturing, this failure to protect digital entities represents a coming security storm.
Nearly half (47%) of respondents said protecting machine identities and human identities will be equally important to their organizations over the next 12-24 months, while 43% claimed machine identity protection will be more important.
The vast majority (70%) admitted they are tracking fewer than half of the most common types of machine identities found on their networks, including cloud instances (56%), mobile devices (49%), SSH keys (29%) and containers and microservices (25%).
This could expose them to the risk of customer and corporate data theft, process disruption, downtime and customer attrition, the report claimed.
Bocek explained that machine identity attacks typically follow one of three methods.
“In the first, hackers steal machine identities for spoofing purposes, using them to establish themselves as trusted inside a network or to move around without being detected. Last year, for example, saw over 14,000 fake PayPal sites set up by scammers abusing machine identity to help them trick unsuspecting web users,” he said.
“The second scenario sees the misuse of machine identity to cause havoc across the victim’s entire network — a classic example of this would be the 2015 Ukrainian power grid attack when Russia managed to insert a valid SSH key into the grid and used it to shut down power across the country. Lastly, stolen machine identities are also used by hackers who want either to infiltrate an organization without being noticed and exfiltrate large amounts of data, hit targets with malware such as SQL injection attacks or cross-scripting attacks or to escalate privileges.”
Mitigating machine identity attacks requires IT teams to gain visibility into the location of every digital entity on the network and ensure their keys and certificates are valid and up-to-date.
“Organizations need to automate the process of securing machine identities, since in today’s environment, they’re being created and used on a scale that only other machines can keep up with,” Bocek added. “For any mid- to large-size organization, centralizing and automating the discovery, replacement and remediation of all machine identities on a network is the only realistic defense.”
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
Decrease expenses with virtual smart cards
You know what else happens when you take passwords out of the equation? A lot fewer calls to IT. Imagine if you took password resets out of the picture – that frees up a chunk of IT time, lowering your operating expenses significantly.
If your organization currently uses traditional tokens or smart cards, switching to virtual smart cards takes an even bigger burden off of IT – we use the hardware-protected credentials in the TPM to create a virtual smart card, which performs the same functionality as traditional smart cards. That means no need to purchase, deploy, replace or maintain external tokens, smart cards or smart card readers. Because virtual smart cards are already on your machines and can’t be forgotten, lost or stolen, you have lower capital expenses and lower operating expenses.
Key features at the link above-
================================================================
https://www.wavesys.com/data-sheet-embassy%C2%AE-remote-administration-server-eras
China Is Quickly Becoming an AI Superpower
https://singularityhub.com/2018/08/29/china-ai-superpower/#sm.00001siozambrergzpo2iba48bn46
Last year, China’s government put out its plan to lead the world in AI by 2030.
As Eric Schmidt has explained, “It’s pretty simple. By 2020, they will have caught up. By 2025, they will be better than us. By 2030, they will dominate the industries of AI.”
And the figures don’t lie.
With a $14 trillion GDP, China is predicted to account for over 35 percent of global economic growth from 2017 to 2019—nearly double the US GDP’s predicted 18 percent.
And AI is responsible for a big chunk of that.
PricewaterhouseCoopers recently projected AI’s deployment will add $15.7 trillion to the global GDP by 2030, with China taking home $7 trillion of that total, dwarfing North America’ $3.7 trillion in gains. In 2017, China accounted for 48 percent of the world’s total AI startup funding, compared to America’s 38 percent.
Already, Chinese investments in AI, chips, and electric vehicles have reached an estimated $300 billion. Meanwhile, AI giant Alibaba has unveiled plans to invest $15 billion in international research labs from the US to Israel, with others following suit.
Beijing has now mobilized local government officials around AI entrepreneurship and research, led by billions in guiding funds and VC investments. And behind the scenes, a growing force of driven AI entrepreneurs trains cutting-edge algorithms on some of the largest datasets available to date.
As discussed by Kai-Fu Lee in his soon-to-be-released book AI Superpowers, four main drivers are tipping the balance in China’s favor:
1.Abundant data
2.Hungry entrepreneurs empowered by new tools
3.Growing AI expertise
4.Mass government funding and support
Let’s dive in.
1. Abundant Data
Perhaps China’s biggest advantage is the sheer quantity of its data. Tencent’s WeChat platform alone has over one billion monthly active users. That’s more than the entire population of Europe. Take mobile payments spending: China outstrips the US by a ratio of 50 to 1.Chinese e-commerce purchases are almost double US totals.
But China’s data advantage involves more than just quantity. As China witnesses an explosion of O2O (online-to-offline) startups, their data is creating a new intelligence layer unparalleled in the West.
Whereas American users’ payment and transportation data are fragmented across various platforms, Chinese AI giants like Tencent have created unified online ecosystems that concentrate all your data in one place.
Take mobile payment data, for instance. While the US saw $112 billion worth of mobile payments in 2016, Chinese mobile payments exceeded $9 trillion in the same year.
That means mobile payment platforms like WeChat Wallet and Alipay have data on everything from your dumplings purchase from a street vendor to your recent 100 RMB donation to an earthquake relief fund. This allows them to generate complex maps charting hundreds of millions of users’ every move.
With the unequaled rise of bike-sharing startups like China’s ofo and Mobike, Chinese companies can now harness deeply textured maps of population movement, allowing them to intuit everything from your working habits to your grocery shopping routine.
And as China’s facial recognition capacities explode, these maps are increasingly populated with faces even when you’re not online.
As Chinese tech companies continue merging users’ online behavior with their physical world, the data they collect offers them a tremendous edge over their Silicon Valley counterparts.
This brings me to our second AI driver: hungry entrepreneurs.
see link for rest of article.
=================================================================
Could Wave ERAS (not letting in the bad guys), Wave Endpoint Monitor, and Wave VSC 2.0 be the cybersecurity products that stop AI dead in its tracks? China could use AI for bad reasons and imo these are Wave products that could stop it.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Air Canada Discloses Mobile App Data Breach Affecting 20,000
https://www.pcmag.com/news/363421/air-canada-discloses-mobile-app-data-breach-affecting-20-000
The breach may have exposed users' names, email addresses, phone numbers, passport numbers, genders, birthdates, nationalities, and other sensitive information. As a precaution, the company will require all app users to change their passwords.
Air Canada on Tuesday disclosed a data breach that exposed the personal information of around 20,000 of its mobile app users.
"We recently detected unusual login behavior with Air Canada's mobile app between Aug. 22-24, 2018," the company wrote in a notice to customers. "We immediately took action to block these attempts and implemented additional protocols to block further repeated unauthorized attempts."
The company said about 1 percent of the 1.7 million Air Canada mobile app user profiles—or 20,000 in total—"may potentially have been improperly accessed." The breach exposed users' names, email addresses, phone numbers, and any other information they have added to their profiles. That could include a user's passport number, passport expiration date, passport country of issuance and country of residence, Aeroplan number, NEXUS number, Known Traveler Number, gender, birthdate, and nationality.
The company said credit card information is protected. "Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards," the notice reads.
Air Canada is now notifying all potentially affected individuals via email.
"If you did not receive an email from Air Canada specifically advising you that your Air Canada mobile App account may have been improperly accessed, we are confident your account was unaffected during this period," the company wrote.
As a precaution, however, the company has locked all Air Canada mobile app accounts. All 1.7 million users will need to change their passwords "using improved password guidelines" to access their accounts.
"It is important to select a robust password as per our instructions when you reset your account," the company advised. "We recommend customers regularly review their financial transactions, be aware of any changes in their credit rating, and contact their financial services provider immediately if they become aware of any unusual or unauthorized transactions."
================================================================
Wave Knowd (although still retired) is a better system with better security than two factor authentication (which Air Canada could use like many other companies) with SMS and more convenient for the user. Wave Knowd would get a much higher participation percentage than (2FA)/SMS and is better for the company and users. imo. It seems that companies like Fiserv and Air Canada could benefit tremendously from a great technology that was ahead of its time.
================================================================
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
================================================================
Data of 130 Million Chinese Hotel Chain Guests Sold on Dark Web Forum
https://www.bleepingcomputer.com/news/security/data-of-130-million-chinese-hotel-chain-guests-sold-on-dark-web-forum/
A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum.
The breach was reported today by Chinese media after several cyber-security firms spotted the forum ad [1, 2, 3, 4].
The seller said he obtained the data from Huazhu Hotels Group Ltd (Huazhu from hereafter), one of China's largest hotel chains, which operates 13 hotel brands across 5,162 hotels in 1,119 Chinese cities.
Forum ad claims to sell
According to a description the hacker posted online, the stolen data is 141.5GB in size, contains 240 million records, with information on roughly 130 million hotel guests that stayed at one of Huazhu hotels.
The following user data is believed to be sold online: official website registration information (ID card number, mobile phone number, email address, login password); check-in registration information (customer name, ID card number, home address, birthday), and booking information (name, card number, mobile phone number, check-in time, departure time, hotel ID number, room number).
The data appears to be from customers who stayed at any of Huazhu's hotel brands —Hanting Hotel, Grand Mercure, Joye, Manxin, Novotel, Mercure, CitiGo, Orange, All Season, Starway, Ibis, Elan, Haiyou.
A Huazhu spokesperson did not answer a request for comment from Bleeping Computer, but the hotel chain published a statement on Chinese social network Weibo. A spokesperson said the company is still investigating the breach and that authorities have been notified.
Breach traced to GitHub snafu
Chinese cyber-security firm Zibao told a local news outlet that they've verified the data and said to be authentic.
A Zibao spokesperson, along with other security researchers, said they believe the breach to have happened earlier this month.
They said the cause of the breach appears to be a mistake on the part of the Huazhu's development team, who seem to have uploaded copies of their database on a GitHub account.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card *
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
* - most applicable Wave product to help prevent data breaches.
Wave was once very involved in the Chinese market. It seems that this incident could rekindle that market.
Fiserv Flaw Exposed Customer Data at Hundreds of Banks
Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned.
Brookfield, Wisc.-based Fiserv [NASDAQ:FISV] is a Fortune 500 company with 24,000 employees and $5.7 billion in earnings last year. Its account and transaction processing systems power the Web sites for hundreds of financial institutions — mostly small community banks and credit unions. According to FedFis.com, Fiserv is by far the top bank core processor, with more than 37 percent market share.
Two weeks ago this author heard from security researcher Kristian Erik Hermansen, who said he’d discovered something curious while logged in to an account at a tiny local bank that uses Fiserv’s platform.
Hermansen had signed up to get email alerts any time a new transaction posted to his account, and he noticed the site assigned his alert a specific “event number.” Working on a hunch that these event numbers might be assigned sequentially and that other records might be available if requested directly, Hermansen requested the same page again but first edited the site’s code in his browser so that his event number was decremented by one digit.
In an instant, he could then view and edit alerts previously set up by another bank customer, and could see that customer’s email address, phone number and full bank account number.
Hermansen said a cybercriminal could abuse this access to enumerate all other accounts with activity alerts on file, and to add or delete phone numbers or email addresses to receive alerts about account transactions.
This would allow any customer of the bank to spy on the daily transaction activity of other customers, and perhaps even target customers who signed up for high minimum balance alerts (e.g., “alert me when the available balance goes below $5,000”).
“I shouldn’t be able to see this data,” Hermansen said. “Anytime you spend money that should be a private transaction between you and your bank, not available for everyone else to see.”
Hermansen said he told his bank about what he found, and that he tried unsuccessfully to get the attention of different Fiserv employees, including the company’s CEO via LinkedIn. But he wasn’t sure whether the flaw he found existed in all bank sites running on Fiserv’s ebanking platform, or just his bank’s installation.
Naturally, KrebsOnSecurity offered to help figure that out, and to get Fiserv’s attention, if warranted. Over the past week I signed up for accounts at two small local banks that each use Fiserv’s online banking platform.
In both cases I was able to replicate Hermansen’s findings and view email addresses, phone numbers, partial account numbers and alert details for other customers of each bank just by editing a single digit in a Web page request. I was relieved to find I could not use my online account access at one bank to view transaction alerts I’d set up at a different Fiserv affiliated bank.
But it was not difficult to find hundreds of other Fiserv-affiliated banks that would be just as vulnerable. If a bank is using Fiserv’s platform, it usually says so somewhere at the bottom of the bank’s home page. Another giveaway is that most of the bank sites using Fiserv display the same root domain name in the browser address bar after login: secureinternetbank.com.
Fiserv said in a statement that the problem stemmed from an issue with “a messaging solution available to a subset of online banking clients.” Fiserv declined to say exactly how many financial institutions may have been impacted overall. But experts tell KrebsOnSecurity that some 1,700 banks currently use Fiserv’s retail (consumer-focused) banking platform alone.
“Fiserv places a high priority on security, and we have responded accordingly,” Fiserv spokesperson Ann Cave said. “After receiving your email, we promptly engaged appropriate resources and worked around the clock to research and remediate the situation. We developed a security patch within 24 hours of receiving notification and deployed the patch to clients that utilize a hosted version of the solution. We will be deploying the patch this evening to clients that utilize an in-house version of the solution.”
This author confirmed that Fiserv no longer shows a sequential event number in their banking sites and has replaced them with a pseudo-random string.
Julie Conroy, research director with market analyst firm Aite Group, said the kinds of banks that use Fiserv’s platform mostly are those that can’t afford to build and maintain their own.
“These financial institutions use a core banking provider like Fiserv because they don’t have the wherewithal to do it on their own, so they’re really trusting Fiserv to do this on their behalf,” Conroy said. “This will not only reflect on Fiserv’s brand, but also it will impact customer’s perception about their small local bank, which is already struggling to compete with the larger, nationwide institutions.”
Allen Weinberg, partner and co-founder at Glenbrook Partners LLC, said the ability of fraudsters to edit account transaction alerts somewhat negates the value of these alerts in helping consumers fight fraud tied to their online banking accounts.
“If a fraudster can just turn off the alerts, there’s one less protection that consumers think they have,” Weinberg said. “I think consumers do rely in large part on these alerts to help them detect fraudulent activity.”
The weaknesses in Fiserv’s platform is what’s known as an “information disclosure” vulnerability. While these are among the most common types of security issues with Web sites, they are also perhaps the most preventable and easily fixed.
Nevertheless, disclosure flaws can be just as damaging to a company’s brand as other more severe types of security errors. Other notable security incidents involving recent information disclosure issues include a weakness at Panera Bread’s site that exposed tens of millions of customer records, and a bug in identity protection service LifeLock’s site that revealed email addresses for millions of customers.
Update, 12:22 p.m. ET: Updated the second paragraph to include a link to information about Fiserv’s #1 market share. Also updated the story to reflect screen shots shared with KrebsOnSecurity indicating Hermansen was able to see full customer account numbers in his bank’s implementation of Fiserv’s platform. The account numbers I saw in both Virginia banks used in my testing were truncated to the last four digits.
=================================================================
While many years ago and with a unit that was sold off, Wave worked with and had an agreement with Efficient Forms (Fiserv division). Wave VSC 2.0 could add another level of security to Fiserv and the banks it serves. And ideally, Wave Knowd if taken out of retirement would be great for these banking customers. imo.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
Lee, MA -
May 9, 2013 -
Wave Systems Corp. (NASDAQ: WAVX), the Trusted Computing Company, today announced Wave Knowd, a new web service available for preview that significantly reduces the vulnerability and use of passwords by leveraging the unique identity of computing devices. With a simple integration of Wave Knowd, any website can establish reliable and consistent identity relationships with the devices its customers use most often for Internet services. Wave Knowd, which signifies “Known Devices,” is being tested by partners to provide the backbone for general purpose machine identity.
“The maturation of the web mandates a change in how we, and our computing devices, connect to the web,” said Steven Sprague, Wave CEO. “With cable television, satellite radio, bank kiosks and mobile phones, the service relationship is tied to the endpoint device. The web needs the security and simplicity of this same model, where our computing devices themselves play an added role in authentication. I access dozens of web services every day from the computer in my home office, and want those sites to know and trust my PC so they’ll stop continually asking me to log in. Wave Knowd enables that trust.”
To make web authentication stronger and simpler, Wave Knowd provides a new approach to signing on and accessing Cloud and Internet services. From online banking to business services and even consumer gaming, passwords are failing to provide a level of security that either service providers or users can trust. Knowd is built upon the concept that only known devices should ever access a protected network. Knowd incorporates all of your access and identity solutions together to establish a relationship of trust between users’ computing devices, and the web services they access.
“We interact online using so many devices now, but from a security perspective those devices aren’t all equal. Accessing medical records or confidential business files from my kid’s smartphone is certainly not as trustworthy as connecting from my business PC with an encrypted drive,” continued Mr. Sprague. “Wave Knowd is all about making the Web simpler and safer, and that new foundation of trust begins with known devices, and known capabilities.”
Once machine identity is established, any web site—from gaming, social networking or shopping; to banking, business and financial services—can use Wave Knowd to create a reliable and persistent identity for the connecting device. Knowd allows Web sites to streamline access for users who repeatedly log on from trusted devices, while bolstering security. Initial authentication creates a unique and anonymous relationship between each computing device and each web service accessed, and then the level of trust between the two grows over time. Knowing the device can also help the site prevent fraud and phishing, or simply provide quicker no-password access. Wave is the partner helping to create and manage these relationships.
“Wave Systems was the obvious choice to provide ID Dataweb’s attribute exchange with device identity services,” said David Coxe, CEO at ID Dataweb. “In Knowd, Wave has provided a system that is rooted in state of the art device security technologies such as the Trusted Platform Module and other secure elements, while also offering a simple web based integration. It’s easy to identify if a connecting device is highly trusted, or whether it requires added screening and security.”
ID Dataweb uses Wave’s Knowd solution as part of the Identity Ecosystem supported through a grant from the U.S. Department of Commerce’s National Institute of Standards and Technology’s NSTIC initiative (National Strategy for Trusted Identities in Cyberspace). ID Dataweb has created a standards-based platform to simplify online identity verification using OpenID credentials.
Providing the Tools to Manage Trust in the Cloud: What’s Your Trust Score?
Wave Knowd is a powerful enhancement for any website. The endpoint identity service links an individual users’ unique device identity, with the Internet services that are typically protected only by username and password access. Users are prompted by their cloud service provider to register their primary computing devices to create a unique and persistent device identity relationship with their Internet services and service providers. No personal ID information is obtained by Wave, as Knowd works purely as a machine identity service. Furthermore, registered devices are given a unique ID for every service provider, establishing a separate trust relationship with each service.
Wave Knowd asserts a Trust Score that helps both consumers and cloud services or relying parties to determine the level of trust granted to each specific computing device. For example, a home PC that is used regularly for banking will quickly build a high Trust Score. Users can achieve a higher Trust Score by installing a small software application (Wave Knowd currently supports Windows 7 and 8, with Apple and Android to follow later this year). Business-class PCs containing a standard Trusted Platform Module (TPM) can establish even greater trust by leveraging the TPM security chip to create and securely store a unique device ID.
Knowd provides a web service with a new capability to enable or disable features based on the device that the user is actively using, providing a new security option for the end user. Perhaps an account password can only be reset from the user’s registered home computer and not from anywhere in the world, thereby linking in all of the user’s investment in the security of their home, from their alarm system to the doorman. Every web service can benefit from integrating Wave Knowd as part of the user’s experience.
Wave Knowd is free to consumers, and reduces the authentication cost to providers. Knowd is available to relying parties using the standard OpenID protocol, and also offers a simple web API. For more information visit: ID.Wave.com
Antivirus Evasion for Penetration Testing Engagements
https://www.alienvault.com/blogs/security-essentials/antivirus-evasion-for-penetration-testing-engagements?utm_medium=Social&utm_source=THN&utm_content=SP&utm_campaign=AVEvastion_blog
Excerpts:
During a penetration testing engagement, it’s quite common to have antivirus software applications installed in a client’s computer. This makes it quite challenging for the penetration tester to run common tools while giving the clients a perception that their systems are safe, but that’s not always the case. Antivirus software applications do help in protecting systems but there are still cases where these defenses can be bypassed.
Antivirus evasion is a broad topic and this article only presents very basic methods to bypass detection when the program is resting as a file in a non-volatile storage. Evasion techniques for a run-time state are quite different and challenging because of behavior monitoring done by antivirus programs.
In this article, I will be discussing a few techniques that can be used to bypass antivirus software applications like string manipulation and code substitution. Before anything else however, an understanding of programming is required because I’ll assume that the detected software application has its source code available for modification. I’ll probably work out another separate article for evasion of programs that don’t have their source code available.
There will be two basic steps to do. First will be finding the cause of the detection while the next step goes into how the detection can be bypassed. This is because we won’t be able to fix something if we don’t know what the problem is.
rest is continued at the link
==================================================================
https://www.wavesys.com/malware-protection
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack
==================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
An open standard means Wave works with everything
Wave Endpoint Monitor works on your existing hardware, across platforms. That’s because our solutions are based on an open standard that’s already been implemented on many laptops and is now working its way onto mobile devices. We’re talking about those TPMs. We just don’t think that expensive new equipment and vendor lock-in are great selling points.
Be proactive on compliance
No new regulations here—yet. But government agencies recognize malware as a growing threat. In 2011, NIST published guidelines for basic input/output system (BIOS) integrity measurement, the BIOS being what initializes a computer when it boots up. When this critical system is malware’s target, the consequences are big. The guidelines describe what’s needed to establish a chain of trust for the BIOS: Has it been tampered with? NIST actually looked to Wave for feedback on this document (see the acknowledgments). We know what’s needed, because Wave Endpoint Monitor is already doing it.
Microsoft Windows zero-day vulnerability disclosed through Twitter
https://www.zdnet.com/article/windows-zero-day-vulnerability-disclosed-through-twitter/
Updated: There is no known workaround for the security flaw
Microsoft has quickly reacted to the disclosure of a previously unknown zero-day vulnerability in the Windows operating system.
On Monday, Twitter user SandboxEscaper revealed the existence of the bug on the microblogging platform. As reported by the Register, the user said:
"Here is the alpc bug as 0day. I don't f**king care about life anymore. Neither do I ever again want to submit to MSFT anyway. F**k all of this shit."
The user linked to a page on GitHub which appears to contain a proof-of-concept (PoC) for the vulnerability.
Following the disclosure, on Tuesday, Will Dormann, vulnerability analyst at CERT/CC verified the bug, adding that the zero-day flaw works "well in a fully-patched 64-bit Windows 10 system."
The Windows vulnerability is described as a local privilege escalation security flaw in the Microsoft Windows task scheduler caused by errors in the handling of Advanced Local Procedure Call (ALPC) systems.
If exploited, the zero-day bug permits local users to obtain system privileges. As ALPC is a local system, the impact is limited, but the public disclosure of a zero-day is still likely a headache for the Redmond giant.
There are no known workarounds for the vulnerability, which has been awarded a CVSS score of 6.4 -- 6.8.
SandboxEscaper's tweet has since been deleted. However, Microsoft has acknowledged the zero-day flaw.
This is likely to take place on September 11, the next scheduled Microsoft Patch Tuesday, unless the firm decides to issue an out-of-schedule patch.
Update 16.28 BST: A Microsoft spokesperson told ZDNet:
"Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule."
Update 17.38 BST: It appears that the discoverer of the vulnerability may have attempted to sell or at least enquire about selling the zero-day vulnerability last month. A Reddit user with the same name, SandboxEscaper, posted a number of times on Reddit asking about "selling Windows 0days." However, at the time of writing, the posts have been deleted.
=================================================================
There are many zero day flaws that require a product like Wave Endpoint Monitor to stop the ensuing zero day malware before they are patched (which in Microsoft's case could take until Sept. 11)
=================================================================
How to Detect Zero-Day Malware And Limit Its Impact
Antivirus systems alone cannot fight a growing category of malware whose strength lies in the fact that we have never seen it before. Dark Reading examines the ways in which zero-day malware is being developed and spread, and the strategies and products e
Author:
Fahmida Y. Rashid
Reports.InformationWeek.com -
Friday, November 9, 2012 -
Malware is becoming harder to detect using traditional security tools. Malware developers are increasingly using techniques such as polymorphism to make variants different enough from each other that they foil antivirus systems. Zero-day malware, by definition, is malware that isn’t recognized as a “known bad,” which puts IT administrators at a distinct disadvantage when it comes to fighting it.
Security experts recommend several techniques for battling zero-day malware, including behavioral analysis, network monitoring, situational awareness and even hardware-based security. In this report, Dark Reading looks at several categories of products that have emerged to address the zero-day malware problem, as well as how these products and processes can complement existing antivirus deployments. We examine how zero-day malware has proliferated and how IT administrators can defend their networks from malware they’ve never seen before.
see link for article
================================================================
https://www.wavesys.com/malware-protection
What is malware?
Malware is a general name for software that installs on your organization's computers and creates damage. It includes computer viruses, worms, Trojans, spyware, adware, rootkits, Advanced Persistent Threats and more. These malicious programs could be created by a tenacious adversary, or by financially motivated criminals and inserted into your organization's computers. They may lie there undetected for months or secretly do things like log your keystrokes, steal your passwords, harvest your address book, observe where you go on the Internet, report sensitive data to distant servers, or even wipe or encrypt your data. Recent high profile malware attacks on utilities and countries, even, introduced contaminated software reported to alter the working of physical devices, like uranium enrichment centrifuges, oil rig equipment and water pumps. Malware can be introduced through a web download, an email attachment or even a USB external device for networks that are not connected to the internet.
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.
APT's extent seems wider each week. News stories about targeted attacks on organizations appear weekly. Even more stories do not appear, as some malware is not detected for very long periods of time. Some malware described as "cutting edge" has code components that have been available for 3 and 4 years, thus dating their undetected time of life in the wild. With online tools, even a non-technical person can create one easily. And there are more ways than ever for malware to spread: the Internet, personal computing devices, downloads, email, social media sites. Government agencies recognize it as a growing threat. Early detection is the highest priority in this Cyberwar. In 2011 NIST published guidelines for establishing a chain of trust for the basic input/output system (BIOS), which initializes a computer when it boots up. This critical system is one of malware’s more consequential targets and an area specifically protected by Wave Systems in its products and in its thinking.
Wave’s solution: start with the device
If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.
Which other attack vector should you watch? One common vector that is used to attack even the most secure networks is physical devices – connected to USB, FireWire or SD. Our Data Protection Suite AV scanner allows you to block any unscreened device from connecting to any machine in the organization, until it has been scanned for known malware.
================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
An open standard means Wave works with everything
Wave Endpoint Monitor works on your existing hardware, across platforms. That’s because our solutions are based on an open standard that’s already been implemented on many laptops and is now working its way onto mobile devices. We’re talking about those TPMs. We just don’t think that expensive new equipment and vendor lock-in are great selling points.
Be proactive on compliance
No new regulations here—yet. But government agencies recognize malware as a growing threat. In 2011, NIST published guidelines for basic input/output system (BIOS) integrity measurement, the BIOS being what initializes a computer when it boots up. When this critical system is malware’s target, the consequences are big. The guidelines describe what’s needed to establish a chain of trust for the BIOS: Has it been tampered with? NIST actually looked to Wave for feedback on this document (see the acknowledgments). We know what’s needed, because Wave Endpoint Monitor is already doing it.
Austin, Texas, Just Became the US Army’s Silicon Valley
https://www.defenseone.com/technology/2018/08/austin-just-became-armys-silicon-valley/150835/?oref=DefenseOneTCO
The service is making a big bet that getting closer to tech startups will help deter future adversaries.
AUSTIN, Texas — If you were to write a scene set in “a hip tech hub,” you might limn the Capital Factory, a co-working space and startup accelerator in downtown Austin. On a typical day, you can find kids barely old enough to drink who are pitching their startups to top venture-capital firms in a sunlit space, full of beanbag chairs, fun wall murals, green protein shakes, and loads of snacks. It’s not the sort of place you would expect to find Gen. Jim McConville, the vice chief of staff of the U.S. Army. But last Thursday, that’s where he was, piloting a simulated plane.
“I’m trying to get off the grass,” McConville says from behind a virtual-reality headset. “I’ve flown fixed-wing but this is not the same.” As the helicopter pilot works to get “airborne,” the simulator records his eye movements — the screen in front of him shows a pupil — to determine cognitive load and understand where he is looking and where he’s experiencing stress. The software is constructing a data-driven picture of how he’s absorbed training, data he could use to improve his performance.
It’s the product of a young entrepreneur named David Zakariaie, founder of a company called Senseye. Just 21 years old, Zakariaie represents some of the best of America’s tech startup scene in 2018: ambitious, restless, and able to move a product from idea to reality far faster than the Pentagon can buy one. Proximity to people like him is a big part of why the Army stood up its new four-star Futures Command here on Friday.
“We need an environment to help us change our culture… to get access to talent and innovation,” Army Undersecretary Ryan McCarthy said.
=================================================================
Here are some links for the U.S. Army to perhaps see again. Wave has an exciting list of products that could help our government in a big way!!
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
https://www.wavesys.com/products/wave-self-encrypting-drive-management
NIST Calls For Comment of Ecommerce Security
https://www.infosecurity-magazine.com/news/nist-calls-for-comment-of?utm_source=twitterfeed&utm_medium=twitter
In an effort to reduce online fraud, the National Cybersecurity Center of Excellence (NCCoE), a subdivision of the National Institute of Standards and Technology (NIST), announced it is now accepting feedback on its draft exploring the ways in which multi-factor authentication can help to mitigate fraudulent online purchases.
As was the case in Europe after retailers adopted chip-and-pin technologies, retailers in the US have seen a spike in ecommerce fraud. In fact, the US saw a 30% increase in online fraud and credit card theft during 2017.
After chip-and-signature and chip-and-PIN security measures were adopted, cyber-criminals shifted their fraudulent activity to the ecommerce space. Ironically, the increased point-of-sale security has given rise to greater fraud with online card-not-present transactions.
The technology partners that collaborated on the project signed a cooperative research-and-development agreement and worked in a consortium with NIST to build the draft, NIST Special Publication 1800-17, Multifactor Authentication for E-Commerce. With the draft, retailers will able to successfully implement the example solutions by following the step-by-step guide.
Collaborating with stakeholders in the retail sector, NCCoE has developed a draft that explores the use of multifactor authentication in a variety of risk-based scenarios. “In the project’s example implementations, if certain risk elements (contextual data related to the transaction) are exceeded that could indicate an increased likelihood of fraudulent activity during the online shopping session, the purchaser will be prompted to present another distinct authentication factor – something the purchaser has – in addition to the username and password,” NIST wrote.
The practice guide is intended to help organizations reduce online fraudulent purchases, which includes the use of credentials stuffing to take over accounts. The guide also aims to protect the ecommerce systems of participating organizations, which will also demonstrate to customers that security is a priority for the organization. By providing greater situational awareness, the guide will allow retailers to avoid system-administrator-account takeover through phishing.
The guide has been divided into three volumes for greater ease of use. Comments are currently open and can be submitted to NIST by 22 October 2018 by using this online form.
================================================================
This may already be covered by the NSTIC which Knowd was a part of. Wave/BellId and Wave Knowd could have been ahead of their time and it would be a shame to see real ingenuity and great products go for naught. imo.
================================================================
Wave and Bell ID Partner to Combat Online Payment Fraud
https://www.wavesys.com/buzz/pr/wave-and-bell-id-partner-combat-online-payment-fraud
card-present transactions enabled for E-Commerce by integrating TPM technology
Lee, MA -
July 31, 2014 -
Wave Systems Corp. (NASDAQ: WAVX) announced it is partnering with chip lifecycle management solutions company, Bell ID, to offer a joint solution aimed at reducing online payment fraud. The solution will be marketed primarily to card issuing banks, as well as online merchants, governments, and enterprises worldwide.
Using Bell ID’s Trusted Service Manager and Secure Element in The Cloud (SEiTC) server, alongside Wave’s ERAS for TPM management and Wave’s endpoint identity and monitoring expertise, the combined offering provides robust protection for transactions and stored payments. The companies have executed a letter of intent and anticipate the signing of a definitive agreement in August.
The incident rate of card-not-present (CNP) fraud has been growing steadily over the past several years. According to a recent FICO Banking Analytics Blog, CNP fraud now accounts for close to half of all credit card fraud. Countries that have already adopted the EMV® card specification have seen CNP fraud rates increase. In the United States, CNP fraud is expected to rise significantly over the next eighteen months, as the EMV standard is put into effect. The EMV directive, which implements a global standard for a secure chip-based payment application, will make merchants liable for any fraud resulting from transactions on systems that are not EMV-capable.
“Wave’s robust product portfolio is very complementary to Bell ID’s strongly positioned solution set in the financial services market,” said Bill Solms, CEO, Wave Systems. “We see the EMV transition creating high demand for more secure transaction capabilities, and are confident that together we can provide financial institutions with a comprehensive solution for payment authorization and storage.”
“Bell ID has been a pioneer in developing and delivering cloud-based payment platforms,” adds Pat Curran, Executive Chairman at Bell ID. “We also have extensive experience in delivering EMV solutions globally and have witnessed fraud transition online as point-of-sale terminals in face-to-face transactions become more secure. We are therefore delighted to extend our offering with Wave to provide a secure online transaction and storage payment solution, which will mitigate against an expected rise in online fraud and provide a trusted link between device identity and internet services.”
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
Lee, MA -
May 9, 2013 -
Wave Systems Corp. (NASDAQ: WAVX), the Trusted Computing Company, today announced Wave Knowd, a new web service available for preview that significantly reduces the vulnerability and use of passwords by leveraging the unique identity of computing devices. With a simple integration of Wave Knowd, any website can establish reliable and consistent identity relationships with the devices its customers use most often for Internet services. Wave Knowd, which signifies “Known Devices,” is being tested by partners to provide the backbone for general purpose machine identity.
“The maturation of the web mandates a change in how we, and our computing devices, connect to the web,” said Steven Sprague, Wave CEO. “With cable television, satellite radio, bank kiosks and mobile phones, the service relationship is tied to the endpoint device. The web needs the security and simplicity of this same model, where our computing devices themselves play an added role in authentication. I access dozens of web services every day from the computer in my home office, and want those sites to know and trust my PC so they’ll stop continually asking me to log in. Wave Knowd enables that trust.”
To make web authentication stronger and simpler, Wave Knowd provides a new approach to signing on and accessing Cloud and Internet services. From online banking to business services and even consumer gaming, passwords are failing to provide a level of security that either service providers or users can trust. Knowd is built upon the concept that only known devices should ever access a protected network. Knowd incorporates all of your access and identity solutions together to establish a relationship of trust between users’ computing devices, and the web services they access.
“We interact online using so many devices now, but from a security perspective those devices aren’t all equal. Accessing medical records or confidential business files from my kid’s smartphone is certainly not as trustworthy as connecting from my business PC with an encrypted drive,” continued Mr. Sprague. “Wave Knowd is all about making the Web simpler and safer, and that new foundation of trust begins with known devices, and known capabilities.”
Once machine identity is established, any web site—from gaming, social networking or shopping; to banking, business and financial services—can use Wave Knowd to create a reliable and persistent identity for the connecting device. Knowd allows Web sites to streamline access for users who repeatedly log on from trusted devices, while bolstering security. Initial authentication creates a unique and anonymous relationship between each computing device and each web service accessed, and then the level of trust between the two grows over time. Knowing the device can also help the site prevent fraud and phishing, or simply provide quicker no-password access. Wave is the partner helping to create and manage these relationships.
“Wave Systems was the obvious choice to provide ID Dataweb’s attribute exchange with device identity services,” said David Coxe, CEO at ID Dataweb. “In Knowd, Wave has provided a system that is rooted in state of the art device security technologies such as the Trusted Platform Module and other secure elements, while also offering a simple web based integration. It’s easy to identify if a connecting device is highly trusted, or whether it requires added screening and security.”
ID Dataweb uses Wave’s Knowd solution as part of the Identity Ecosystem supported through a grant from the U.S. Department of Commerce’s National Institute of Standards and Technology’s NSTIC initiative (National Strategy for Trusted Identities in Cyberspace). ID Dataweb has created a standards-based platform to simplify online identity verification using OpenID credentials.
Providing the Tools to Manage Trust in the Cloud: What’s Your Trust Score?
Wave Knowd is a powerful enhancement for any website. The endpoint identity service links an individual users’ unique device identity, with the Internet services that are typically protected only by username and password access. Users are prompted by their cloud service provider to register their primary computing devices to create a unique and persistent device identity relationship with their Internet services and service providers. No personal ID information is obtained by Wave, as Knowd works purely as a machine identity service. Furthermore, registered devices are given a unique ID for every service provider, establishing a separate trust relationship with each service.
Wave Knowd asserts a Trust Score that helps both consumers and cloud services or relying parties to determine the level of trust granted to each specific computing device. For example, a home PC that is used regularly for banking will quickly build a high Trust Score. Users can achieve a higher Trust Score by installing a small software application (Wave Knowd currently supports Windows 7 and 8, with Apple and Android to follow later this year). Business-class PCs containing a standard Trusted Platform Module (TPM) can establish even greater trust by leveraging the TPM security chip to create and securely store a unique device ID.
Knowd provides a web service with a new capability to enable or disable features based on the device that the user is actively using, providing a new security option for the end user. Perhaps an account password can only be reset from the user’s registered home computer and not from anywhere in the world, thereby linking in all of the user’s investment in the security of their home, from their alarm system to the doorman. Every web service can benefit from integrating Wave Knowd as part of the user’s experience.
Wave Knowd is free to consumers, and reduces the authentication cost to providers. Knowd is available to relying parties using the standard OpenID protocol, and also offers a simple web API. For more information visit: ID.Wave.com
Cloud-based video creation service Animoto alerts California DOJ of possible data theft
The cloud-based video creation service Animoto disclosed to the California Attorney General's office last week that it discovered suspicious systems activity indicative of a July 10 breach that may have resulted in stolen information.
Affected data includes birth dates, geolocation, genders, email addresses and hashed and salted passwords. It is not known if the salt key for these passwords was also acquired; however, payment card information does not appear to be impacted.
According to Animoto's submitted notification, the company began investigating after receiving an alert of unusual activity on July 10. "Upon review, Animoto identified queries being run against its user database. Animoto immediately stopped the queries and launched an investigation with the assistance of third-party experts," the disclosure document states. On August 6, 2018, Animoto's investigation confirmed the queries were unauthorized and that user data may have been obtained on or around July 10, 2018."
Based in New York with an office in San Francisco, Animoto began informing potentially impacted individuals on Aug. 16, the notification continues, adding that in response to the incident, the company has changed employee and system passwords and is instructing users to do the same to their own passwords. Animoto also reduced the number of users who can access certain systems.
“Breaches in cloud environments are often the result of misconfigurations and poor security hygiene. With cloud attacks being increasingly automated, the timeframe to detect and respond is extremely brief," said Zohar Alon, CEO and co-founder of Dome9, in emailed comments. " Any door left open will be discovered and quickly used to exploit an organization's valuable assets. Businesses need to monitor their threat landscape on a real-time basis and enforce security discipline. Continuous compliance and active cloud protection are essential to keeping sensitive information safe and secure.”
================================================================
SANS: 20 critical security controls you need to add
https://www.networkworld.com/article/2992503/security/sans-20-critical-security-controls-you-need-to-add.html
1. Inventory of Authorized and Unauthorized devices
=================================================================
California Attorney General Concludes that Failing to Implement the Center for Internet Security's (CIS) Critical Security Controls 'Constitutes a Lack of Reasonable Security'
https://www.prnewswire.com/news-releases/california-attorney-general-concludes-that-failing-to-implement-the-center-for-internet-securitys-cis-critical-security-controls-constitutes-a-lack-of-reasonable-security-300223659.html
================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
Decrease expenses with virtual smart cards
You know what else happens when you take passwords out of the equation? A lot fewer calls to IT. Imagine if you took password resets out of the picture – that frees up a chunk of IT time, lowering your operating expenses significantly.
If your organization currently uses traditional tokens or smart cards, switching to virtual smart cards takes an even bigger burden off of IT – we use the hardware-protected credentials in the TPM to create a virtual smart card, which performs the same functionality as traditional smart cards. That means no need to purchase, deploy, replace or maintain external tokens, smart cards or smart card readers. Because virtual smart cards are already on your machines and can’t be forgotten, lost or stolen, you have lower capital expenses and lower operating expenses.
Wave's is the only management to support virtual smart cards on Windows 7, as well as Windows 8 and 8.1.
================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Tomorrow’s Intelligent Malware Will Attack When It Sees Your Face
https://www.defenseone.com/technology/2018/08/tomorrows-intelligent-malware-will-attack-when-it-sees-your-face/150550/?oref=DefenseOneTCO
IBM researchers have injected viruses with neural nets, making them stealthier and precisely targetable.
You may think today’s malware is bad, but artificial intelligence may soon make malicious software nearly impossible to detect as it waits for just the right person to sit in front of the computer. That’s according to work by a group of researchers with IBM, which they revealed at the BlackHat cybersecurity conference last week.
Here’s how the new smart spyware works and why it’s such a large potential threat. Traditional virus-catching software finds malicious code on your computer by matching it to a stored library of malware. More sophisticated anti-virus tools can deduce that unknown code is malware because it targets sensitive data. Advanced defensive software creates virtual environments, called sandboxes, in which to open suspicious file payloads to see how they act.
Now enter deep neural nets, or DNNs, which defy easy probing and exploration even by advanced human analysts, much less by software. In sort of the same way that the inner works of the mind are a mystery, it’s nearly impossible to understand how neural networks actually work to produce the outputs that they do.
A neural network has three layers. The first layer receives inputs from the outside world. Those could be keyboard commands, sensed images, or something else. The second layer is the indecipherable one. Called the hidden layer, it’s where the network trains itself to do something with the input it received from the first layer. The final layer is the output, the end result of the process. Because neural networks train themselves, it’s impossible to really see how they arrive at their conclusions.
The opaque nature of DNNs is one reason why policy, intelligence, and defense leaders have a lot of reservations about employing them in life-or-death situations. It’s hard for a commander to explain the decision to drop a bomb on a target based on a process that no one can explain. But they are becoming increasingly popular in commercial and civilian settings such as market forecasting because they work so well.
The IBM researchers figured out a way to weaponize that hidden layer; and that presents a big new potential threat.
“It’s going to be very difficult to figure out what it is targeting, when it will target, and the malicious code,” said Jiyong Jang, one of the researchers on the project.
Head researcher Marc Ph. Stoecklin said,“The complex decision-making process of a [deep neural net] model is encoded in the hidden layer. A conventional virus scanner can’t identify the intended targets and a sandbox can’t trigger its malicious behavior to see how it works.”
That’s because the program needs a key to open it up, a series of values that matches an internal code. The IBM team decided to make the key a specific person’s face — or more precisely, the set of data generated by a facial-recognition algorithm. They concealed it in applications that don’t trigger a response from antivirus programs, applications like the ones that run the camera, for instance. The neural network will only produce the key when the face in view matches the face it is expecting. With the camera under its control, the DNN sits quietly, waiting and watching for the right person. When that person’s face appears before the computer, the DNN uses the key to decrypt the malware and launch the attack.
And face data is just one kind of trigger, the team said. Audio and other means could also be used.
=================================================================
How to Detect Zero-Day Malware And Limit Its Impact
https://www.wavesys.com/buzz/news/how-detect-zero-day-malware-and-limit-its-impact
Author:
Fahmida Y. Rashid
Reports.InformationWeek.com -
Friday, November 9, 2012 -
Malware is becoming harder to detect using traditional security tools. Malware developers are increasingly using techniques such as polymorphism to make variants different enough from each other that they foil antivirus systems. Zero-day malware, by definition, is malware that isn’t recognized as a “known bad,” which puts IT administrators at a distinct disadvantage when it comes to fighting it.
Security experts recommend several techniques for battling zero-day malware, including behavioral analysis, network monitoring, situational awareness and even hardware-based security. In this report, Dark Reading looks at several categories of products that have emerged to address the zero-day malware problem, as well as how these products and processes can complement existing antivirus deployments. We examine how zero-day malware has proliferated and how IT administrators can defend their networks from malware they’ve never seen before.
click 'read more' at article link for more.
Comodo Cybersecurity Launches Zero-day Challenge to AV Industry
While Comodo has interesting comments on the antivirus industry, Wave Endpoint Monitor is a better product. imo.
https://www.comodo.com/news/press_releases/2018/08/Comodo-Cybersecurity-Launches-Zero-day-Challenge-to-AV-Industry.html
Highlights vendor practices, shortcomings of detection and AI; calls for greater transparency
CLIFTON, NJ and Las Vegas NV – August 7, 2018 – Comodo Cybersecurity, a global leader in threat intelligence and malware cyber defense, today announced the launch of the Comodo Zero-day Challenge. This new initiative highlights the inadequacies of current practices in the anti-virus (AV) industry.
In particular, the Challenge seeks to unmask how AV vendors mislead customers, and the investment community, into believing that detecting massive volumes of out-of-date malware is a substitute for real protection against the thousands of new malware attacks mounted every day. While AV vendors brazenly tout their success, their clients continually suffer data breaches. To support their claims, they hide behind the terms of Google’s VirusTotal program, abusing the collective power of the VirusTotal engine and the community behind it.
In response, Comodo Cybersecurity invites AV end-users in enterprise and small businesses, as well as other members of the endpoint security ecosystem, to submit their malware of choice to the company’s Valkyrie malware verdicting tool and freely share the results.
VirusTotal and How AV Vendors Abuse It
VirusTotal (www.virustotal.com) is Google’s crowd-sourced virus scanning project. VirusTotal solicits suspect files and URLs and scans them with solutions from over 70 AV tools suppliers. Basic results are shared with submitters and among participating commercial partners (subscribers), who use results to improve their anti-virus software, in theory, collectively contributing to the improvement of global IT security. Key to VirusTotal’s ability to attract commercial participants have been the project’s Terms of Service, wherein participants agree not to “use the Service in any way which could infringe the rights or interests of VirusTotal, the Community or any third party, including for example, to prove or disprove a concept or discredit, or bait any actor in the anti-malware space”
“Subscribing vendors use these terms to conceal the inadequacies of their AV tools and to hide downright deceptive practices,” noted Comodo President and CEO Steve Subar. “VirusTotal is the victim, not the villain, and end-users are exposed to massive amounts of malware as a result.”
Comodo avers that the actual deception is threefold, and that AV suppliers often:
Lack actual competence in virus detection, riding piggyback on VirusTotal, and depend on the detection capability of others, without acknowledging that dependence
Overstate and distort the effectiveness of detection, hide misidentification and false positives, trumpet their embrace of AI as a bluff and attempt to “game” tests with repacked viruses and fake malware to overstate their results
Abuse VirusTotal and other community resources for reporting the supposed efficacy of detection, leveraging a well-intentioned and open portal to support deceptive practices
Protection > Detection
Since the appearance of the first computer viruses in the 1980s, anti-virus technology has involved two steps: detect and remediate. “The detect-remediate paradigm has always been an unwinnable paper chase,” added Subar. “Detection and remediation depend on knowledge gleaned from prior encounters with a virus. New viruses, a.k.a. zero-day threats, slip right by blacklist-based AV tech. And thousands of new threats appear every day.
“Detect-Remediate is inherently flawed,” Subar continued. “Effective detection requires vendors to keep virus registries 100% current – an impossible task – and stymied by AI-powered algorithms not being able to distinguish between malicious and benign code 100% of the time.
“Actual protection involves much more than mere detection,” added Subar. “Protection is preemptive and comprehensive, stopping all unknown files before they can damage system resources and user assets. Protection renders both known and unknown malware harmless.”
The Comodo Zero-Day Challenge
Comodo Cybersecurity invites IT end-users, researchers and interested third-parties to put Comodo to the test by submitting their chosen malware to the Valkyrie Verdict engine. If they can show that Valkyrie fails to detect actual malware (not bogus benign bait), the company will publicize the submission and add it to their verdicting database.) If Valkyrie correctly identifies submissions as malware, Comodo will still publicize the submission, along with your name and photo, as proof of company technology.
================================================================
How to Detect Zero-Day Malware And Limit Its Impact
https://www.wavesys.com/buzz/news/how-detect-zero-day-malware-and-limit-its-impact
Author:
Fahmida Y. Rashid
Reports.InformationWeek.com -
Friday, November 9, 2012 -
Malware is becoming harder to detect using traditional security tools. Malware developers are increasingly using techniques such as polymorphism to make variants different enough from each other that they foil antivirus systems. Zero-day malware, by definition, is malware that isn’t recognized as a “known bad,” which puts IT administrators at a distinct disadvantage when it comes to fighting it.
Security experts recommend several techniques for battling zero-day malware, including behavioral analysis, network monitoring, situational awareness and even hardware-based security. In this report, Dark Reading looks at several categories of products that have emerged to address the zero-day malware problem, as well as how these products and processes can complement existing antivirus deployments. We examine how zero-day malware has proliferated and how IT administrators can defend their networks from malware they’ve never seen before.
click 'read more' at article link for more.
Read more...
================================================================
Wave Endpoint Monitor Delivers a Powerful Weapon in the Battle against Advanced Persistent Threats
Monitors PC Health, Detects Anomalous Behavior & Ensures a Higher Level of Trust in the Endpoint
https://www.wavesys.com/buzz/pr/wave-endpoint-monitor-delivers-powerful-weapon-battle-against-advanced-persistent-threats
Lee, MA -
September 11, 2012 -
Wave Systems Corp. (NASDAQ:“WAVX”) today announced the general availability of Wave Endpoint Monitor (WEM), the only solution that detects malware by leveraging capabilities of an industry standard security chip onboard the PC. WEM provides increased visibility into endpoint health to help protect enterprise resources and minimize the potential cost of advanced persistent threats such as rootkits.
Rootkit attacks are particularly harmful in their ability to hide in host systems, evade current mainstream detection methods (such as anti-virus programs or whitelisting at the operating system level) and their capacity to replace legitimate IT system firmware. Such attacks occur before the operating system (OS) loads, targeting the system BIOS and Master Boot Record (MBR), and can persistently infect higher-level system functions including operating systems and applications.
“APTs facing enterprises today are more complex, nefarious and sophisticated than ever before,” said Richard Stiennon, Chief Research Analyst at IT-Harvest and author of Surviving Cyberwar. “Malware hiding in a device’s BIOS will go undetected by traditional anti-virus programs operating at the OS level, creating a strong need for a solution that can identify an attack as it happens. Because Wave’s approach is rooted in hardware-based technologies, rootkits and other malware can be spotted before the OS even starts.”
Wave Endpoint Monitor captures verifiable PC health and security metrics before the operating system loads, by utilizing information stored within the Trusted Platform Module (TPM), a security chip located on the motherboard of all business PCs. If anomalies are detected, IT is alerted immediately with real-time analytics. Capabilities of Wave Endpoint Monitor include:
• Securely reports PC integrity measurements for central reporting and analysis
• Ensures data comes from a known endpoint
• Alerts IT administrators to anomalous behaviors, which can be linked to the presence of malware
• Provides configurable reporting and query tools
• Ensures strong device identity through the use of hardware-based digital certificates
• Remote provisioning of the TPM
“Today’s security threat environment calls for industry-proven solutions to collect and analyze pre-operating system health information and to ensure endpoints are known and trusted,” said Steven Sprague, CEO of Wave Systems. “Since advanced persistent threats can sometimes appear as normal traffic, new rootkits often go unnoticed for long periods of time and cause severe damage in the form of infected systems and data loss. Wave Endpoint Monitor allows IT to utilize the hardware security you’ve already bought and deployed to ensure PC health from the start of the boot process while creating a higher level of trust in your endpoints.”
Wave has successfully piloted WEM with several government groups for the past six months.
The National Institute of Standards and Technology (NIST) has also recognized the importance of BIOS integrity and has issued initial guidelines for protecting a computer's BIOS in SP 800-147 and SP 800-155 (draft).
Wave Endpoint Monitor, plus Wave’s EMBASSY Remote Administration Server (ERAS) with full central management of all enterprise TPMs, supports all platforms with version 1.2 TPMs and is now available for purchase.
Well, can't get hacked if your PC doesn't work... McAfee yanks BSoDing Endpoint Security patch
https://www.theregister.co.uk/2018/08/24/mcafee_blue_screen_of_death/
Don't install August update, world+dog warned
McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their Windows machines.
The security giant said it has taken down the August update for Endpoint Security 10.5.4, and is advising anyone who has downloaded it, but not installed, to hold off installing it.
"McAfee has removed ENS 10.5.4 August Update from the Product Downloads site," customers were told. "For those customers that have already downloaded ENS 10.5.4 August Update, McAfee recommends to not install this update."
According to McAfee's advisory, the issue affects the latest versions of Endpoint Security, ENS Common Client, ENS Firewall, ENS Threat Prevention, and ENS Web Control. The software triggers blue-screen-of-death crashes on Windows 7 and 10 PCs, and Server editions of the Microsoft operating system, whether the OS is running on bare metal or in a virtual machine.
The decision to yank the update comes a week after McAfee began getting complaints from users who said the upgrade was causing both blue screen crashes and random restarts.
At least one Reg reader told us the issue is causing problems for their business. Our tipster, who asked to remain anonymous, noted that the issue, which McAfee traced back to a bad driver, seems to be worse on servers and systems with a lot of CPU cores and higher activity loads.
As of right now, the workarounds are limited to either not installing the bad update, or removing and reinstalling an older version of ENS 10.5.4. Unfortunately, McAfee doesn't as yet have an ETA on when a fixed build will land.
"McAfee is investigating the issue and is working to provide a solution," a spokesperson told El Reg. "We will communicate the latest information to our customers as soon as it becomes available." ®
================================================================
https://www.wavesys.com/malware-protection
https://www.wavesys.com/products/wave-endpoint-monitor
Uni credential-swiping hack campaign linked to Iranian government
https://www.theregister.co.uk/2018/08/24/iranian_hackers_secureworks/
US firm Secureworks lifts lid on further targeting of academia
US infosec biz Secureworks reckons it has uncovered a login credential-hoovering operation linked to Iran that targeted universities across a number of Western nations.
Secureworks' Counter Threat Unit (CTU) found a mass credential-stealing campaign targeting over 70 universities in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the UK and US. The company pinned this on a hacker crew it has dubbed Cobalt Dickens, which it alleged is associated with the Iranian government.
Having found a URL pointing to a spoofed login page for a university's website, Secureworks did some IP address-based research and identified a network of 16 domains with more than 300 spoofed websites. Further research into the IP address hosting the spoofed page revealed a broader campaign to steal login credentials.
After entering their credentials into the fake login page, victims were redirected to the legitimate website where they were automatically logged into a valid session, or were prompted to re-enter their details.
"Numerous spoofed domains referenced the targeted universities' online library systems, indicating the threat actors' intent to gain access to these resources," Secureworks said.
"Many of the domains were registered between May and August 2018, with the most recent being registered on August 19. Domain registrations indicate the infrastructure to support this campaign was still being created when CTU researchers discovered the activity."
In March the American Department of Justice charged nine Iranians with carrying out a series of attacks on more than 300 universities and 47 companies. Those individuals were said to have been linked to an Iranian company called the Mabna Institute, which the Americans said at the time was engaged in theft of academic logins and data.
Secureworks said that its Cobalt Dickens group was linked to both the Mabna Institute and the charged Iranians.
Defending one's institution against such attacks is straightforward: implement two-factor authentication and ensure technological security measures are fully up to date with the latest vendors' patches. ®
===============================================================
Secureworks-Dell-RSA-Securid (token).... Better choice would be Wave VSC 2.0 with better security at less than half the cost. imo.
================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Get better security at less than half the cost
Passwords are weak. Tokens are expensive. Don’t compromise on security or price.
Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
What will you do with >50% TCO savings?*
Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.
Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.
When we say “secure”…
…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).
*Actual number may vary. Contact us today to receive more details and a free quote.
Key Features:
• Full lifecycle management of virtual smart cards
• Intuitive interface to create (or delete) virtual smart cards
• Command line option to create and delete virtual smart cards
• Flexible PIN policies
• Helpdesk-assisted PIN reset and recovery
• Generates reports for compliance
• Integrates with Active Directory
• Supports familiar use cases ? Virtual Private Network (VPN)
? Local logon
? Remote logon
? Remote desktop access
? Intranet/Extranet
? Cloud applications
ThreatList: $1.1M is Lost to Cybercrime Every Minute of Every Day
https://threatpost.com/threatlist-1-1m-is-lost-to-cybercrime-every-minute-of-every-day/136871/
Every minute, there are also 5,518 records leaked from publicly disclosed incidents.
Every 60 seconds, $1.1 million is lost to cyberattacks.
That staggering stat comes to us by way of RiskIQ, which compiled proprietary and third-party research to crunch numbers around malicious activity. The resulting report, the appropriately named “Evil Internet Minute,” paints a stark picture of the cost of cybercrime.
Every minute, there are 5,518 records leaked from publicly disclosed incidents. Globally, when a large business is affected, the average cost is $11.7 million a year and $222 a minute. This, despite the fact that businesses are spending $171,000 every minute on defense.
The research also found that 1,861 people fall victim to scams every minute, and 1.5 organizations fall victim to ransomware attacks (with an average cost to businesses of $15,221). Overall, there are 2.7 million individuals falling victim to cybercrime every 60 seconds.
In comparison, phishing domains lag: These only appear every five minutes. Also, new sites running the CoinHive cryptocurrency mining script appear only once every 10 minutes.
Vulnerable third-party code, which many organizations may not even know they’re running, has become a central narrative in recent security events. Every minute, four potentially vulnerable web components are discovered, the analysis showed.
This has far-ranging effects: For example, the threat group Magecart hacks third-party Javascript—in the case of the Ticketmaster breach, it was analytics code–that allowed them to gain access to hundreds of e-commerce sites at once and inject credit card skimming scripts. There are .07 incidents of the Magecart credit-card skimmer uncovered every 60 seconds.
“When users input their credit-card details to purchase tickets, it was sent directly to the attacker server,” said Yonathan Klijnsma, head threat researcher at RiskIQ, in an interview with Threatpost. “There was no way for them to know this was happening.”
He added, “User awareness will always be an issue because attackers are continually tweaking their tactics to stay ahead—social engineering has been a problem since before the internet existed, and it will continue to be an issue throughout the digital age,” Klinjnsma said. “However, the real scary part is that when attackers compromise web assets, there’s often no way for anyone to possibly know, so there’s nothing a user can do to protect themselves.”
When viewed as a whole, the data shows that digital assets they create are increasingly subject to scores of malware, malvertising, phishing and cryptomining efforts on a massive scale, while rogue apps, domain and brand infringement, and social impersonation cause business disruption and material loss.
“Cybercrime on the web is growing—attackers are learning that when they target internet-exposed assets, their campaigns have a high degree of success,” Klinjnsma told us. “Attacks like malvertising, phishing, supply-chain breaches and hacking unsecured servers are lucrative.”
===============================================================
If companies gave Wave and its products a real good look at what they could accomplish for them, these statistics wouldn't be so crazy high in the future. imo.
===============================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
https://www.wavesys.com/
Hackers help themselves to data belonging to 2 million T-Mobile customers
https://www.zdnet.com/article/international-hackers-help-themselves-to-data-belonging-to-2-million-t-mobile-customers/
The "international" threat actors managed to capture a set of customer data before being shut down.
T-Mobile has reported a security incident which may have led to the exposure of personal data belonging to approximately two million customers.
In a statement, the telecommunications giant said on Thursday that a recent "incident" may have given a cyberattacker brief access to customer records.
On August 20, T-Mobile staff detected an unauthorized entry into the company's network. While the intrusion was rapidly shut down, customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types are believed to be involved in the data breach.
"Our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities," T-Mobile says. "None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised."
Speaking to Motherboard, a T-Mobile spokesperson said the cybersecurity incident affected roughly 3 percent of its 77 million customers, or approximately 2 - 2.5 million customers.
According to the spokesperson, the incident occurred after hackers compromised company servers through an API, although no further technical details have been disclosed.
The company has also not revealed any thoughts behind who may be behind the intrusion, beyond the belief that the threat actors were "international."
T-Mobile says that all affected customers have, or soon will be, notified.
"We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access," the company added. "We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you."
This is not the first time this year that T-Mobile's cybersecurity practices have come under scrutiny.
In May, researchers uncovered a bug in T-Mobile's website which allowed anyone to access the personal data of customers using only a phone number.
The exploit existed in a subdomain used by company staff members to access internal tools. This subdomain was easy to find via search engines, and once a phone number was tagged onto the end of the web address, the platform would reveal customer information -- including their full name, physical address, billing account numbers, and account records.
================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
================================================================
It seems obvious that letting unauthorized parties or intruders (unknown devices) onto the network leads to bad things. Keeping unknown devices off of a government or company network could be paramount to their bottom line or reputation. Wave can keep the bad guys off the network.
================================================================
post related from the government side:
https://investorshub.advfn.com/boards/read_msg.aspx?message_id=143020138
Extending Trust to Embedded Mobile Systems
http://www.embedded-computing.com/hardware/extending-trust-to-embedded-mobile-systems
With more than 95% market share in smart phone processors, Arm, now a part of Japan's SoftBank Group, has provided compelling reasons for mobile system designers to choose its architecture. The first Windows 10 laptops and convertibles with Arm-based processors started shipping in 2018 with several leading suppliers planning to add to the product offerings. Among the claims for these devices is longer battery life and faster built-in LTE connectivity. Of course, with this connectivity comes the need for increased security and trust to prevent software attacks and/or unauthorized updates.
The Trusted Computing Group’s Trusted Platform Module (TPM) specification has been providing the basis for trust in computing and server applications for almost two decades. The latest version, TPM 2.0, also known as ISO/IEC 11889, allows for discrete, integrated, firmware, software and even virtual implementations to extend its use in mobile and embedded applications. Used to measure the code that will be executed (known as measured boot), a TPM can also authenticate and secure platforms using passwords, certificates, digital signatures, and/or encryption keys. In general, the process of securing a platform with TPM 2.0 starts with the platform system BIOS and its support of any underlying firmware.
As a replacement or enhancement for the BIOS, the Unified Extensible Firmware Interface (UEFI) spec developed by the UEFI Forum defines a new model for the interface between a computer’s operating system (OS) and platform firmware. UEFI firmware performs the equivalence of the BIOS, by initializing the platform and loading the OS. Incorporating TPM 2.0, UEFI firmware with the TCG2 protocol supports a more secure system, a faster boot time and improved performance with UEFI Secure Boot helping to defend against malware attacks before the OS loads. The processor architecture agnostic approach of UEFI firmware supports x86, x64, and Arm designs.
With the recently announced support of American Megatrends (AMI) for TPM on Arm-based systems running the company’s Aptio V UEFI Firmware, Arm implementations of UEFI received a timely boost. By extending its previous TPM support for x86 platforms, AMI gives system designers the alternative to easily use UEFI firmware in their Arm-based systems with the ability to better secure their systems and the information stored within them.
The added TPM support for Arm-based systems includes features specific to Arm, such as TPM driver support within Arm TrustZone technology and Linux OS support. The Arm TrustZone TPM can be accessed by the BIOS and OS via the Command Response Buffer interface using Secure Monitor Calls (SMC). TPM SMC communication libraries within Arm TrustZone are developed by AMI. Other generic features supported by TPM include cryptographic algorithms and measurement of SecureBoot variables.
The Chain of Trust is maintained via the TPM. The TPM is initialized at Arm Boot Stage 1, which begins the chain of trust. Between each stage, a measurement of the next stage is performed. When the AptioV bootloader is given control, the AMI TCG2 module measures the OS Bootloader.
Using UEFI as a secondary bootloader avoids the need for embedded-system designers to learn different security schemes for every silicon platform or microcontroller. TPM-enabled UEFI-based firmware solutions, such as the TCG2 module for Aptio V UEFI BIOS firmware from AMI helps establish a common standards-based way to implement secure and measured boot in next-generation Arm and other platforms.
================================================================
American Megatrends and Wave to Extend UEFI Support in Windows 8 for BIOS Malware Detection
https://www.wavesys.com/buzz/pr/american-megatrends-and-wave-extend-uefi-support-windows-8-bios-malware-detection
Norcross, GA and Lee, MA -
February 24, 2012 -
American Megatrends Inc. (AMI), a leader in BIOS and computing innovations, and Wave Systems Corp. (NASDAQ:WAVX www.wave.com) are collaborating on the development of Windows 8-compatible solutions to assure that platforms remain free of Advanced Persistent Threats (APTs)—sophisticated cyber-attacks that access and steal information from compromised computers. APTs involve malicious code that circumvents common safeguards such as anti-virus software and seek entry before the operating system loads.
Central to Windows 8 is the use of Aptio, AMI’s solution for UEFI (Unified Extensible Firmware Interface), which represents an overhaul of the computer boot environment, while still bearing similarities to the legacy BIOS (Basic Input Output System) it replaces. The UEFI specification introduces advanced firmware features defining boot and runtime protocols for communications between services and device drivers, and offers a standard interface to the operating system. Providing standardized access to boot data optionally stored on either NAND flash or on a hard drive, Aptio provides more space for boot-time diagnostics and running utilities. The result is dramatically faster boot-up times and better performance.
Windows 8 takes advantage of UEFI secure boot architecture to enhance the operating system’s security capabilities. Secure boot allows only signed software to run on the device, adds cryptographic checks to each stage of the boot process and asserts the integrity of all the software images that are executed to prevent unauthorized, modified software from running. Wave solutions report on the execution of the secure boot and verify that anti-malware software has been launched before any third-party boot drivers to prevent malware from bypassing inspection.
Building a “chain of trust” requires the collaboration of multiple partners. AMI provides the first step in the trust chain by assuring that the BIOS components are registered and signed prior to the delivery of the platform. As the computer boots, each component reports its status to the Trusted Platform Module (TPM), which securely records the status measurements. This provides a critical first step that sets the stage for a more trustworthy computing environment.
Wave constitutes the next link in the trust chain with solutions designed to assure that the integrity of the secure boot is reported and attested to the enterprise network or Cloud service. Wave Endpoint Monitor, currently deployed in beta testing, uses the TPM to report on the success of the secure boot and leverages the chip to prove that the process has executed correctly. Endpoint Monitor can then prove to a Cloud service or to an enterprise application that the PC has booted in a known, good state. If a platform is compromised, IT can determine which machine is infected, and take steps to prevent it from accessing sensitive systems to ensure that critical systems and data remain safe.
“Securing the computer from power on is critical to the defense of intellectual property and the corporate infrastructure,” remarked S. Shankar, President and CEO of American Megatrends. “AMI is pleased to provide Microsoft with the foundation of security for Windows 8, and to work with Wave to extend security capabilities that wouldn’t have been possible in a legacy environment.”
Steven Sprague, Wave’s CEO, commented, “AMI and PC manufacturers offer great assurance that the UEFI components are trusted when delivered to the customer. Wave provides IT with a greater level of knowledge and trust in the boot process and assurances that only known devices are on the network. Knowing the identity of the machine and assuring the health of its BIOS represent significant strides forward in combating advanced persistent threats.”
AMI has spent the last year supporting the launch of Windows 8 by ensuring that AMI’s Aptio UEFI firmware is in full compliance with the latest UEFI specification, UEFI 2.3.1. New features include pre-OS security, speed and secure boot. AMI is also working with PC OEMs, developers and partners such as Wave by providing UEFI development PCs for testing within a Windows 8 ecosystem. AMI has worked in partnership with Microsoft to develop this system in order to facilitate the rapid development of Windows 8 throughout the entire developer community. These new UEFI development PCs are powered by the latest version of Aptio® UEFI BIOS, version 4.6.5.1 Aptio 4.6.51 not only offers full support for Windows 8, but also adds support for the latest UEFI specifications, UEFI 2.3.1 and PI 1.2. This makes the latest features of the UEFI specification, such as Secure Boot, UEFI boot mode, fully localizable user interface and more, available to manufacturers in a production-ready UEFI BIOS. Notably, this development system will be the first PC on the market with full UEFI 2.3.1 support, allowing for a complete Windows 8 experience.
In preparation for Windows 8 availability, Wave is using some of the capabilities of the TPM to enable an enterprise infrastructure to support the features in Windows 8 that take advantage of UEFI capabilities. Enterprises stand to benefit from a tool that can detect rootkits, assure the core capabilities of a platform and establish very strong device identity—capabilities that have been missing for the last 20 years and that are critical to establishing a more trustworthy computing environment.
=================================================================
It would be a great extension from computer to mobile with AMI/Wave. As much as I am disappointed with how SKS's leadership turned out, he would have been able to see through the UEFI/TPM with Wave's software from computer to mobile which would seem to be highly lucrative to Wave/ESW. There are probably other ex-Wave employees who would know how to finish the transition above. imo.
Booz Allen Hamilton wins $1 billion US cybersecurity contract
https://www.zdnet.com/article/booz-allen-hamilton-wins-1-billion-us-cybersecurity-contract/
The contractor is now responsible for securing nearly 80 percent of the .gov enterprise
The US Department of Homeland Security (DHS) is handing over a $1 billion contract to Booz Allen Hamilton to boost cybersecurity across six federal agencies. With this deal -- Booz Allen's second-largest cybersecurity task order ever -- the contractor is now responsible for securing nearly 80 percent of the .gov enterprise.
More specifically, Booz Allen has been selected as the prime contractor for the government-wide Continuous Diagnostics and Mitigation (CDM) Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) Program. DHS established the CDM program in 2012 to provide federal agencies with tools to enhance the visibility of risks and maintain an active defense against cyber threats.
The $1.03 billion contract spans six years and covers six agencies: the General Services Administration (GSA), the Department of Health and Human Services (HHS), National Aeronautics and Space Administration (NASA), Social Security Administration (SSA), the Department of the Treasury (Treasury), and the United States Postal Service (USPS).
Booz Allen has been working with DHS on its CDM efforts for more than five years, and its CDM contracts now cover 89 different federal organizations. That puts Booz Allen at the center of critically-necessary efforts to improve federal cybersecurity. In May, the DHS and Office of Management and Budget released a report stating that 71 of 96 agencies have cybersecurity programs that they labeled as either "at risk" or "high risk."
"OMB and DHS also found that Federal agencies are not equipped to determine how threat actors seek to gain access to their information," the report said.
Meanwhile, a separate survey released earlier this year of IT professionals in the federal sector found that 57 percent of federal agencies experienced a data breach in the past year. In addition, 68 percent of survey respondents said their agencies are "very" or "extremely" vulnerable to the cybersecurity challenges of today.
================================================================
Given that PWC was a customer of Wave for two factor authentication, it seems that a division of PWC's, Booz Allen Hamiltion, would be able to rollout such a fantastic technology in Wave VSC 2.0 (2FA) efficiently. PWC or 'a professional services firm' (see article below) paid Wave in 2015, 5 years after the two factor authentication technology rolled out so PWC must have been happy with the overall performance. So it seems that the security that PWC had with Wave which has been improved could be effectively rolled out through its subsidiary Booz Allen Hamilton. imo. Unless, Wave could do it on its own. Better security at less than half the cost.
=================================================================
Global Professional Services Firm Renews Software Maintenance Agreement with Wave Systems
https://www.wavesys.com/buzz/pr/global-professional-services-firm-renews-software-maintenance-agreement-wave-systems
Lee, MA -
June 23, 2015 -
Wave Systems Corp. (NASDAQ: WAVX) announced that a global professional services firm has signed a one-year software maintenance renewal agreement for approximately $150,000 to use Wave’s TPM management software capabilities to secure their endpoint devices.
The customer utilizes Wave’s solution in conjunction with industry-standard Trusted Platform Module (TPM) security chips to deliver hardware-based secure authentication for over 100,000 employees worldwide.
“Wave provides a superior solution to secure access to critical corporate infrastructure. Our software allows an easy way to manage and access TPM cryptographic services best suited to the needs of clients with a diverse and distributed user population,” said Bill Solms, President and CEO, Wave Systems. “This agreement is an extension of their current contract with Wave. Their renewal and successful use of our software over the past several years validates that major global corporations continue to choose Wave’s solutions to protect their IT environments.”
Hackers Leverage AWS To Breach, Persist In Corporate Networks
https://www.darkreading.com/cloud/hackers-leverage-aws-to-breach-persist-in-corporate-networks/d/d-id/1332618
Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.
A new body of evidence indicates threat actors are using increasingly advanced techniques to target cloud providers and leveraging cloud-specific traits to hide their activity as they breach and persist in target networks.
Data comes from the Threat Stack security team, which spotted the pattern over multiple years of observing behavior on client networks. It was in 2016 when they noticed attacks leveraging Amazon Web Services (AWS) were becoming more sophisticated, says CSO Sam Bisbee. The trend picked up in 2017.
The problem, the team notes, is not with AWS but with the way attackers are maliciously using it.
"These are not exploits or vulnerabilities in the AWS services and software," Bisbee explains. "This is about the features and attributes of AWS leveraged by attackers in more sophisticated ways."
In simpler attacks, actors typically steal AWS keys and seek direct paths to resources stored in open S3 buckets, or they launch a new Amazon Elastic Compute Cloud (EC2) to mine cryptocurrency. Sometimes they don't have to look far: Misconfigured S3 buckets made a number of headlines in the past couple of years; Amazon, to its credit, launched Macie to protect AWS S3 data.
While these less advanced techniques are still problematic, Bisbee says threats leveraging AWS are becoming more complex and targeted, with attacks launched on AWS features and combined with network-based intrusion attacks.
"In any industry and any platform, you're constantly playing cat and mouse," he says. "As blue teams and defenders become more sophisticated, the red team has to level up."
How It Works
Most of these attacks start with credential theft, which Bisbee says is the most common initial entry point. An attacker can steal access keys or credentials via phishing attacks, deploying malware that picks up usernames and passwords, and snatching data from a Github repository where a developer may have accidentally uploaded his information.
Credentials secured, the next step is to figure out what level of permissions can be attained. If an actor realizes he doesn't have what he needs, he may attempt to create additional roles or credentials in AWS and then launch a new EC2 instance inside the target environment.
"Typically, the way most AWS accounts are configured, I can deploy that AWS instance anywhere in your network that I want," Bisbee says. It could go at the network's edge or at its center, where an organization's more interesting infrastructure and databases are located.
At this point, the attacker has established a beachhead in the network from which the target can be scanned. The attacker can move laterally from his EC2 instance in a traditional network attack chain, Bisbee explains, exploiting different hosts on the network. EC2 instances are granted IAM permissions when they launch, which grants access to AWS services such as RDS and S3.
Upon landing on a new host, the attacker checks its AWS permissions. When he discovers a host with the permission he needs, he performs the RDS API calls to access a database with the information he's looking for. If the attacker is only looking for a small amount of data, he can exfiltrate through the terminal or chain of compromised hosts, bypassing DLP tools.
Who, Where, and Why
This behavioral pattern is typically seen in more targeted, persistent attack patterns, Bisbee says. Most actors are attempting to achieve access to specific pieces of data, and they're generally hitting targets in popular industries, such as manufacturing, financial, and tech.
The amount of data sought depends on the target, he adds. If a company is storing healthcare information or voter records, the attacker is looking for data in bulk. If the attacker is targeting a media company, he may only want prereleased content or something more specific. Because data can be extracted by copying and pasting or snapping a screenshot, it's hard to detect theft.
One reason the lateral movement in the AWS scenario was hard to detect was because most security monitoring techniques assume an attacker will want to dive deep into the host and escalate privileges. In this case, the actors were trying to move off the host layer and back into the AWS control plane, which most blue teams aren't on the lookout for.
AWS "is just as critical as underlying servers," Bisbee says. "You need to be monitoring all aspects of your environment."
=================================================================
One of the things that Wave could help in the lateral movement situation above was Wave VSC 2.0 and the protection of the TPM not allowing for this as I recall Bill Solms explaining in a conference call a few years ago. It seems like a big advantage for Wave. And, of course, in addition to credential theft a hacker has to have the TPM/computer also to get access to the cloud application (AWS) when the user is using Wave VSC 2.0! Since the user's PIN number can't be phished the hacker would have a hard time obtaining that as well! Hackers would have an extremely difficult time penetrating some of this AWS company data with Wave VSC 2.0 protecting the company network vs. regular credentials discussed in this article! imo.
================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Get better security at less than half the cost
Passwords are weak. Tokens are expensive. Don’t compromise on security or price.
Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
One helpdesk call you'll never get: "I lost my virtual smart card again..."
There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
What will you do with >50% TCO savings?*
Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.
Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.
When we say “secure”…
…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).
*Actual number may vary. Contact us today to receive more details and a free quote.
Key Features:
• Full lifecycle management of virtual smart cards
• Intuitive interface to create (or delete) virtual smart cards
• Command line option to create and delete virtual smart cards
• Flexible PIN policies
• Helpdesk-assisted PIN reset and recovery
• Generates reports for compliance
• Integrates with Active Directory
• Supports familiar use cases ? Virtual Private Network (VPN)
? Local logon
? Remote logon
? Remote desktop access
? Intranet/Extranet
? Cloud applications
Republican & Conservative leaders are the new targets of Russian hackers —Microsoft
https://www.hackread.com/republican-conservative-leaders-are-the-new-targets-of-russian-hackers-microsoft/
Microsoft has released a startling report exposing the way Russian military intelligence and its hackers planned to target the US Senate and conservative think tanks. The software giant not only identified but also seized those websites that were recently created for the sole purpose of tricking people. The report reveals that these misleading websites were created by a Russian unit that was previously known as G.R.U. Microsoft acquired permission through court to take control of 6 websites, which were fake versions of Congressional domains.
Apparently, these websites came across safe to the users as they believed that the links were managed by the International Republican Institute and the Hudson Institute. However, in reality, these websites redirected to infected web pages from where the hackers were able to obtain user credentials including passwords.
The president of Microsoft, Brad Smith, told The New York Times that the findings reveal the extent to which hackers have broadened their scope for infecting websites. They are now targeting websites of organizations, which are tied “informally” to Republicans.
In a blog post published on Monday, Smith wrote:
“
“Attackers want their attacks to look as realistic as possible and they, therefore, create websites and URLs that look like sites their targeted victims would expect to receive email from or visit.”
”
Harvard University’s director of the Defending Digital Democracy project, Eric Rosenbach stated that the Russians are targeting high-profile government organizations to fulfill their own interests. This cannot be linked to their preference for a particular party in the US. Basically, Russians want to disrupt and diminish any and every group that attempts to challenge “how Putin’s Russia is operating at home and around the world,” said Rosenbach.
Reportedly, Microsoft also discovered fake versions of the US Senate website, but these sites weren’t specifically political campaigns or Senate offices related. Most of the websites for which Microsoft was granted control had URLs like “senate.group,” and “adfs-senate.email.” Other domains were named in a way as if linked with the Hudson Institute, the International Republican Institute, and a conservative think tank. Around six serving Senators including ex-governor Massachusetts Mitt Romney and Gen. H.R. McMaster are part of the International Republican Institute board.
Furthermore, the plan to attack conservative think tanks highlights the key goals of the Russian intelligence agency. That is to disrupt all those institutions that may try to challenge Moscow and President Putin. It was also noted that the websites could easily be used to launch cyber-attacks on candidates and political groups before the elections in November.
According to Microsoft, the notorious Fancy Bear group is linked to the sites. The group is believed to be connected to or backed by the Russian military intelligence agency. Fancy Bear is also known as Strontium or APT28. Microsoft claims that the sites could have been used for launching spearphishing attacks on Senate staffers as well as the institutions targeted by the hackers. In 2016, the same group was accused of targeting Hillary Clinton’s presidential campaign through spearphishing attack.
=================================================================
https://www.wavesys.com/buzz/pr/government-security-news-singles-out-wave%E2%80%99s-virtual-smart-card-solution-homeland-security-aw
Government Security News Singles out Wave’s Virtual Smart Card Solution for Homeland Security Award
Lee, MA -
November 15, 2013 -
Wave Systems Corp. (NASDAQ:WAVX)’s Virtual Smart Card offering has been named winner of the Government Security News’ (GSN) Homeland Security Award competition in the “Best Smart Card Solution” category. This is the second consecutive year that Wave has won this award.
“We’re honored to be recognized by Government Security News as the only vendor offering a complete virtual smart card solution for today’s enterprise – and, importantly, one that is compatible with Windows 7, 8 and 8.1,” said Bill Solms, CEO of Wave Systems. “We see virtual smart cards as a disruptive technology in the user authentication market, offering a more secure and cost effective alternative over more mature technologies.”
Virtual smart cards emulate the functionality of traditional smart cards, but offer added security and cost benefits. Businesses do not incur added material or operational costs (such as the purchase and shipping of external physical smartcards and smart card readers) because virtual smart cards are built into the device itself. Because of an embedded security chip called a Trusted Platform Module (TPM), which is standard equipment on business PCs, virtual smart cards cannot be lost or stolen. Additionally, enterprises gain the added security afforded by hardware-based security, ensuring that only known devices and known users are allowed access to corporate resources. Convenience is another benefit – employees never have to type domain credentials into their devices, improving user experience and reducing the time IT spends resetting forgotten passwords, while offering protection against credential theft.
“We judged an outstanding group of entries this year,” said Adrian Courtenay, Managing Partner, Government Security News. “We’re proud to announce that this year’s winners will be showcased in a digital edition of Government Security News, which will reach more than 40,000 subscribers – a well-deserved honor for Wave Systems and all of this year’s award recipients.”
Sponsors for GSN’s 2012 homeland security awards program included BRS Labs, Cardinal Point Strategies, Objectivity, Vanguard Integrity Professionals and Wave. For a complete list of finalists and pre-emptive winners, visit: www.gsnmagazine.com.
================================================================
Wave Systems Announces First U.S. Federal Government Customer for Wave Virtual Smart Card 2.0
https://www.wavesys.com/buzz/pr/wave-systems-announces-first-us-federal-government-customer-wave-virtual-smart-card-2.0
Lee, MA -
October 2, 2014 -
Wave Systems Corp. (NASDAQ: WAVX) marked an important sales milestone by announcing the first U.S. federal government customer for its Virtual Smart Card 2.0.
Since the Virtual Smart Card 2.0 became commercially available in late July 2014, Wave has entered into dozens of pilot deployments in multiple sectors, including healthcare, financial services, automotive, energy and utilities. However, today’s announcement marks the product’s first sale in the government sector.
“This is an important milestone for Wave,” said Bill Solms, CEO of Wave. “Wave Virtual Smart Card 2.0 has been purchased by a government agency with significant security requirements and one that requires redundant means of system authentication due to national security interests. This initial sale is modest compared to the addressable market within the Federal Government sector, but it is important to our strategy for marketing the Virtual Smart Card to address critical government infrastructure defense.”
“We believe that this sale, which was completed on a shorter sales cycle than we had anticipated, supports our view that customers are interested in the type of cyber security solution that Wave’s Virtual Smart Card 2.0 provides,” Solms added.
Wave Virtual Smart Card 2.0 is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7. It also supports Windows 8 and 8.1. Wave’s new solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, lower total cost of ownership, and a reduced risk of unauthorized use.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure PIN and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with TPM 1.2 or TPM 2.0
==================================================================
Given what transpired in article one, it seems safe to say that the U.S. government as a critical industry should use a cybersecurity product like Wave VSC 2.0. Wave VSC 2.0 is better security at less than half the cost.
DHS Using Red Team Approach to Improve National Cyber-Security
http://www.eweek.com/security/dhs-using-red-team-approach-to-improve-national-cyber-security
Leaders of the Department of Homeland Security (DHS) National Cybersecurity Assessments and Technical Services (NCATS) explain at DEF CON about how conducting penetration testing against government and private sector infrastructure helps to improve cyber-resilience.
As fears about the security of elections and voting machines remain a concern, the U.S Government is doing more than just waiting for attackers, it's hacking its own systems with penetration testing activities.
Speaking at DEF CON in Las Vegas on Aug. 10, members of the Department of Homeland Security (DHS) National Cybersecurity Assessments and Technical Services (NCATS) described their Red Team activities to help evaluate the cyber-hygiene of software infrastructure. NCATS Red Team services help both government agencies as well as critical infrastructure in private organizations.
"We believe in not just identifying vulnerabilities, but also in understanding what organizations do with the notifications we give them," Robert Karas, Director, NCATS, Office of Cybersecurity and Communications, Department of Homeland Security said.
Karas said that in additional to identifying issues, NCATS wants to know how long it takes an organization to fix an issue after it is reported. He noted that in the federal government at one point it was taking over 300 days to close critical vulnerabilities that had been identified.
"We issued what is known as a binding operational directive and now the closure rate on critical vulnerabilities is approximately 12.5 days," Karas said.
Among the services that NCATS provides is a Risk and Vulnerability Assessment (RVA), which Karas said is a two-week penetration test, that looks for both insider and outsider vulnerabilities. Looking specifically at election security, NCATS has an Applied Vulnerability Assessment (AVA) function, where vendors can submit their election control systems for analysis. NCATS wlil also look at the election systems with a full penetration test and help to identify any potential flaws.
"Everything we do has legal documentation. We're not just going out there and scanning for the heck of it," Karas said. "What we get from it is invaluable, we can see trends across different sectors."
Risks and vulnerabilities identified
Jason Hill, Red Team Lead at NCATS, Department of Homeland Security, explained that the penetration test will show everything that is potentially at risk. Hill said that a penetration test typically will start with running scanners, such as Nessus or Nexpose, looking for known issues. Looking beyond just scanners, Hill said that the NCATS Red Team also tries to emulate adversarial activity and attempts to get a foothold in a vulnerable network.
"We try to show our customers what it looks like to be hacked," Hill said.
The foothold in a network can come from a variety of attack vectors, including phishing, misconfiguration or an exploitable vulnerability. Once the red team has initial access, Hill said that his team looks to escalate privileges to get access to sensitive business systems.
Top vulnerabilities in election systems
In terms of vulnerabilities, Karas said that the top issues are largely the same across all sectors including election-related systems. He noted that election systems and frameworks are not really all that different from any enterprise network.
The top vulnerability found by NCATS Red Team is phishing, which Hill said is often how his team is able to get into an organization. He noted the fact that someone can get into an organization via phishing is a concern, but there are larger issues as well.
"Long gone are the days of stopping people at the perimeter," Hill said. [b[u]]"What's important now is how we identify that an intruder is in the network and how we can slow them down long enough to catch them."
Besides phishing, Karas said that NCATS usually also finds unsupported, older versions of software, including PHP and HTTP servers at organizations. The unsupported software can be at risk from known vulnerabilities that are relatively easy to exploit. Password reuse is another common challenge found by NCATS. Hill said that he typically finds that administrator passwords are reused across an organization for multiple domain and personal accounts. Insecure default configurations are also a concern and something that Hill said he commonly sees, which enables the NCATS Red Team access into an environment.
Overall both Hill and Karas emphasized that NCATS Red Team activities are all about helping both government and private organizations improve security.
"Our goal is to defend our nation, we want to keep it secure," Hill said.
================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs
=================================================================
Do we want to slow down unknown devices and risk a hack or keep them off the network altogether?
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Why many have reasons to stick with Windows 7, 8 and 8.1
This article imo shows a few reasons why. Wave VSC 2.0 works with Windows 7 through 10, and could save those using 7, 8, and 8.1 potential security problems, a considerable amount of money and headaches (given this article).
==================================================================
How to protect your privacy in Windows 10
https://www.computerworld.com/article/3025709/microsoft-windows/how-to-protect-your-privacy-in-windows-10.html
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card