Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Phishing attacks surge during the pandemic
https://betanews.com/2020/09/01/phishing-surges-during-pandemic/
In yet another example of cybercriminals exploiting world events, the frequency of phishing threats has risen considerably since the start of the pandemic, with companies experiencing an average of 1,185 attacks every month.
New research from GreatHorn reveals that more than half (53 percent) of over 300 IT professionals surveyed by Cybersecurity Insiders say they had witnessed an increase in phishing activity since the start of the COVID-19 pandemic.
The report also shows that 38 percent of respondents report that a co-worker has fallen victim to an attack within the last year. As a result, 15 percent of organizations are now left spending anywhere from one to four days remediating malicious attacks during what is already a difficult time for many.
On a positive note, 64 percent of employees say they feel confident in their ability to identify and avoid a phishing email in real time. But while 76 percent of organizations conduct cybersecurity awareness training, only 30 percent train employees quarterly -- and 27 percent conduct training only once a year. This is likely to be inadequate, especially when employees both young and old are similarly vulnerable -- 62 percent of respondents believe that employees of all ages and generations are of equal likelihood of falling victim to a phishing attack.
When asked to select who would most likely be targeted in phishing attacks, 56 percent say it'd be a mid-level manager, followed closely by entry-level staffer at 51 percent and the CEO or head of the company at 49 percent, dispelling the myth that senior executives are the prime targets of attacks.
"This survey uncovered just how many phishing emails organizations are being targeted by," says GreatHorn CEO and co-founder, Kevin O’Brien. "With such a substantial portion of these attacks yielding success, the time lost on remediation can have a detrimental impact on productivity and profitability. Right now, it's more important than ever that companies provide their employees with the knowledge and tools necessary to recognize and fend off phishing attacks."
==================================================================
Wave protects against phishing, and given the market doesn't have a strong handle on phishing, organizations would be wise to use Wave ERAS and Wave VSC 2.0!!! Please see post #245989 for more information on phishing. Training which is mentioned in the above article isn't as effective as Wave's solutions, and isn't a more efficient use of fund allocation.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
=================================================================
https://www.wavesys.com/
Better security at less than half the cost!!!
NASA doesn't know what's on its network
https://fcw.com/articles/2020/08/27/mazmanian-nasa-cyber-devices-network.aspx
According to a watchdog report, NASA can't provide an accurate count of the number of contractor-owned devices connected to its networks, and governance problems are hurting the agency's attempts to get a better handle on overall cybersecurity.
According to an Aug. 27 inspector general report, NASA is "not adequately securing its networks from unauthorized access" from partner and employee IT devices and doesn't have controls in place to remove or block devices as needed.
Because of these failures, "NASA remains vulnerable to cybersecurity attacks because enforcement controls to block unauthorized IT devices from accessing its networks and systems are not fully in place and operational," the report states.
The report offers a look at how the space agency ping-ponged between trying to crack down completely on shadow IT, including contractor and employee devices, and attempting to implement a management system to control access. In April 2018, NASA's CIO tried to take a tough line on shadow IT, banning personal devices. But that policy was relaxed in October of the same year, with rules put in place for employee and contractor devices to connect to networks and enterprise email.
The report references two security incidents at NASA: an October 2018 data breach in which data on current and former employees was stolen from an agency server and a 2019 instance of a contract employee using his personal computer to mine cryptocurrency via a NASA network. These events aren't directly linked to NASA's device management policy, however.
This May, NASA began to get more aggressive with users who were not keeping the operating systems on their network-connected personal devices up to date. The agency uninstalled its mobile device management system from users who hadn't updated, blocking them from agency e-mail.
By the agency's own count, there are almost 1,300 employee personal devices that can connect to the agency’s Microsoft Office 365 enterprise email system. According to NASA's CIO, there is not an "authoritative source" for a count of contractor and other partner-owned devices authorized to access NASA networks.
Part of the issue has to do with CIO authorities and contracting. While NASA has been trying to centralize technology budgeting and management as required under the Federal IT Acquisition Reform Act, the agency still faces cultural obstacles to central management, and technology officials at the different NASA centers retain significant authority and oversight. The agency has racked up some of the worst grades on the biannual FITARA scorecard released by the House Oversight Committee. On the latest iteration, NASA earned an F grade for CIO authorities and a D for transparency and risk management.
On the contracting side, NASA was supposed to have device management enforcement controls in place by December 2019, but that target has slipped, in part due to technical obstacles imposed by multiple contracts that require certification by different entities -- making overarching authentication a problem.
The report also notes that there are not enforcement controls in place to ensure that devices that violate supply chain controls aren't permitted to access agency systems.
NASA'S Office of Inspector General conducted its audit of the agency's network access and management controls from March 2019 through July 2020. The report only made one mention of the possible consequences of the COVID-19 pandemic on NASA's efforts to shore up its device controls, noting that "on-site work restrictions associated with the agency's response to the COVID-19 pandemic have negatively impacted the implementation schedule" of a network access control project and the Continuous Diagnostics and Mitigation program.
The report concluded that despite some improvements, NASA's "decentralized approach to cybersecurity management limits" the CIO's visibility into cybersecurity at the agency's far flung centers. "We acknowledge the inherent difficulty in balancing Center-specific flexibilities and desire for autonomy with the need for a robust, enterprise-wide approach to IT security," the auditors wrote. "However, in the face of persistent cybersecurity threats, NASA needs to quickly move to a more consistent, enterprise-wide approach to identifying and managing these risks."
NASA's Acting CIO Jeff Seaton agreed with the conclusions of the report and said that the risks cited therein would be addressed through policy changes and implementing technology tools before the close of 2021.
=================================================================
Wave Systems Announces First U.S. Federal Government Customer for Wave Virtual Smart Card 2.0
https://www.wavesys.com/buzz/pr/wave-systems-announces-first-us-federal-government-customer-wave-virtual-smart-card-2.0
Lee, MA -
October 2, 2014 -
Wave Systems Corp. (NASDAQ: WAVX) marked an important sales milestone by announcing the first U.S. federal government customer for its Virtual Smart Card 2.0.
Since the Virtual Smart Card 2.0 became commercially available in late July 2014, Wave has entered into dozens of pilot deployments in multiple sectors, including healthcare, financial services, automotive, energy and utilities. However, today’s announcement marks the product’s first sale in the government sector.
“This is an important milestone for Wave,” said Bill Solms, CEO of Wave. “Wave Virtual Smart Card 2.0 has been purchased by a government agency with significant security requirements and one that requires redundant means of system authentication due to national security interests. This initial sale is modest compared to the addressable market within the Federal Government sector, but it is important to our strategy for marketing the Virtual Smart Card to address critical government infrastructure defense.”
“We believe that this sale, which was completed on a shorter sales cycle than we had anticipated, supports our view that customers are interested in the type of cyber security solution that Wave’s Virtual Smart Card 2.0 provides,” Solms added.
Wave Virtual Smart Card 2.0 is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7. It also supports Windows 8 and 8.1. Wave’s new solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, lower total cost of ownership, and a reduced risk of unauthorized use.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure PIN and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with TPM 1.2 or TPM 2.0
==================================================================
Wave VSC 2.0 would be great for NASA and contractors. Here NASA has been struggling with unauthorized access, and Wave has the solution that could make problems outlined in the article go away!!!
Better security at less than half the cost!!!
You need multi-factor authentication. FAST
You need Wave Virtual Smart Card.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Report: Firewall Best Practices to Block Ransomware
https://news.sophos.com/en-us/2020/08/18/report-firewall-best-practices-to-block-ransomware/
==================================================================
With Wave solutions, does one have to go through all of these steps to get prepared to stop ransomware?!!! Better security at less than half the cost - Wave VSC 2.0!!!
==================================================================
https://www.wavesys.com/wave-alternative
Choose data protection that actually works.
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Windows Computers Were Targets of 83% of All Malware Attacks in Q1 2020
https://www.pcmag.com/news/windows-computers-account-for-83-of-all-malware-attacks-in-q1-2020
=================================================================
Please see previous post in addition to this post. Wave and Wave Endpoint Monitor could have a big positive impact on helping the situation above!!!
================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Microsoft Removes Option to Disable Windows Defender Antivirus
https://www.extremetech.com/computing/314144-microsoft-removes-option-to-disable-windows-defender-antivirus
=================================================================
Windows Defender plus Wave Endpoint Monitor detecting customized and sneaky malware would be a better combination than Symantec's antivirus (see post 246100). Used with Wave VSC 2.0 and Wave's other solutions and an organization has better security at less than half the cost!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Symantec shakeup creates fresh opening to shift security strategies
https://www.cyberscoop.com/symantec-shakeup-creates-opening-to-shift-security-strategies/
Steve McNamara is Regional Vice President Sales for VMware Carbon Black and a former vice president at Symantec.
Information technology is always changing and so is the industry behind it. But recent developments surrounding the fate of one of the world’s most widely relied-upon suppliers of enterprise security products have created a significant “disturbance in the force.”
In an odd twist on the perils of vendor lock-in, enterprise CIOs who rely on Symantec enterprise security products have found themselves in lock-out, following the decision late last year by Symantec’s new owner, Broadcom, to abandon support for all but 2,000 of Symantec’s most profitable enterprise security customers. Some reports since then suggest that number is closer to 700 accounts.
When Broadcom completed its $10.7 billion acquisition of Symantec Enterprise Security in November of last year, it came with all the fanfare of one tech giant acquiring another in the name of “building out one of the world’s leading infrastructure technology companies,”
Broadcom officials crowed. But as a pre-acquisition presentation deck to investors made clear, the real appeal of the deal was the opportunity to “rationalize” Symantec’s salesforce, reduce product development costs and focus instead on the highest ROI opportunities, all to drive up returns for shareholders.
That’s left CIOs at more than 100,000 Symantec enterprise accounts scrambling to regroup and ultimately replace an array of endpoint security, cloud security and data loss prevention products, among 270 different products Symantec sells, along with their web security services.
The bright side of all this for many organizations, both in the private and public sectors, is the opportunity this affords to move to newer generation cloud-based solutions capable of delivering greater security.
Just as importantly, it also gives CIOs and CISOs a fresh reason to finally shift to a more “intrinsic security” approach to their IT operations — and begin to address three fundamental obstacles that continue to hobble enterprisewide security:
Security that’s bolted-on vs. built-in: On average, enterprises use as many as 80 different security products, mostly because security teams are brought on after the infrastructure has been built and applications already deployed, which only leads to added security problems down the road.
Security that’s siloed vs. unified: Infosec teams typically spearhead security within, rather than across business and program units, resulting in siloed solutions. And they tend to rely on toolsets that are just as siloed. That inevitably leads to endless backlogs of security patches and hidden vulnerabilities. Moving to a more unified security model would reduce workloads and the associated security risks.
Security that’s threat-centric vs. environment-focused. The security industry has sold enterprises on detecting threats. What’s needed instead is a thorough understanding of your environment and the ability to align and adjust security controls dynamically.
Intrinsic security is all about building in security controls across your infrastructure — from your endpoints to your clouds. And those controls need to evolve dynamically, just as your endpoints and your multi-cloud environments evolve dynamically.
That’s one reason VMware acquired Carbon Black last year. VMware Carbon Black’s cloud-native endpoint protection platform (EPP) will soon be embedded in VMware’s vSphere operating system. Among other advantages, it will eliminate the need to install agents on users’ endpoint devices. For organizations with thousands, or tens of thousands of employees, that’s a massive and ground-breaking time-saver. Having those and other security capabilities working throughout VMware’s virtual operating environments represents just another reason why it’s time enterprise CIOs start unplugging all those miscellaneous security boxes.
But the acquisition also reflects VMware’s larger strategy, not so much to add another brand or revenue stream to its portfolio — but to double down on its efforts to build a powerful security division aimed ultimately at helping enterprise customers operate more securely across their virtual domains.
And it points to a larger issue — one of the many CIOs and CISOs need to keep their eye on: The security products market is ripe for further mergers and acquisitions. Trying to decide which players will still be there to support your organization three years from now, and to what extent — depending on whose corporate umbrella they come under — is likely to get a little dicey for enterprise IT buyers.
But it’s a good bet that the long-term survivors will be those vendors which truly understand their enterprise IT customers’ needs — and have the tools, the expertise, and yes, the financial staying power, to meet those needs.
=================================================================
An opening for Symantec's enterprise security customers to become Wave customers of better "built-in" security.....
Wave VSC 2.0 - Better security at less than half the cost!!
=================================================================
https://www.wavesys.com/wave-alternative
Choose data protection that actually works.
https://www.wavesys.com/products/wave-endpoint-monitor
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
With More Use of Cloud, Passwords Become Even Weaker Link
https://www.darkreading.com/application-security/with-more-use-of-cloud-passwords-become-even-weaker-link/d/d-id/1338761
Slow patching provides vulnerabilities to exploit. A lack of network segmentation allows unrestricted lateral movement. Yet a report surveying a year of penetration tests finds that passwords still top the list of what attackers use to compromise systems.
Passwords continue to be the top weakness exploited in penetration-testing engagements, with the collection of credentials a major part of internal, red team, and social engineering engagements, security firm Rapid7 states in a report published on Aug. 26.
While the increase in remote work has focused attackers on virtual private networks (VPNs) and cloud services in 2020, penetration-testing data from last year shows that many compromises were already focused on credentials as the best way to gain access to cloud infrastructure, the vulnerability management firm stated. Penetration testers' top technique for obtaining passwords included password spraying, offline password cracking, and man-in-the-middle attacks, with password spraying the top technique for external attackers, the company states in its "Under the Hoodie" report.
Too many companies continue to rely on users to pick good passwords and to not reuse them across services, and not enough companies have deployed multifactor authentication, says Tod Beardsley, director of research for Rapid7.
"You are entrusting your humans to pick passwords, and that is a way to tears," he says. "We have all these options for picking passwords ... so let the machine pick your passwords. While that puts all your eggs in one basket, we have gotten really good at protecting that one basket."
Passwords have been a perennial problem for both companies and consumers, and attackers have consistently focused on collecting credentials. Using data from 206 engagements conducted during the 12 months to June 2020, Rapid7 found that companies continue to leave their network and systems open to exploit from leaked or compromised credentials, with a quarter of external engagements resulting in the penetration testers gaining access to credentials, 7% finding weak password policies, and 6% allowing user enumeration.
Because of the importance of credentials in a world increasingly focused on remote work, password management — along with patch management and network segmentation — are necessary defenses that most companies need to improve, Beardsley says.
"If you had to pick one thing to fix, it should be password management," he says. "Obviously, you have to have good patch management processes, but as people are moving toward platform-as-a-service and more reliance on cloud, ... patching becomes part of what you are getting, and passwords and credentials become more important."
Penetration testing, where a security firm tests a client's defenses, has long been part of the process of establishing defenses and then testing them for weaknesses. The 1992 movie Sneakers, for example, features a penetration-testing firm that focuses more on the physical but also uses electronic measures to defeat defenses at banks and technology companies.
While the activity is now routine, the industry saw some controversy last year when two Coalfire Security employees were caught in a county courthouse during a penetration-testing engagement at state courthouses and charged with burglary —charges that eventually were reduced and then dropped. "The incident rocked the pentesting space," Rapid7 stated in its report. "Clearly, everyone involved in offensive security needs to strive to better explain the value of routine pentesting of our physical and virtual world."
The testing services continue to find significant issues. While poor password security is the most significant issue, inconsistent and delayed patching continues to be a problem as well. Companies are taking more than 90 days to patch half of the Internet critical systems, Beardsley says.
"We have to get better at rolling out critical patches," he says. "We need to get to a monthly cadence of patching systems."
After exploiting unpatched software, moving laterally across a network is the third most successful strategy for penetration testers, according to Rapid7's report. Techniques that use the Windows Management Instrumentation (WMI) service, PsExec — a telnet-like tool for remote access to Windows — or the Remote Desktop Protocol (RDP) are common ways for an attacker, and penetration tester, to extend their compromise to other machines on a network. The ransomware attacks WannaCry and NotPetya used the first two techniques to spread quickly through compromised networks in 2017 and 2018, the report notes.
"Most discussions of these worms focus on the EternalBlue exploits implemented but don't talk about the real reason why these worms are so effective: They use the same sophisticated techniques for lateral movement as real attackers and pen testers alike," the report states. "By recovering and reusing passwords on compromised systems, attackers can often flit from machine to machine in search of their ultimate targets."
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpts:
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
==================================================================
Why suffer with cyber-insecurity when there is better security at less than half the cost-Wave VSC 2.0?! A report surveying a year of penetration test finds that passwords still top the list of what attackers use to compromise systems!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Military's Top Cyber Official Defends More Aggressive Stance
https://www.securityweek.com/militarys-top-cyber-official-defends-more-aggressive-stance
The U.S. military’s top cyber official is defending the government’s shift toward a more aggressive strategy in cyberspace, saying the mission has evolved over the last decade from “a reactive and defensive posture” to keep pace with sophisticated threats.
Gen. Paul Nakasone, the commander of U.S. Cyber Command and the director of the National Security Agency, says in a piece being published Tuesday by the magazine Foreign Affairs that the military’s cyber fighters are increasingly prepared to engage in combat with online adversaries rather than wait to repair networks after they’ve been penetrated.
“We learned that we cannot afford to wait for cyber attacks to affect our military networks. We learned that defending our military networks requires executing operations outside our military networks. The threat evolved, and we evolved to meet it,” wrote Nakasone in a piece co-authored with Michael Sulmeyer, his senior adviser.
As an example, Nakasone cited a mission from last October in which Cyber Command dispatched an elite team of experts to Montenegro to join forces with the tiny Balkan state targeted by Russia-linked hackers. The “hunt forward” mission helped protect an ally but was also an opportunity for the U.S. to improve its own cyber defenses before the 2020 election, Nakasone wrote.
The proactive strategy is a change from a decade ago when Cyber Command was first established in the wake of a punishing cyber attack on the Defense Department’s classified and unclassified networks. Cyber Command, created in 2010 to protect U.S. military networks, was initially more focused on “securing network perimeters.”
In recent years, though, Cyber Command has gone on the offensive, as 68 cyber protection teams “proactively hunt for adversary malware on our own networks rather than simply waiting for an intrusion to be identified,” Nakasone said. It’s also doing more to combat adversaries on an ongoing basis and to broadly share information about malicious software it uncovers to make it a less effective threat.
“Some have speculated that competing with adversaries in cyberspace will increase the risk of escalation — from hacking to all-out war. The thinking goes that by competing more proactively in cyberspace, the risk of miscalculation, error, or accident increases and could escalate to a crisis,” Nakasone wrote.
He said that while Cyber Command takes those concerns seriously, “We are confident that this more proactive approach enables Cyber Command to conduct operations that impose costs while responsibly managing escalation. In addition, inaction poses its own risks: that Chinese espionage, Russian intimidation, Iranian coercion, North Korean burglary, and terrorist propaganda will continue unabated.”
==================================================================
If these defensive lapses continue unabated, why not try a different strategy that is more effective and could keep unauthorized (unknown and unapproved) devices off of the network. "Repair networks after they have been penetrated??" Use Wave solutions and better security at less than half the cost to avoid that problem and require less offensive need!!!
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
https://www.wavesys.com/
What is the Cybersecurity Maturity Model Certification (CMMC)?
https://securityboulevard.com/2020/07/what-is-the-cybersecurity-maturity-model-certification-cmmc/
=================================================================
Post #246094 (FBI and CISA warn of vishing attacks targeting teleworkers/Zdnet) could help show CMMC that Wave solutions should be part of the CMMC requirements. Unknown and unapproved devices would not have access to the network and sensitive data. Wave VSC 2.0 in the above scenario keeps the hacker from getting to the sensitive data because he/she doesn't have the computer (TPM). This is much more secure than the two factor authentication (OTP) in the vishing post above.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Firms Splurge on Security and Staff During Pandemic
https://www.infosecurity-magazine.com/news/firms-splurge-security-staff/
A majority of global organizations have been spending more on cybersecurity and compliance during the pandemic, whilst also reporting increased pressure to reduce costs, according to new Microsoft data.
The Redmond giant polled nearly 800 business leaders from organizations with over 500 employees in the UK, US, Germany and India to better understand how COVID-19 has impacted cybersecurity.
The report revealed that 58% had increased security budgets and 65% upped compliance spending, although 81% said they’re also under pressure to cut overall security costs. Organizations with mostly on-premises environments are apparently more likely to feel squeezed on budgets.
In terms of technology spending, multi-factor authentication (20%), endpoint device protection (17%) and anti-phishing tools were the top targets for investment.
That tallies with respondents’ claims that phishing has been the biggest risk, with 90% citing it.
In the longer term, 40% said they are prioritizing investments in cloud security tools such as Cloud Access Security Broker (CASB), Cloud Workload Protection Platform and Cloud Security Posture Management (CSPM), followed by data security (28%) and anti-phishing (26%).
Part of the increased spending on security has also gone on new hires, according to the Microsoft data.
Over two-fifths (42%) said they’d brought in new talent to help out, while 40% outsourced the work. On the other side, 31% said they’d instituted a hiring freeze and 19% had downsized their security team.
The pandemic has also accelerated plans to transition to a Zero Trust environment for more than half (51%) of respondents, perhaps linking back to the large numbers investing in MFA.
“Security technology is fundamentally about improving productivity and collaboration through inclusive end user experiences. Improving end user experience and productivity while working remotely is the top priority of security business leaders (41%), with ‘extend security to more apps for remote work’ identified as the most positively received action by users,” argued Microsoft Security general manager, Andrew Conway.
“Not surprisingly, then, ‘providing secure remote access to resources, apps and data’ is the biggest challenge. For many businesses, the journey begins with MFA adoption.”
==================================================================
Better security at less than half the cost!! - Wave VSC 2.0 (MFA).
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/
https://www.wavesys.com/contact-information
US financial regulator warns of phishing sites impersonating brokers
https://www.bleepingcomputer.com/news/security/us-financial-regulator-warns-of-phishing-sites-impersonating-brokers/
==================================================================
A solution like Wave Knowd could make for great trusted computing within the financial services market, and lead to better services and more clients for the brokers!!! Wave has already tested with Broadridge Financial and others. FINRA, financial services firms and brokers should be looking for a solution such as this!!!
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
=================================================================
https://www.wavesys.com/
FBI and CISA warn of major wave of vishing attacks targeting teleworkers
https://www.zdnet.com/article/fbi-and-cisa-warn-of-major-wave-of-vishing-attacks-targeting-teleworkers/
Hackers are calling employees working from home and tricking them into accessing phishing pages for corporate domains.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory on Thursday, warning about an ongoing wave of vishing attacks targeting the US private sector.
Vishing, or voice phishing, is a form of social engineering where criminals call victims to obtain desired information, usually posing as other persons.
According to the FBI and CISA, in mid-July 2020, cybercriminals started a vishing campaign targeting employees working from home for US companies. The attackers collected login credentials for corporate networks, which they then monetized by selling the access to corporate resources to other criminal gangs.
How attacks happened
The two cyber-security agencies didn't name targeted companies, but instead described the technique the attackers used, which usually followed the same pattern.
Per the two agencies, cybercrime groups started by first registering domains that looked like company resources, and then created and hosted phishing sites on these domains. The domains usually had a structure like:
•support-[company]
•ticket-[company]
•employee-[company]
•[company]-support
•[company]-okta
The phishing pages were made to look like a targeted company's internal VPN login page, and the sites were also capable of capturing two-factor authentication (2FA) or one-time passwords (OTP), if the situation required.
Criminal groups then compiled dossiers on the employees working for the companies they wanted to target, usually by "mass scraping of public profiles on social media platforms, recruiter and marketing tools, publicly available background check services, and open-source research."
Collected information included: name, home address, personal cell/phone number, the position at the company, and duration at the company, according to the two agencies.
The attackers than called employees using random Voice-over-IP (VoIP) phone numbers or by spoofing the phone numbers of other company employees.
"The actors used social engineering techniques and, in some cases, posed as members of the victim company's IT help desk, using their knowledge of the employee's personally identifiable information—including name, position, duration at company, and home address—to gain the trust of the targeted employee," the joint alert reads.
"The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA or OTP."
The rest of the article is at the above link.
=================================================================
If you have an employee who gets contacted by one of these hackers posing as an IT employee, and he/she is using Wave VSC 2.0 consider your organization fortunate. If your company uses a OTP in its 2FA consider yourself not so fortunate. With Wave VSC 2.0, the hacker needs your employee's computer (TPM)-- Obviously, its much more difficult to obtain the computer than the OTP!!! Use better security at less than half the cost - Wave VSC 2.0!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
CISA warns of BLINDINGCAN, a new strain of North Korean malware
https://www.zdnet.com/article/cisa-warns-of-blindingcan-a-new-strain-of-north-korean-malware/
=================================================================
https://www.wavesys.com/buzz/news/911-decade-later-%E2%80%93-better-paradigm-emerges-cyber-security
9/11, A Decade Later – A better paradigm emerges for cyber security
Author:
Steven Sprague
gsnmagazine.com -
Wednesday, September 28, 2011 -
The events of 9/11 illustrate in tragic detail the shortcomings of a black list approach to national security. The so-called black list model seeks to identify threats before they can manifest. The drawback, of course, is it cannot possibly defend well against every foreseeable threat, and is powerless against the unanticipated.
The counterpoint to the black list is the white list approach, which owns singular authority to define and grant all permissible freedoms. By permitting only pre-approved activities, it needn’t monitor endlessly for bad behavior and provides a stiffer defense against unimagined attacks.
=================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Excerpts:
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
Over 25% of all UK universities were attacked by ransomware
https://www.bleepingcomputer.com/news/security/over-25-percent-of-all-uk-universities-were-attacked-by-ransomware/
=================================================================
Ransomware: These warning signs could mean you are already under attack
https://www.zdnet.com/article/ransomware-these-warning-signs-could-mean-you-are-already-under-attack/
File-encrypting ransomware attacks can take months of planning by gangs. Here's what to look out for.
There are as many as 100 claims to insurers over ransomware attacks every day, according to one estimate. And as the average ransomware attack can take anywhere from 60 to 120 days to move from the initial security breach to the delivery of the actual ransomware, that means hundreds of companies could have hackers hiding in their networks at any time, getting ready to trigger their network-encrypting malware.
So what are the early indicators for companies that are trying to spot a ransomware attack before they cause too much damage? Any what should they do if they discover an attack in progress?
Encryption of files by ransomware is the last thing that happens; before that, the crooks will spend weeks, or longer, investigating the network to discover weaknesses. One of the most common routes for ransomware gangs to make their way into corporate networks is via Remote Desktop Protocol (RDP) links left open to the internet.
"Look at your environment and understand what your RDP exposure is, and make sure you have two-factor authentication on those links or have them behind a VPN," said Jared Phipps, VP at security company SentinelOne.
Coronavirus lockdown means that more staff are working from home, and so more companies have opened up RDP links to make remote access easier. This is giving ransomware gangs an opening, Phipps said, so scanning your internet-facing systems for open RDP ports is a first step.
Another warning sign could be unexpected software tools appearing on the network. Attackers may start with control of just one PC on a network – perhaps via a phishing email (indeed, a spate of phishing emails could be an indicator of an attack, and if staff are trained to spot them this could provide an early warning). With this toe-hold in the network, hackers will explore from there to see what else they can find to attack.
That means using network scanners, such as AngryIP or Advanced Port Scanner. If these are detected on the network, it's time to check in with your security team. If no one internally admits to using the scanner, it is time to investigate, according to tech security company Sophos, which has outlined some of the signs that a ransomware attack could be underway in a recent blog post.
Another red flag is any detection of MimiKatz, which is one of the tools most regularly used by hackers, along with Microsoft Process Explorer, in their attempts to steal passwords and login details, Sophos said.
Once they've gained access to the network, ransomware gangs will often next try to increase their reach by creating administrator accounts for themselves, for example in Active Directory, and use that extra power to start disabling security software using applications created to assist with the forced removal of software, such as Process Hacker, IOBit Uninstaller, GMER, and PC Hunter, said Sophos. "These types of commercial tools are legitimate, but in the wrong hands, security teams and admins need to question why they have suddenly appeared," the security firm said.
To stop this happening, companies need to look for accounts that are created outside of your ticketing system or account management system, said SentinelOne's Phipps. Once the attackers have gained administrator powers, they then attempt to spread further across the network, using PowerShell.
The whole project can take weeks, and maybe even months, for the ransomware gangs to execute. That's partly because the slower they move through the computer network, the harder they are to spot. And many security tools only record traffic on the network for a certain amount of time, which means if the hackers hold on for a while it becomes much harder for security teams to work out how they got into the system in the first place.
"It's like a flight data recorder: if you wait long enough, it records over the attack and there's no evidence they've figured that out," said Phipps. "It makes it harder for people to figure out and do the investigation because all the security tools they have show no data on entry."
There are also some clear signs that a ransomware attack is getting close to completion. The attackers will attempt to disable Active Directory and domain controllers, and corrupt any backups they can find, as well as disabling any software deployment systems that could be used to push patches or updates. "And then they'll hit you with the attack," said Phipps.
Sophos also noted that at this point the gang may attempt to encrypt a few devices just to see if their plan is going to work: "This will show their hand, and attackers will know their time is now limited."
Please see the above link for the rest of the article.
==================================================================
Using RDP in Wave VSC 2.0 (MFA) with Wave ERAS keep unknown and unapproved devices (hackers) off the network and thus protects organizations from ransomware!!! When hackers don't get on the network, there isn't problems like those in the highlighted text!!! So it would be wise to use Wave solutions and Wave SED management for further protection against ransomware.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Excerpt:
Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Top Cyber Security Experts Report: 4,000 Cyber Attacks a Day Since COVID-19 Pandemic
https://www.prnewswire.com/news-releases/top-cyber-security-experts-report-4-000-cyber-attacks-a-day-since-covid-19-pandemic-301110157.html
Cybersecurity companies, and law enforcement report 800% surge.
NEW YORK, Aug. 11, 2020 /PRNewswire/ -- The global pandemic has seen a huge rise in people working from home, shopping online, and generally being more digitally connected than ever. There are plenty of good things that have come from this but there is a lot of bad as well. One of the biggest issues is that cyberattacks have skyrocketed during this period, according to MonsterCloud. Cybercriminals have taken this opportunity to up their attacks, both in frequency and scope. Here is what you need to know about the rise in cyberattacks during the COVID-19 pandemic of 2020.
The numbers are staggering and scary. The FBI recently reported that the number of complaints about cyberattacks to their Cyber Division is up to as many as 4,000 a day. That represents a 400% increase from what they were seeing pre-coronavirus. Interpol is also seeing an "alarming rate of cyberattacks aimed at major corporations, governments, and critical infrastructure." These attacks are targeting all types of businesses but large corporations, governments, and critical medical organizations have been major targets.
Certain types of attacks are up even more. Microsoft reports that COVID-19 themed attacks, where cybercriminals get access to a system through the use of phishing or social engineering attacks, have jumped to 20,000 to 30,00 a day in the U.S. alone. Zohar Pinhasi, a cyber counter-terrorism expert and founder of the cybersecurity firm MonsterCloud, reports that ransomware attacks are up 800% during the pandemic. Pinhasi told CBS News, "From those criminals' perspective, it's heaven. They have stepped on a gold mine."
Please see the link above for the rest of the article.
==================================================================
What a cyber fiasco going on year after year!!! Use better security at less than half the cost. Many properly Wave protected organizations would quickly reverse the course of the number of daily cyber attacks!!!! Please see the links below for how cyber attacks could be prevented and stopped!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen
https://www.bleepingcomputer.com/news/security/us-spirits-and-wine-giant-hit-by-cyberattack-1tb-of-data-stolen/
Excerpts: The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest.
The actor also published screenshots of database backup entries as recent as July 2020, suggesting that the intruder had plenty of time to roam the network.
==================================================================
Wave solutions could have kept these intruders (unknown and unapproved devices) off the network and therefore kept them from accessing 1TB of confidential data!!! Along with phishing, ransomware can be so damaging to an organization, and Wave can stop it from happening with its solutions!!!
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Research Casts Doubt on Value of Threat Intel Feeds
https://www.darkreading.com/threat-intelligence/research-casts-doubt-on-value-of-threat-intel-feeds/d/d-id/1338676
Two commercial threat intelligence services and four open source feeds rarely provide the same information, raising questions about how security teams should gauge their utility.
Collect threat data from two of the largest threat intelligence providers, and the risk landscape they portray will be completely different — raising questions about the utility of threat intelligence feeds to organizations, a group of researchers said this week.
The researchers, from universities in the Netherlands and Germany, compared threat indicators from four open source threat intelligence feeds and two commercial feeds — which the researchers could not name — and found very little overlapping data between the services. On the commercial side, the larger Vendor 2 had 13% of the data covered by Vendor 1, while Vendor 1 only replicated 1.3% of the indicators from Vendor 2, said Xander Bouwman, a PhD candidate at Delft University of Technology and a primary author of the paper, in a presentation Wednesday.
"If two threat intelligence vendors are describing the same threats, you might expect that they are coming up with the same data," he said. "We find that this is not the case."
Even in tracking the same advanced persistent threat (APT) groups, threat intelligence vendors did not seem to collect the same data. Focusing on 22 threat groups that both vendors claimed to be tracking, the researchers found, at most, a 4% overlap in threat indicators, Bouwman said.
"This raises some questions about the coverage that these vendors are providing," he said. "If there is not so much overlap, what does that say about the visibility that these vendors are providing for the threat landscape as a whole?"
Threat intelligence includes open source threat intelligence, shared intelligence between organizations in the same industry, and commercial threat intelligence services. Open source threat intelligence often includes data from DNS blocklists, abuse feeds, malware hashes, and phishing lures. Shared intelligence is usually not available unless the organization joins a particular industry group.
Commercial threat intelligence is often sold as a combination of reports to inform security teams and analysts and machine-readable indicators of compromise (IOCs) that be used to detect threats. A typical commercial feed, for example, could have dozens of threat reports and hundreds of IOCs every month.
Unfortunately for potential customers, the uneven coverage means every threat intelligence provider's data set will be different, and there is little guarantee — or probability — that the threats will match what the customer will see. Without more information, the services are hard to evaluate, Bouwman said.
"This is what we refer to as a market with asymmetric information," he said. "The sellers know what they are selling, but the buyers don't know what they are buying."
The researchers compared the two commercial feeds with four open threat intelligence (OTI) feeds from Alienvault, Blocklist.de, CINScore, and EmergingThreats. While a few of the OTI feeds had significant overlap with other OTI sources, the commercial vendors had less than 1% overlap with any open threat intelligence feed.
The lack of overlap raises questions about coverage and whether the services are providing a realistic picture of the threat landscape, Bouwman said.
Customers typically use threat intelligence for network detection, situational awareness, and prioritizing security operations centers' (SOCs) activities, the researchers found. Commercial feeds are better at providing context to users, according to a survey of 14 users of threat intelligence. Moreover, threat intelligence does not seem to be limited by cost, with only one in five in the survey citing cost as a factor.
Unfortunately, customers are not very mature in terms of their knowledge of and skill in using threat intelligence, Bouwman said. Two respondents, for example, canceled their threat intelligence feeds because they were covering a sector unrelated to the organization's business.
"Customers do not seem to care about coverage, they are not optimizing for detection, and they are not talking about metrics," he said. "If they do mention metrics, it is almost always talking about false positives."
Overall, threat intelligence appears to be less about attaining insight into most threats and more about using the reports and IOCs as a way to understand the threat landscape, as well as occasionally for threat hunting. The most important factor may be whether the threat intelligence service helps save analyst time, the researchers stated.
Commercial vendors should help customers get the most productivity out of their feeds to justify their high cost, while customers need to require vendors to provide more information about the coverage the feeds provide, Bouwman said.
"In a market with asymmetric information, the willingness of consumers to pay might eventually go down because they cannot distinguish the good from the bad," he said.
==================================================================
The article above, and the Wave alternative sums up why using Wave solutions would be a better option (more efficient use of organizational resources) and better security!!!
==================================================================
https://www.wavesys.com/wave-alternative
Choose data protection that actually works.
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Over 43,000 Phishing Emails Slip Through NHS Security Filters
https://www.infosecurity-magazine.com/news/43000-phishing-emails-slip-through/
More than 43,000 NHS staff have been hit by phishing emails over the past few months, as they battled to save patients infected with COVID-19, a Freedom of Information (FOI) request has revealed.
Think tank Parliament Street asked NHS Digital for the data on spam and phishing emails from March to July 14.
A spokesperson confirmed to Infosecurity that the figures related to user reports of malicious and scam messages in their inbox, so the real total could be far higher.
If correct, it would mean that NHS Digital filters are failing to catch a significant volume of threats at a time when the health service is under extreme strain due to the pandemic.
The FOI request revealed a total of 43,108 reports of malicious emails made by doctors, nurses and other NHS staff during the period. The vast majority came from March (21,188) at the start of the crisis, with fewer reports in April (8085), May (5883) and June (6468), plus 1484 in the first half of July.
With reports circulating of cyber-criminals attempting to deploy malware in hospitals, the email inbox is a vital first-line-of-defense against potentially serious cyber-threats.
Although the 43,108 individuals who reported the emails are unlikely to have fallen for the scams, many attacks have been successful. NHS Digital revealed in June that over 100 NHS inboxes were compromised in such raids, although the end goal was not clear.
In some cases, employee finances have been targeted in the attacks: one NHS trust in the north-west warned that criminals impersonated employees in emails to HR and Payroll staff, with the aim of tricking them into changing staff bank account numbers.
Chris Ross, SVP sales international at Barracuda Networks, warned that hackers may also be after patient data to sell on the dark web.
“After the WannaCry attack of 2017, the NHS did a great job in eradicating many of its cyber-defense weaknesses, however, it’s important that they maintain this resilience and constantly keep up with the developing cyber-threat facing them,” he argued.
“Our recent research revealed that there has been a spike in cyber-criminals using official email domains, such as Gmail and Yahoo, to bypass inbox defences and trick users into revealing personal details by impersonating a colleague, manager or trusted partner.”
AI-powered tools can help in identifying unusual senders and requests, he added.
=================================================================
I wonder how many organizations are like the NHS with letting by thousands of phishing emails for a potential hack, and it just takes 1 phishing email to be acted upon to allow the hacker to break into the organization's network and apps to get sensitive data.
And here, Wave has the security to protect against phishing, and so many organizations could benefit by using Wave solutions!!!!
Use better security at less than half the cost!!!
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
An advanced group specializing in corporate espionage is on a hacking spree
https://www.cyberscoop.com/redcurl-groupib-russian-hacking-espionage/
A Russian-speaking hacking group specializing in corporate espionage has carried out 26 campaigns since 2018 in attempts to steal vast amounts of data from the private sector, according to new findings.
The hacking group, dubbed RedCurl, stole confidential corporate documents including contracts, financial documents, employee records and legal records, according to research published Thursday by the security firm Group-IB, which has offices in Moscow in Singapore. Victims spanned a range of industries — including construction, finance, retail and law — with headquarters in Russia, Ukraine, the U.K., Canada, Germany and Norway.
RedCurl relies on hacking techniques similar to groups known as RedOctober and CloudAtlas, another Russian-speaking group that’s targeted multiple entities and government networks “primarily in Russia,” according to the MITRE Corp.’s database of hacking groups. The Russian security vendor Kaspersky previously published its own findings about RedOctober and CloudAtlas, and Group-IB now suggests RedCurl’s focus on similar tactics “may indicate” that the group is a continuation of those prior attacks.
Typically, hackers would impersonate the victim organization’s human resources staff, sending emails promising employee bonuses to multiple workers in the same department in an apparent attempt to dull their defenses. A phishing email against the HR department would serve as the initial point of infection, giving attackers a launching point into the rest of the organization.
into the rest of the organization.
Group-IB did not speculate on where RedCurl is based. That the group speaks in Russian, as researchers noted, does not indicate RedCurl is a Russian-based hacking group. Russian-based hacking groups typically do not aim to infiltrate victims located within Russian borders, in part to avoid antagonizing the country’s intelligence agencies.
“For RedCurl, it makes no difference whether to attack a Russian bank or a consulting company in Canada,” Rustam Mirkasymov, head of Group-IB’s malware dynamic analysis team, said in an emailed statement. “Such groups focus on corporate espionage and employ various techniques to cover their activity, including the use of legitimate tools that are difficult to detect.”
In this case, the group exploits Microsoft’s PowerShell to insert its own malicious software scripts. Then, hackers typically spend between two to six months inside a breached network, collecting usernames, passwords and other sensitive data while trying to avoid detection.
Group-IB did not disclose the names of the victims in its report.
Update, Aug. 13, 7:27am ET: This article has been updated to clarify that Group-IB detected 26 RedCurl campaigns. A previous version of this story stated the group aimed to breach 26 organizations.
==================================================================
For those who are maybe unfamiliar with phishing emails with regard to the previous post #246085, this article could make their meaning more clear!!! The consequences of the phishing emails could be devastating as revealed in this article for the government and other organizations!!! Wave can protect against phishing emails.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Study finds election officials vulnerable to cyberattacks
https://thehill.com/policy/cybersecurity/509258-study-funds-election-officials-vulnerable-to-cyberattacks
=================================================================
After reading this article, one must think just how secure are government employees from phishing? Some of the initial indicators show that they could use the help of Wave VSC 2.0 and Wave solutions. With millions of dollars available for better security, use Wave at less than half the cost!!!
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
SANS Institute Phishing Attack Leads to Theft of 28,000 Records
https://www.infosecurity-magazine.com/news/sans-phishing-attack/
The SANS Institute has revealed that hundreds of emails from an internal account were forwarded to an unknown third party, compromising 28,000 records of personally identifiable information (PII).
The global cybersecurity training and certifications organization said in a statement that the incident came to light on August 6 after a regular review of email configuration identified a “suspicious forwarding rule.”
“This rule was found to have forwarded a number of emails from a specific individual's e-mail account to an unknown external email address,” it continued.
“The forwarded emails included files that contained some subset of email, first name, last name, work title, company name, industry, address, and country of residence. SANS quickly stopped any further release of information from the account.”
In total, 513 emails were forwarded to the external address, exposing nearly 30,000 records of PII. A malicious Office 365 add-on was apparently installed on the victim’s machine as part of the attack.
“We have identified a single phishing e-mail as the vector of the attack,” SANS explained. “As a result of the e-mail, a single employee's email account was impacted. Aside from the affected user, we currently believe that no other accounts or systems at SANS were compromised.”
The firm said its digital forensics team is currently investigating whether any other information was compromised, and to identify any opportunities to build resilience into its defenses and improvements into its incident response for the future.
No passwords or financial information was taken in the attack, and all affected individuals have now been notified, SANS said.
Refreshingly, the organization added that it may run an online session on the incident once the investigation is completed, “if there is information that we think would be useful to the community.”
Infosecurity has reached out to SANS for more information on the incident and will update the story if we hear back.
=================================================================
Wave protects against phishing and the SANS Institute could have avoided this incident by using Wave solutions!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping
https://threatpost.com/samsung-quietly-fixed-critical-galaxy-flaws-allowing-spying-data-wiping/158241/
=================================================================
Its amazing all the security problems Samsung/organizations could avoid by using Wave software. It makes sense to enable Wave software to protect organizations' phones.
=================================================================
Wave Joins ARM TrustZone Ready Program
Committed to Helping Chip Manufacturers Implement Industry Standard Security for Mobile Platforms
https://www.wavesys.com/buzz/pr/wave-joins-arm-trustzone-ready-program
Lee, MA -
September 26, 2012 -
Wave Systems Corp. (NASDAQ:WAVX) today announced that it has joined the ARM TrustZone® Ready Enablement Program to provide support and infrastructure for implementing enterprise security capabilities in mobile devices. As a partner in the program, Wave joins other industry leaders in helping chip manufacturers design and implement new industry standard security capabilities within ARM’s TrustZone architecture to enable full cross-platform interoperability across PCs, tablets, smartphones and other mobile devices.
TrustZone Technology (developed by ARM, the world’s leading semiconductor IP supplier) is a System-on-Chip security concept that involves a hardware-isolated space for a Trusted Execution Environment (TEE). Once integrated, core security services such as cryptography, storage and user interfaces can enable services to be deployed with a new level of security and convenience.
The primary goal of ARM's TrustZone Ready enablement program is to guide chip and device manufacturers to design robust, industry-certified security architecture into their products that will meet the needs of service providers looking to deploy secure services on secured platforms. Companies that implement system-wide security into their platforms can benefit from this program through a cohesive set of design blueprints, market requirements, and checklists aligned with industry standards.
“Smart phones, tablets and other devices are essential for today’s enterprise, and require access to sensitive applications and data. While these devices have excellent security for the mobile operator’s services, they lack basic security for use within an enterprise network,” commented Steven Sprague, Wave’s CEO. “ARM, with the TrustZone Ready Program, is taking the lead in making sure that standards-based security implemented in the TrustZone Trusted Execution Environment (TEE) is integrated into chipsets for mobile devices. Wave is committed to sharing its expertise in Trusted Platform Module (TPM) implementations, application development and trust infrastructure support.”
“Wave’s infrastructure for managing TPM and TPM-mobile-enabled devices will allow enterprise users to exploit the full capabilities of Trusted Computing Group standards across multiple device types,” added Jon Geater, Director of Technology for ARM Secure Services Division and Board Representative of ARM at GlobalPlatform. “ARM welcomes Wave into the TrustZone Ready Program as a valuable partner that will bring secure enterprise services to TrustZone secured devices running GlobalPlatform Trusted Execution Environments.”
Eliminating passwords, Providing Health Measurements for mobile devices
The TPM, shipped on more than half a billion PCs, is a cryptographic component built on specifications from the Trusted Computing Group. The TPM brings strong, enterprise-grade security features to consumer devices that are widely deployed in enterprise networks. The TPM for mobile devices is uniquely designed to support the security needs of multiple stakeholders, allowing enterprises to provide strong security in end-user applications, satisfy the security requirements of third-party application developers, and support other parties.
With a TPM Mobile implemented within the hardware-based security boundaries of ARM’s TrustZone and protected by a full function Trusted Execution Environment, enterprises will be able to take advantage of the strong security of the TPM in the following ways:
• Protect corporate devices and user identities
• Measure and attest to the integrity and health of the mobile device
• Implement secure network access
• Provide secure messaging for corporate traffic
• Reduce the need for user passwords, with reliance on the device itself as a strong authentication token for access to services and data, including cloud-based functions.
• Offer central control over devices which are lost or stolen to protect sensitive data
Increased emphasis on trusted computing is driving the security industry toward hardware-based technologies that offer improved access control, encryption, and the early detection of malware. With Wave’s industry-leading trusted computing solutions, customers are empowered to secure endpoint data, protect data-in-motion and ensure that only trusted devices gain access to the enterprise network. Wave’s solution will provide enterprises with cross-platform interoperability between PCs and mobile devices for trusted computing-based functions and applications.
Data Breach at Illinois Healthcare System
https://www.infosecurity-magazine.com/news/data-breach-at-illinois-healthcare/
Illinois healthcare system FHN has notified patients of a data breach that took place in February.
An investigation was launched by the Freeport-based healthcare provider after it transpired that the email accounts of a number of employees had been compromised.
According to a notice issued by FHN, the alarm was raised when suspicious activity was spotted within the compromised email accounts. FHN responded by securing the accounts and hiring a "leading computer forensic firm" to determine what had occurred.
The investigation into the incident concluded on April 30 and determined that an unauthorized person accessed the accounts between February 12 and February 13.
FHN stated: "The investigation was unable to determine whether the unauthorized person actually viewed any emails or attachments in the accounts. Out of an abundance of caution, we reviewed the emails and attachments contained in the email accounts to identify patient information that may have been accessible to the unauthorized person."
After reviewing the emails and attachments that were compromised in the incident, FHN found that sensitive data belonging to some patients had been accessible to the unauthorized third party.
Information exposed in the data breach included some patients’ names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information.
In some instances, patients’ health insurance information and/or Social Security numbers were also identified in the compromised email accounts.
"This incident did not affect all FHN patients, but only those patients whose information was contained in the affected email accounts," stated FHN.
FHN is offering complimentary credit monitoring and identity protection services to those patients whose Social Security numbers and/or drivers’ license numbers were exposed in the incident.
FHN announced on July 31 that patients had been notified of the data breach. The company said it was taking steps to prevent future cyber-incidents.
"To help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancements to our email environment, including enabling multi-factor authentication," stated FHN.
==================================================================
Now if FHN had used Wave VSC 2.0, would there have been this unauthorized (unknown and unapproved devices) access to the employees' email accounts.... NO!! Better security at less than half the cost!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Ivanka Trump uses an ancient Dell laptop - here's what we know about it
Laptop mag
It has a Trusted Platform Module.
=================================================================
Hopefully the ways that Wave could be protecting Ivanka's computer and data with an activated TPM and an initialized SED are being done so.
=================================================================
https://www.wavesys.com/
Annual Government Spending Approaches Historic Territory
https://www.nextgov.com/cio-briefing/2020/08/annual-government-spending-approaches-historic-territory/167474/
Driven heavily by the Defense Department, contract spending across government will exceed $600 billion in fiscal 2020.
Even before the COVID-19 pandemic forced the federal government into emergency spending mode, agencies—including the Defense Department—were on pace to blow past the single-year contract spending record of $598 billion set in fiscal 2019.
As of Aug. 5, the federal government has obligated $438 billion in spending, with agencies expected to unload almost $200 billion more before the close of the 2020 fiscal year on Sept. 30, according to a Bloomberg Government analysis. The government typically spends about one-third of all money appropriated by Congress in its fourth quarter—July, August and September—since most money unspent is returned to the Treasury.
“We’ve been saying at the end of fiscal 2020, total government spending is likely to be around $630 billion,” Daniel Synder, director of government contracts analysis at Bloomberg Government, told Nextgov. “That was before we factored anything related to the CARES Act or COVID-19 spending.”
Synder said the $2 trillion stimulus package passed in March could add another $10 billion to $20 billion to the government’s total discretionary spending in fiscal 2020—much of it on networking capacity, bandwidth and telework services—which would put the government’s total discretionary spending to $650 billion or more.
The government’s discretionary spending has increased significantly since 2015, driven largely by the Defense Department. Discretionary spending at the Army, Navy and Air Force each jumped approximately 10% in fiscal 2019. Since 2015, annual defense spending on contracts increased $122 billion—totaling $404 billion in fiscal 2019—while civilian agencies spent some $193 billion on goods and services in fiscal 2019. Agencies that deal with health care, including the Veterans Affairs and Health and Human Services departments, saw the largest increases in discretionary spending among civilian agencies. Conversely, the departments of Energy, State and Homeland Security saw their discretionary spending obligations decrease.
The fourth quarter spending surge is likely to drive record technology spending as well. Bloomberg Government’s analysis estimates agencies will obligate about $28 billion on unclassified IT contracts in the fourth quarter, about $1 billion more than agencies spent last year.
==================================================================
With all the damage that Russia and China are doing on government networks and to organizations, and all of this free cash flow that the government currently has, spending it on MFA (Wave VSC 2.0) and Wave solutions would be one of the most efficient and effective ways to allocate the funds!!! Stopping unauthorized access, stopping ransomware, stopping the effects of phishing, stopping malware and stopping cyber attacks: Who does all that?? WAVE DOES!!!! Hasn't this cyber fiasco gone on long enough?!
Better security at less than half the cost!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Microsoft Office 365 is becoming the core of many businesses. And hackers have noticed
https://www.zdnet.com/article/microsoft-office-365-is-becoming-the-core-of-many-businesses-and-hackers-have-noticed/
As cloud-based services become the key to many business operations, hackers are refocusing their aim.
As the use of Microsoft's Office 365 grows – encompassing services including Exchange, Teams, SharePoint, OneDrive and more –the sheer amount of data stored in the cloud is proving to be a tempting target for some of the most sophisticated hacking operations in the world, according to cybersecurity researchers at FireEye Mandiant.
"The amount of data in Office 365 is just huge and attackers are obviously interested in data. But also they can now access that data from pretty much anywhere in the world," Doug Bientock, principal consultant at Mandiant told ZDNet, ahead of the research being presented at the Black Hat USA security virtual conference.
It often doesn't take much for hackers to compromise the networks of organisations they're targeting; it's possible to acquire lists of email addresses of employees at a company, and attackers will attempt to use brute-force attacks to crack any common or weak passwords. It doesn't even have to involve a spear-phishing attack. Some attacks, however, are significantly more sophisticated.
"The attacker will take those valid credentials, login to the VPN and they will move around the network with the intent of escalating their privileges to a global admin account for Office 365," Josh Madeley, principal consultant at Madiant and co-author of the presentation, told ZDNet.
It's believed that a significant majority of – if not all – state-backed advanced persistent threat (APT) groups are interested in deploying this kind of attack, but one that definitely has is APT35, a hacking operation working out of Iran, which Madeley described as "notorious" for exploiting cloud services to gain access to the sensitive information it wants to see.
"They'll gain access to your Office 365 environment then use the security tooling to search the contents of every mailbox, every Teams chat, every SharePoint document," he explained.
From there, APT35 search for credentials that'll give them access to other departments, even other companies, and anywhere they can extract sensitive information from.
The hackers are not trying to exploit a weakness in Office 365; simply the way in which it has become a core part of corporate IT infrastructure makes it an attractive target. But the way corporations and users are securing Office 365 could be improved to protect against attacks of this kind. The first step organisations can take to prevent attacks is to make sure that common, easily guessable passwords aren't being used.
Organisations should also ensure that multi-factor authentication is applied to as many employee accounts as possible, so in the event of a password being stolen or beached, there's an additional layer of defence to stop attacks.
"The biggest two things we recommend are enabling multi-factor and doing it intelligently with as few exceptions as possible. So everyone in the organisation and every application needs to apply multi-factor – and think about how often you want to prompt that," said Bienstock.
It's also recommended that organisations take the time to understand activity on their networks, so it's possible to detect and stop suspicious activity before it can do significant damage.
"There's good security out of the box in Office 365, but if you need to protect against APTs, there needs to be some time and effort into understanding the logs and building up robust monitoring so you can see something is happening when it shouldn't be so you can cut them off," he said.
=================================================================
https://www.wavesys.com/
When choosing a MFA solution, choose better security at less than half the cost (Wave VSC 2.0)!!!
=================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Excerpts:
Key Features:
Easy security compliance
• Comports with NIST guidelines for BIOS integrity
Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
• Real-time alerts for zero-day detection of APTs
• Get Windows 8 Malware protection now—WEM covers previous versions of Windows
Punishing Cybersecurity Errors Found to be Counterproductive
https://www.infosecurity-magazine.com/news/punishing-cybersecurity-errors/
Over four in 10 (42%) organizations take disciplinary action against employees who make cybersecurity errors, which puts them at greater risk of attack, according to a new study by CybSafe.
In a survey of UK businesses, it was found that mistakes such as falling for simulated phishing scams are regularly punished. This includes naming and shaming employees (15%), decreasing access privileges (33%) and locking computers until appropriate training has been completed (17%). Additionally, 63% of organizations will inform the employees’ line manager when cyber-mistakes are made.
As part of the research, CybSafe conducted a lab-based experiment to test the impact of these kinds of punishments. It found that doing so has a “highly detrimental” impact on staff, with punishments increasing anxiety levels and reducing productivity. The findings suggest punishments may have a long-term impact on employees’ mental health and actually reduce their cyber-resilience.
Dr John Blythe, head of behavioural science at CybSafe, commented: “People fall for phishing attacks and other cybersecurity mistakes because they’re human and because they have been trained to click links. Bad habits are difficult to shake, especially when today’s phishing attacks can be highly convincing.”
“Formally punishing staff for making cybersecurity slips is, in the vast majority of instances, a problematic approach. It’s unfair and diminishes productivity. It can cause heightened levels of resentment, stress, and scepticism about cybersecurity.”
Blythe added that this kind of approach may make staff more reluctant to report cybersecurity errors quickly, putting organizations in more danger.
Dr Matthew Francis, executive director at CREST, said: “The findings have highlighted how some well-meaning organizations are negatively impacting their cyber-resilience by ‘outing’ or reprimanding individuals and that cybersecurity errors can serve as positive opportunities to educate people, to trigger long-term and sustained changes in security awareness and behavior."
=================================================================
Rather than have companies punishing their employees for wrong moves when it comes to phishing, why not use Wave VSC 2.0 which protects users and organizations from the effects of phishing?!! A LOT more organizations should be using Wave VSC 2.0!!!
==================================================================
wavesys.com
Survey: FIs are spending 15Pct more YoY on Cybersecurity
https://www.pymnts.com/news/security-and-risk/2020/survey-financial-institutions-are-spending-15-percent-more-yoy-cybersecurity/
Financial institutions (FIs) plan to spend 15 percent more protecting their computer networks in 2020 than they spent in 2019, according to a report based on the results of a survey conducted by Deloitte & Touche LLP and the Financial Services Information Sharing and Analysis Center.
The survey examined cybersecurity spending per employee and concluded it increased on average to $2,691 annually from $2,337. It also found that some unnamed FIs expect to spend more than $3,000 per employee this year.
The authors of the report based on the survey wrote: “Over the last few months, the COVID-19 pandemic has forced many companies to accelerate their digitization efforts. As office closures and restricted movement compelled everyone and everything that could go virtual to do so, many institutions had to more fully embrace a digital transformation in operations, distribution and customer engagement.
“This sudden shift, however, has compounded problems for many chief information security officers (CISOs) and cybersecurity teams charged with securing the digital fortress at their firms. Hackers and cyberscammers are trying to take advantage of expanding technology footprints and new attack surfaces, with most employees working remotely.”
The World Economic Forum also stated in a late July report that the swift move by companies to digital operations is creating opportunities for cybercriminals.
Bloomberg, working with data contained in the report, calculated that for the biggest banks, which tend to spend more on security than smaller peers, the totals could approach $1 billion annually: roughly $850 million annually for J.P. Morgan Chase and nearly $900 million annually for Wells Fargo. Bloomberg’s methodology would have Citigroup and Bank of America spending about $700 million annually each.
The survey was conducted in late 2019 and January 2020 and included 53 participating firms.
Consultancy Accenture found in 2019 that the leading attacks on large organizations that year were malware attacks, web-based attacks and denial-of-service attacks.
==================================================================
Financial institutions have a big responsibility on providing great cybersecurity. Please see the article below which reveals the kind of cybersecurity FI's would want by increasing their budgets. Wave VSC 2.0 - Better security at less than half the cost!!! Please see the link below for all of Wave's solutions.
==================================================================
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
Wins competitive evaluation against market leader in two-factor authentication tokens
https://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Lee, MA -
December 17, 2015 -
Wave Systems Corp. (NASDAQ: WAVX) announces a five-year master licensing agreement (MLA) with a leading global corporation (as determined by the 2015 Fortune Global 500 List) for its Virtual Smart Card 2.0 solution. This MLA sets the terms and pricing for licenses and maintenance across the customer’s global organization and establishes it as their preferred two-factor authentication solution. Instead of one large license purchase for the entire organization, each of the customer’s subordinate divisions will make separate orders in accordance with the terms of this MLA.
The first purchase of 2,000 VSC 2.0 licenses under this agreement, when added to a previous purchase, completes the requirement for the customer’s global IT division. That division will now lead the internal effort to standardize the remaining 150,000+ endpoints within their organization with the new Wave VSC 2.0 solution. While there are no minimum order requirements under the agreement, discussions for additional orders are underway.
“Our five-year agreement with this customer is the first very large scale contract for VSC 2.0 and is an important milestone for Wave,” said Bill Solms, President and CEO of Wave Systems. “This customer is a major global financial services company and their standards for protecting their systems from unauthorized access and the integrity of their data are of the highest order. Wave had to pass a very rigorous technical and business review to win the competition. We believe that this client’s decision to choose Wave Virtual Smart Card 2.0 over their incumbent solution gives us tremendous credibility in the two-factor authentication market. We will remain engaged with this company in order to complete the additional sales and deployments in the months ahead.”
Wave Virtual Smart Card 2.0 is a tokenless, hardware-based, two-factor authentication solution that offers superior security at less than half the cost of comparable solutions. It is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7, 8 and 10. It also provides management support for the Microsoft Virtual Smart Card on Windows 8 and 10. Wave’s VSC solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, significantly lower total cost of ownership, and a greatly reduced risk of unauthorized access.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure Passphrase and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with both TPM 1.2 and TPM 2.0 security chips
==================================================================
https://www.wavesys.com/
DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns
https://www.cyberscoop.com/taidoor-malware-report-china-cisa-dod-fbi/
Excerpts:
It wasn’t immediately clear if Taidoor was being used in any recent or ongoing espionage campaigns from China. But of the four malware samples Cyber Command shared on VirusTotal, only two are detected by any engines.
Even in the cases where the private sector does have protections related to Taidoor campaigns, the protections aren’t widespread — only FireEye and BitDefender protect against some parts of the Taidoor upload.
==================================================================
Given how Wave Endpoint Monitor works, it makes a lot of sense that Wave could be stopping this malware. Others don't appear to have the technological advantage that Wave Endpoint Monitor has. The Chinese malware has been going on for 10 years. WEM should be protecting your organization against malware and sneaky malware like this!!!
==================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately
A Patriotic Solution to the Cybersecurity Skills Shortage
https://www.darkreading.com/operations/a-patriotic-solution-to-the-cybersecurity-skills-shortage-/a/d-id/1338475
Excerpts:
A June survey of 273 cybersecurity professionals conducted by organizers of Black Hat confirmed a jaw-dropping reality to many working in the security industry — 92% of respondents said there is "a shortage of well-trained and qualified security professionals [that] is significantly affecting the safety and security of data, both personal and financial."
That's terrifying … and most of America has no idea. Even in a time of double-digit unemployment, there is no sign the cybersecurity workforce gap will be filled quickly.
It's not enough to just change the direction of a trend line; this is a chance to create opportunities and add new firepower in our fight against cybercrime (which, by the way, costs the global economy $400 billion a year — and that number is growing).
================================================================
What if we used cyber technology that Wave has to reduce the demand for cybersecurity professionals!!! With Wave VSC 2.0 and Wave ERAS, unknown and unapproved devices could be kept off the network. This could keep all of the research being done to track potential bad guys on the network with existing technology could be done better by Wave by only allowing known and approved devices on the network. Less demand for cybersecurity workers and greater security and greater efficiency for the organization using Wave solutions!!!!
Better security at less than half the cost!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Huawei somehow becomes the #1 phone manufacturer, thanks to the coronavirus
https://arstechnica.com/gadgets/2020/07/huawei-claims-1-smartphone-spot-after-samsung-sales-plummet/
Huawei survives the COVID-19 economy, Samsung tanks, and Apple's sales are way up.
==================================================================
With Samsung's phone sales having tanked 30%, phone security that is done right (use Wave software) could be a big new advantage for Samsung's future sales and help existing customers before they upgrade!!! It will also help protect organizations' networks. Having secure Samsung phones in corporate fleets could re-solidify Samsung's brand and sales!! Please read posts 245994 and 246007 for more information on Samsung and Arm.
=================================================================
https://www.wavesys.com/
Nation State Attackers Shift to Credential Theft
https://www.infosecurity-magazine.com/news/nation-state-attackers-shift-to/
A greater focus is being placed on credential theft by nation state actors rather than stealing money.
Speaking on a virtual briefing, Jens Monrad, head of Mandiant Threat Intelligence for EMEA at FireEye, focused on attacks from Russia, Iran and China and their various activities. Monrad said attacks are easily done because of the user’s common digital footprint, which can allow an attacker to pick up on items about the victim and use them in a social engineering scenario.
He explained that the biggest detection of malware seen by FireEye customers is focusing on stealing credentials and stealing information “and that makes sense as regardless of your motivation, if you can steal or buy stolen credentials. you will make less noise in your operation.”
Furthermore, if an attacker wanted to do a high stake “heist,” or if you wanted to rob a house, if you could purchase the access code to the alarm system or purchase the keys, you make less noise than if you break in and make more noise.
“Credentials can vary from anything that requires a username and password to databases or access to cloud environments,” he said. “This is just part of the ecosystem we currently see, and [cyber-criminals] advertise databases and tools and services on the underground forums.”
Monrad added, from a cyber-criminal perspective or even as part of nation state campaign, buying those credentials may give you more of a silent entry into a system. “If you’re a cyber-criminal deploying ransomware post-compromise, this will make you more successful in your intrusions.”
He said this is why Mandiant is focused on credential theft as a sole operation, as it sees this as a challenge for organizations to control their credentials, to monitor for stolen credentials and to make sure that they use the best guidance on passwords and enforcing MFA.
Asked by Infosecurity if the company's research had not considered nations which were seeking financial gain from attacks, such as North Korea, Monrad said the intention had been to focus on diplomatic attacks by Russia, “dual use” by China and “where anything is a threat” by Iran, but he admitted that where North Korea is involved, they do still see “those big money heists."
He said that financial attacks are still happening, and there are more standard cyber-attacks taking place where the attacker tries “to gain large financial sums in one cyber-attack,” but the “longer game” with credential theft is now common, and from a cyber-criminal perspective, the value in purely financial attacks is diminishing, with more money made from “selling access to desktop machines.
“With the exception of North Korea we do see that change,” he concluded, noting there is more interest in interacting with the banking transfer systems and mechanisms, and specifically with the SWIFT banking transfer system.
==================================================================
Built-in security (TPM) is already built-in to business computers to act as a piece of authentication in addition to a PIN with Wave VSC 2.0 that protects against Nation State credential theft. The Nation State hacker would need your computer (TPM) to try to get at your data!!! That is much more difficult than having unprotected computer credentials stolen by a Nation State!!!
That's one way Wave can protect organizations from the effects of credential theft. The other is unknown and unapproved devices can be kept off the network so they don't steal sensitive data (or credentials)!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Today’s ‘mega’ data breaches now cost companies $392 million to recover from
https://www.zdnet.com/article/todays-mega-data-breaches-now-cost-companies-392-million-in-damages-lawsuits/
==================================================================
Taking chances with cybersecurity products other than Wave VSC 2.0 have yielded less than spectacular results (100,000+ data breaches in the last few years) and sticking with them could lead to more breaches or mega breaches. Make the wise choice, and prevent breaches with Wave!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Hacker leaks 386 million user records from 18 companies for free
https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/
=================================================================
Its baffling that situations like these happen over and over again, and Wave has the solutions to solve the problems. Eventually the market is going to wake up to solving data breaches by using Wave solutions to it's massive benefit!!! Word of mouth, and word to social media, email can be great marketing!!!
==================================================================
https://www.wavesys.com/
Dave data breach affects 7.5 million users, leaked on hacker forum
https://www.bleepingcomputer.com/news/security/dave-data-breach-affects-75-million-users-leaked-on-hacker-forum/
=================================================================
Promo.com discloses data breach after 22M user records leaked online
https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/
=================================================================
Data breaches seem to be never ending occurences, but with Wave ERAS and Wave VSC 2.0, these solutions solve the problems in a multitude of ways. Only known and approved devices on the network and then the unknown and unapproved devices (hackers) don't have access to sensitive data (ie. databases with 7.5 million and 22 million records on them)
Wave VSC 2.0 could prevent the effects of credential stuffing which could give hackers access to more users' sites.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
==================================================================
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
https://www.wavesys.com/
Oversight Democrats Want at Least $1B for Technology Upgrades in Next Relief Bill
https://www.nextgov.com/it-modernization/2020/07/oversight-democrats-want-least-1b-technology-upgrades-next-relief-bill/167200/
==================================================================
With all the bad stuff that has happened in the cyberworld like phishing, ransomware, unauthorized access, malware and cyberattacks, and others, isn't it time to utilize Wave VSC 2.0 and Wave solutions by updating government systems!! Wave solutions could prevent this bad stuff from happening!!! Better security at less than half the cost!!!
Choose data protection that actually works!!
https://www.wavesys.com/wave-alternative
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Russia’s GRU hackers hit US government and energy targets
https://arstechnica.com/information-technology/2020/07/russias-gru-hackers-hit-us-government-and-energy-targets/?comments=1
A previously unreported Fancy Bear campaign persisted for well over a year.
Russia's GRU military intelligence agency has carried out many of the most aggressive acts of hacking in history: destructive worms, blackouts, and—closest to home for Americans—a broad hacking-and-leaking operation designed to influence the outcome of the 2016 US presidential election. Now it appears the GRU has been hitting US networks again, in a series of previously unreported intrusions that targeted organizations ranging from government agencies to critical infrastructure.
From December 2018 until at least May of this year, the GRU hacker group known as APT28 or Fancy Bear carried out a broad hacking campaign against US targets, according to an FBI notification sent to victims of the breaches in May and obtained by WIRED. According to the FBI, the GRU hackers primarily attempted to break into victims’ mail servers, Microsoft Office 365 and email accounts, and VPN servers. The targets included "a wide range of US-based organizations, state and federal government agencies, and educational institutions," the FBI notification states. And technical breadcrumbs included in that notice reveal that APT28 hackers have targeted the US energy sector, too, apparently as part of the same effort.
Please see the above link for the rest of this article.
=================================================================
Wave VSC 2.0 - BETTER SECURITY AT LESS THAN HALF THE COST!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Air Force crafts $1B cybersecurity contract for small businesses
https://www.fedscoop.com/air-force-agile-cybersecurity-technology-contract/
=================================================================
Calling on Bill Solms and Steven Sprague for their help in this and other Wave matters. They were on the verge of making Wave great!!
Vulnerability in Cisco Firewalls Exploited Shortly After Disclosure
https://www.securityweek.com/vulnerability-cisco-firewalls-exploited-shortly-after-disclosure
Cisco this week informed customers that it has patched a high-severity path traversal vulnerability in its firewalls that can be exploited remotely to obtain potentially sensitive files from the targeted system. The first attempts to exploit the flaw were observed shortly after disclosure.
The vulnerability, identified as CVE-2020-3452, impacts the web services interface of Cisco’s Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software, which run on the company’s firewalls.
According to the networking giant, an attacker can exploit the vulnerability without authentication by sending an HTTP request with directory traversal character sequences to the targeted device. However, the company pointed out that the attack only works if the device uses the AnyConnect or WebVPN feature with a certain configuration.
Cisco has also highlighted that exploiting the vulnerability only allows the attacker to access files on the web services file system, not ASA or FTD system files or files on the underlying operating system.
“The web services files that the attacker can view may have information such as WebVPN configuration, bookmarks, web cookies, partial web content, and HTTP URLs,” Cisco explained.
The vulnerability was reported to Cisco by Mikhail Klyuchnikov of Positive Technologies and independently by Abdulrahman Nour and Ahmed Aboul-Ela of RedForce.
“The cause [of the vulnerability] is a failure to sufficiently verify inputs,” Klyuchnikov explained. “An attacker can send a specially crafted HTTP request to gain access to the file system (RamFS), which stores data in RAM. Thus an attacker could read certain WebVPN files containing such information as the WebVPN configuration of Cisco ASA users, bookmarks, cookies, web content, and HTTP URLaddresses.”
Cisco initially said it was not aware of any attacks exploiting CVE-2020-3452, but within hours the company updated its advisory to inform customers that a PoC exploit had been made available.
Aboul-Ela published a PoC exploit on Twitter and others published an NMAP script for it. Cisco’s advisory was again updated roughly 24 hours after disclosure to say that the company had become aware of “active exploitation of the vulnerability.” No details appear to have been made available on these attacks.
Rapid7 reported seeing 85,000 ASA/FTD devices on the internet, including 398 spread across 17% of the Fortune 500 companies. Only roughly 10% of the exposed devices have been rebooted since the release of the patch, which indicates that they have likely been patched.
==================================================================
https://www.wavesys.com/wave-alternative
Excerpts:
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Please see the above link for the full Wave Alternative!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Taking on the perfect storm in cybersecurity
https://techcrunch.com/2020/07/23/taking-on-the-perfect-storm-in-cybersecurity/?renderMode=ie11
==================================================================
https://www.wavesys.com/wave-alternative
Choose data protection that actually works
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information