Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
US financial regulator warns of phishing sites impersonating brokers
https://www.bleepingcomputer.com/news/security/us-financial-regulator-warns-of-phishing-sites-impersonating-brokers/
==================================================================
A solution like Wave Knowd could make for great trusted computing within the financial services market, and lead to better services and more clients for the brokers!!! Wave has already tested with Broadridge Financial and others. FINRA, financial services firms and brokers should be looking for a solution such as this!!!
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
=================================================================
https://www.wavesys.com/
FBI and CISA warn of major wave of vishing attacks targeting teleworkers
https://www.zdnet.com/article/fbi-and-cisa-warn-of-major-wave-of-vishing-attacks-targeting-teleworkers/
Hackers are calling employees working from home and tricking them into accessing phishing pages for corporate domains.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory on Thursday, warning about an ongoing wave of vishing attacks targeting the US private sector.
Vishing, or voice phishing, is a form of social engineering where criminals call victims to obtain desired information, usually posing as other persons.
According to the FBI and CISA, in mid-July 2020, cybercriminals started a vishing campaign targeting employees working from home for US companies. The attackers collected login credentials for corporate networks, which they then monetized by selling the access to corporate resources to other criminal gangs.
How attacks happened
The two cyber-security agencies didn't name targeted companies, but instead described the technique the attackers used, which usually followed the same pattern.
Per the two agencies, cybercrime groups started by first registering domains that looked like company resources, and then created and hosted phishing sites on these domains. The domains usually had a structure like:
•support-[company]
•ticket-[company]
•employee-[company]
•[company]-support
•[company]-okta
The phishing pages were made to look like a targeted company's internal VPN login page, and the sites were also capable of capturing two-factor authentication (2FA) or one-time passwords (OTP), if the situation required.
Criminal groups then compiled dossiers on the employees working for the companies they wanted to target, usually by "mass scraping of public profiles on social media platforms, recruiter and marketing tools, publicly available background check services, and open-source research."
Collected information included: name, home address, personal cell/phone number, the position at the company, and duration at the company, according to the two agencies.
The attackers than called employees using random Voice-over-IP (VoIP) phone numbers or by spoofing the phone numbers of other company employees.
"The actors used social engineering techniques and, in some cases, posed as members of the victim company's IT help desk, using their knowledge of the employee's personally identifiable information—including name, position, duration at company, and home address—to gain the trust of the targeted employee," the joint alert reads.
"The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA or OTP."
The rest of the article is at the above link.
=================================================================
If you have an employee who gets contacted by one of these hackers posing as an IT employee, and he/she is using Wave VSC 2.0 consider your organization fortunate. If your company uses a OTP in its 2FA consider yourself not so fortunate. With Wave VSC 2.0, the hacker needs your employee's computer (TPM)-- Obviously, its much more difficult to obtain the computer than the OTP!!! Use better security at less than half the cost - Wave VSC 2.0!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
CISA warns of BLINDINGCAN, a new strain of North Korean malware
https://www.zdnet.com/article/cisa-warns-of-blindingcan-a-new-strain-of-north-korean-malware/
=================================================================
https://www.wavesys.com/buzz/news/911-decade-later-%E2%80%93-better-paradigm-emerges-cyber-security
9/11, A Decade Later – A better paradigm emerges for cyber security
Author:
Steven Sprague
gsnmagazine.com -
Wednesday, September 28, 2011 -
The events of 9/11 illustrate in tragic detail the shortcomings of a black list approach to national security. The so-called black list model seeks to identify threats before they can manifest. The drawback, of course, is it cannot possibly defend well against every foreseeable threat, and is powerless against the unanticipated.
The counterpoint to the black list is the white list approach, which owns singular authority to define and grant all permissible freedoms. By permitting only pre-approved activities, it needn’t monitor endlessly for bad behavior and provides a stiffer defense against unimagined attacks.
=================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Excerpts:
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.
Over 25% of all UK universities were attacked by ransomware
https://www.bleepingcomputer.com/news/security/over-25-percent-of-all-uk-universities-were-attacked-by-ransomware/
=================================================================
Ransomware: These warning signs could mean you are already under attack
https://www.zdnet.com/article/ransomware-these-warning-signs-could-mean-you-are-already-under-attack/
File-encrypting ransomware attacks can take months of planning by gangs. Here's what to look out for.
There are as many as 100 claims to insurers over ransomware attacks every day, according to one estimate. And as the average ransomware attack can take anywhere from 60 to 120 days to move from the initial security breach to the delivery of the actual ransomware, that means hundreds of companies could have hackers hiding in their networks at any time, getting ready to trigger their network-encrypting malware.
So what are the early indicators for companies that are trying to spot a ransomware attack before they cause too much damage? Any what should they do if they discover an attack in progress?
Encryption of files by ransomware is the last thing that happens; before that, the crooks will spend weeks, or longer, investigating the network to discover weaknesses. One of the most common routes for ransomware gangs to make their way into corporate networks is via Remote Desktop Protocol (RDP) links left open to the internet.
"Look at your environment and understand what your RDP exposure is, and make sure you have two-factor authentication on those links or have them behind a VPN," said Jared Phipps, VP at security company SentinelOne.
Coronavirus lockdown means that more staff are working from home, and so more companies have opened up RDP links to make remote access easier. This is giving ransomware gangs an opening, Phipps said, so scanning your internet-facing systems for open RDP ports is a first step.
Another warning sign could be unexpected software tools appearing on the network. Attackers may start with control of just one PC on a network – perhaps via a phishing email (indeed, a spate of phishing emails could be an indicator of an attack, and if staff are trained to spot them this could provide an early warning). With this toe-hold in the network, hackers will explore from there to see what else they can find to attack.
That means using network scanners, such as AngryIP or Advanced Port Scanner. If these are detected on the network, it's time to check in with your security team. If no one internally admits to using the scanner, it is time to investigate, according to tech security company Sophos, which has outlined some of the signs that a ransomware attack could be underway in a recent blog post.
Another red flag is any detection of MimiKatz, which is one of the tools most regularly used by hackers, along with Microsoft Process Explorer, in their attempts to steal passwords and login details, Sophos said.
Once they've gained access to the network, ransomware gangs will often next try to increase their reach by creating administrator accounts for themselves, for example in Active Directory, and use that extra power to start disabling security software using applications created to assist with the forced removal of software, such as Process Hacker, IOBit Uninstaller, GMER, and PC Hunter, said Sophos. "These types of commercial tools are legitimate, but in the wrong hands, security teams and admins need to question why they have suddenly appeared," the security firm said.
To stop this happening, companies need to look for accounts that are created outside of your ticketing system or account management system, said SentinelOne's Phipps. Once the attackers have gained administrator powers, they then attempt to spread further across the network, using PowerShell.
The whole project can take weeks, and maybe even months, for the ransomware gangs to execute. That's partly because the slower they move through the computer network, the harder they are to spot. And many security tools only record traffic on the network for a certain amount of time, which means if the hackers hold on for a while it becomes much harder for security teams to work out how they got into the system in the first place.
"It's like a flight data recorder: if you wait long enough, it records over the attack and there's no evidence they've figured that out," said Phipps. "It makes it harder for people to figure out and do the investigation because all the security tools they have show no data on entry."
There are also some clear signs that a ransomware attack is getting close to completion. The attackers will attempt to disable Active Directory and domain controllers, and corrupt any backups they can find, as well as disabling any software deployment systems that could be used to push patches or updates. "And then they'll hit you with the attack," said Phipps.
Sophos also noted that at this point the gang may attempt to encrypt a few devices just to see if their plan is going to work: "This will show their hand, and attackers will know their time is now limited."
Please see the above link for the rest of the article.
==================================================================
Using RDP in Wave VSC 2.0 (MFA) with Wave ERAS keep unknown and unapproved devices (hackers) off the network and thus protects organizations from ransomware!!! When hackers don't get on the network, there isn't problems like those in the highlighted text!!! So it would be wise to use Wave solutions and Wave SED management for further protection against ransomware.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
What can it be used for?
What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management
Excerpt:
Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Top Cyber Security Experts Report: 4,000 Cyber Attacks a Day Since COVID-19 Pandemic
https://www.prnewswire.com/news-releases/top-cyber-security-experts-report-4-000-cyber-attacks-a-day-since-covid-19-pandemic-301110157.html
Cybersecurity companies, and law enforcement report 800% surge.
NEW YORK, Aug. 11, 2020 /PRNewswire/ -- The global pandemic has seen a huge rise in people working from home, shopping online, and generally being more digitally connected than ever. There are plenty of good things that have come from this but there is a lot of bad as well. One of the biggest issues is that cyberattacks have skyrocketed during this period, according to MonsterCloud. Cybercriminals have taken this opportunity to up their attacks, both in frequency and scope. Here is what you need to know about the rise in cyberattacks during the COVID-19 pandemic of 2020.
The numbers are staggering and scary. The FBI recently reported that the number of complaints about cyberattacks to their Cyber Division is up to as many as 4,000 a day. That represents a 400% increase from what they were seeing pre-coronavirus. Interpol is also seeing an "alarming rate of cyberattacks aimed at major corporations, governments, and critical infrastructure." These attacks are targeting all types of businesses but large corporations, governments, and critical medical organizations have been major targets.
Certain types of attacks are up even more. Microsoft reports that COVID-19 themed attacks, where cybercriminals get access to a system through the use of phishing or social engineering attacks, have jumped to 20,000 to 30,00 a day in the U.S. alone. Zohar Pinhasi, a cyber counter-terrorism expert and founder of the cybersecurity firm MonsterCloud, reports that ransomware attacks are up 800% during the pandemic. Pinhasi told CBS News, "From those criminals' perspective, it's heaven. They have stepped on a gold mine."
Please see the link above for the rest of the article.
==================================================================
What a cyber fiasco going on year after year!!! Use better security at less than half the cost. Many properly Wave protected organizations would quickly reverse the course of the number of daily cyber attacks!!!! Please see the links below for how cyber attacks could be prevented and stopped!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen
https://www.bleepingcomputer.com/news/security/us-spirits-and-wine-giant-hit-by-cyberattack-1tb-of-data-stolen/
Excerpts: The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest.
The actor also published screenshots of database backup entries as recent as July 2020, suggesting that the intruder had plenty of time to roam the network.
==================================================================
Wave solutions could have kept these intruders (unknown and unapproved devices) off the network and therefore kept them from accessing 1TB of confidential data!!! Along with phishing, ransomware can be so damaging to an organization, and Wave can stop it from happening with its solutions!!!
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Research Casts Doubt on Value of Threat Intel Feeds
https://www.darkreading.com/threat-intelligence/research-casts-doubt-on-value-of-threat-intel-feeds/d/d-id/1338676
Two commercial threat intelligence services and four open source feeds rarely provide the same information, raising questions about how security teams should gauge their utility.
Collect threat data from two of the largest threat intelligence providers, and the risk landscape they portray will be completely different — raising questions about the utility of threat intelligence feeds to organizations, a group of researchers said this week.
The researchers, from universities in the Netherlands and Germany, compared threat indicators from four open source threat intelligence feeds and two commercial feeds — which the researchers could not name — and found very little overlapping data between the services. On the commercial side, the larger Vendor 2 had 13% of the data covered by Vendor 1, while Vendor 1 only replicated 1.3% of the indicators from Vendor 2, said Xander Bouwman, a PhD candidate at Delft University of Technology and a primary author of the paper, in a presentation Wednesday.
"If two threat intelligence vendors are describing the same threats, you might expect that they are coming up with the same data," he said. "We find that this is not the case."
Even in tracking the same advanced persistent threat (APT) groups, threat intelligence vendors did not seem to collect the same data. Focusing on 22 threat groups that both vendors claimed to be tracking, the researchers found, at most, a 4% overlap in threat indicators, Bouwman said.
"This raises some questions about the coverage that these vendors are providing," he said. "If there is not so much overlap, what does that say about the visibility that these vendors are providing for the threat landscape as a whole?"
Threat intelligence includes open source threat intelligence, shared intelligence between organizations in the same industry, and commercial threat intelligence services. Open source threat intelligence often includes data from DNS blocklists, abuse feeds, malware hashes, and phishing lures. Shared intelligence is usually not available unless the organization joins a particular industry group.
Commercial threat intelligence is often sold as a combination of reports to inform security teams and analysts and machine-readable indicators of compromise (IOCs) that be used to detect threats. A typical commercial feed, for example, could have dozens of threat reports and hundreds of IOCs every month.
Unfortunately for potential customers, the uneven coverage means every threat intelligence provider's data set will be different, and there is little guarantee — or probability — that the threats will match what the customer will see. Without more information, the services are hard to evaluate, Bouwman said.
"This is what we refer to as a market with asymmetric information," he said. "The sellers know what they are selling, but the buyers don't know what they are buying."
The researchers compared the two commercial feeds with four open threat intelligence (OTI) feeds from Alienvault, Blocklist.de, CINScore, and EmergingThreats. While a few of the OTI feeds had significant overlap with other OTI sources, the commercial vendors had less than 1% overlap with any open threat intelligence feed.
The lack of overlap raises questions about coverage and whether the services are providing a realistic picture of the threat landscape, Bouwman said.
Customers typically use threat intelligence for network detection, situational awareness, and prioritizing security operations centers' (SOCs) activities, the researchers found. Commercial feeds are better at providing context to users, according to a survey of 14 users of threat intelligence. Moreover, threat intelligence does not seem to be limited by cost, with only one in five in the survey citing cost as a factor.
Unfortunately, customers are not very mature in terms of their knowledge of and skill in using threat intelligence, Bouwman said. Two respondents, for example, canceled their threat intelligence feeds because they were covering a sector unrelated to the organization's business.
"Customers do not seem to care about coverage, they are not optimizing for detection, and they are not talking about metrics," he said. "If they do mention metrics, it is almost always talking about false positives."
Overall, threat intelligence appears to be less about attaining insight into most threats and more about using the reports and IOCs as a way to understand the threat landscape, as well as occasionally for threat hunting. The most important factor may be whether the threat intelligence service helps save analyst time, the researchers stated.
Commercial vendors should help customers get the most productivity out of their feeds to justify their high cost, while customers need to require vendors to provide more information about the coverage the feeds provide, Bouwman said.
"In a market with asymmetric information, the willingness of consumers to pay might eventually go down because they cannot distinguish the good from the bad," he said.
==================================================================
The article above, and the Wave alternative sums up why using Wave solutions would be a better option (more efficient use of organizational resources) and better security!!!
==================================================================
https://www.wavesys.com/wave-alternative
Choose data protection that actually works.
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Over 43,000 Phishing Emails Slip Through NHS Security Filters
https://www.infosecurity-magazine.com/news/43000-phishing-emails-slip-through/
More than 43,000 NHS staff have been hit by phishing emails over the past few months, as they battled to save patients infected with COVID-19, a Freedom of Information (FOI) request has revealed.
Think tank Parliament Street asked NHS Digital for the data on spam and phishing emails from March to July 14.
A spokesperson confirmed to Infosecurity that the figures related to user reports of malicious and scam messages in their inbox, so the real total could be far higher.
If correct, it would mean that NHS Digital filters are failing to catch a significant volume of threats at a time when the health service is under extreme strain due to the pandemic.
The FOI request revealed a total of 43,108 reports of malicious emails made by doctors, nurses and other NHS staff during the period. The vast majority came from March (21,188) at the start of the crisis, with fewer reports in April (8085), May (5883) and June (6468), plus 1484 in the first half of July.
With reports circulating of cyber-criminals attempting to deploy malware in hospitals, the email inbox is a vital first-line-of-defense against potentially serious cyber-threats.
Although the 43,108 individuals who reported the emails are unlikely to have fallen for the scams, many attacks have been successful. NHS Digital revealed in June that over 100 NHS inboxes were compromised in such raids, although the end goal was not clear.
In some cases, employee finances have been targeted in the attacks: one NHS trust in the north-west warned that criminals impersonated employees in emails to HR and Payroll staff, with the aim of tricking them into changing staff bank account numbers.
Chris Ross, SVP sales international at Barracuda Networks, warned that hackers may also be after patient data to sell on the dark web.
“After the WannaCry attack of 2017, the NHS did a great job in eradicating many of its cyber-defense weaknesses, however, it’s important that they maintain this resilience and constantly keep up with the developing cyber-threat facing them,” he argued.
“Our recent research revealed that there has been a spike in cyber-criminals using official email domains, such as Gmail and Yahoo, to bypass inbox defences and trick users into revealing personal details by impersonating a colleague, manager or trusted partner.”
AI-powered tools can help in identifying unusual senders and requests, he added.
=================================================================
I wonder how many organizations are like the NHS with letting by thousands of phishing emails for a potential hack, and it just takes 1 phishing email to be acted upon to allow the hacker to break into the organization's network and apps to get sensitive data.
And here, Wave has the security to protect against phishing, and so many organizations could benefit by using Wave solutions!!!!
Use better security at less than half the cost!!!
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
An advanced group specializing in corporate espionage is on a hacking spree
https://www.cyberscoop.com/redcurl-groupib-russian-hacking-espionage/
A Russian-speaking hacking group specializing in corporate espionage has carried out 26 campaigns since 2018 in attempts to steal vast amounts of data from the private sector, according to new findings.
The hacking group, dubbed RedCurl, stole confidential corporate documents including contracts, financial documents, employee records and legal records, according to research published Thursday by the security firm Group-IB, which has offices in Moscow in Singapore. Victims spanned a range of industries — including construction, finance, retail and law — with headquarters in Russia, Ukraine, the U.K., Canada, Germany and Norway.
RedCurl relies on hacking techniques similar to groups known as RedOctober and CloudAtlas, another Russian-speaking group that’s targeted multiple entities and government networks “primarily in Russia,” according to the MITRE Corp.’s database of hacking groups. The Russian security vendor Kaspersky previously published its own findings about RedOctober and CloudAtlas, and Group-IB now suggests RedCurl’s focus on similar tactics “may indicate” that the group is a continuation of those prior attacks.
Typically, hackers would impersonate the victim organization’s human resources staff, sending emails promising employee bonuses to multiple workers in the same department in an apparent attempt to dull their defenses. A phishing email against the HR department would serve as the initial point of infection, giving attackers a launching point into the rest of the organization.
into the rest of the organization.
Group-IB did not speculate on where RedCurl is based. That the group speaks in Russian, as researchers noted, does not indicate RedCurl is a Russian-based hacking group. Russian-based hacking groups typically do not aim to infiltrate victims located within Russian borders, in part to avoid antagonizing the country’s intelligence agencies.
“For RedCurl, it makes no difference whether to attack a Russian bank or a consulting company in Canada,” Rustam Mirkasymov, head of Group-IB’s malware dynamic analysis team, said in an emailed statement. “Such groups focus on corporate espionage and employ various techniques to cover their activity, including the use of legitimate tools that are difficult to detect.”
In this case, the group exploits Microsoft’s PowerShell to insert its own malicious software scripts. Then, hackers typically spend between two to six months inside a breached network, collecting usernames, passwords and other sensitive data while trying to avoid detection.
Group-IB did not disclose the names of the victims in its report.
Update, Aug. 13, 7:27am ET: This article has been updated to clarify that Group-IB detected 26 RedCurl campaigns. A previous version of this story stated the group aimed to breach 26 organizations.
==================================================================
For those who are maybe unfamiliar with phishing emails with regard to the previous post #246085, this article could make their meaning more clear!!! The consequences of the phishing emails could be devastating as revealed in this article for the government and other organizations!!! Wave can protect against phishing emails.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Study finds election officials vulnerable to cyberattacks
https://thehill.com/policy/cybersecurity/509258-study-funds-election-officials-vulnerable-to-cyberattacks
=================================================================
After reading this article, one must think just how secure are government employees from phishing? Some of the initial indicators show that they could use the help of Wave VSC 2.0 and Wave solutions. With millions of dollars available for better security, use Wave at less than half the cost!!!
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Key Features:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
SANS Institute Phishing Attack Leads to Theft of 28,000 Records
https://www.infosecurity-magazine.com/news/sans-phishing-attack/
The SANS Institute has revealed that hundreds of emails from an internal account were forwarded to an unknown third party, compromising 28,000 records of personally identifiable information (PII).
The global cybersecurity training and certifications organization said in a statement that the incident came to light on August 6 after a regular review of email configuration identified a “suspicious forwarding rule.”
“This rule was found to have forwarded a number of emails from a specific individual's e-mail account to an unknown external email address,” it continued.
“The forwarded emails included files that contained some subset of email, first name, last name, work title, company name, industry, address, and country of residence. SANS quickly stopped any further release of information from the account.”
In total, 513 emails were forwarded to the external address, exposing nearly 30,000 records of PII. A malicious Office 365 add-on was apparently installed on the victim’s machine as part of the attack.
“We have identified a single phishing e-mail as the vector of the attack,” SANS explained. “As a result of the e-mail, a single employee's email account was impacted. Aside from the affected user, we currently believe that no other accounts or systems at SANS were compromised.”
The firm said its digital forensics team is currently investigating whether any other information was compromised, and to identify any opportunities to build resilience into its defenses and improvements into its incident response for the future.
No passwords or financial information was taken in the attack, and all affected individuals have now been notified, SANS said.
Refreshingly, the organization added that it may run an online session on the incident once the investigation is completed, “if there is information that we think would be useful to the community.”
Infosecurity has reached out to SANS for more information on the incident and will update the story if we hear back.
=================================================================
Wave protects against phishing and the SANS Institute could have avoided this incident by using Wave solutions!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping
https://threatpost.com/samsung-quietly-fixed-critical-galaxy-flaws-allowing-spying-data-wiping/158241/
=================================================================
Its amazing all the security problems Samsung/organizations could avoid by using Wave software. It makes sense to enable Wave software to protect organizations' phones.
=================================================================
Wave Joins ARM TrustZone Ready Program
Committed to Helping Chip Manufacturers Implement Industry Standard Security for Mobile Platforms
https://www.wavesys.com/buzz/pr/wave-joins-arm-trustzone-ready-program
Lee, MA -
September 26, 2012 -
Wave Systems Corp. (NASDAQ:WAVX) today announced that it has joined the ARM TrustZone® Ready Enablement Program to provide support and infrastructure for implementing enterprise security capabilities in mobile devices. As a partner in the program, Wave joins other industry leaders in helping chip manufacturers design and implement new industry standard security capabilities within ARM’s TrustZone architecture to enable full cross-platform interoperability across PCs, tablets, smartphones and other mobile devices.
TrustZone Technology (developed by ARM, the world’s leading semiconductor IP supplier) is a System-on-Chip security concept that involves a hardware-isolated space for a Trusted Execution Environment (TEE). Once integrated, core security services such as cryptography, storage and user interfaces can enable services to be deployed with a new level of security and convenience.
The primary goal of ARM's TrustZone Ready enablement program is to guide chip and device manufacturers to design robust, industry-certified security architecture into their products that will meet the needs of service providers looking to deploy secure services on secured platforms. Companies that implement system-wide security into their platforms can benefit from this program through a cohesive set of design blueprints, market requirements, and checklists aligned with industry standards.
“Smart phones, tablets and other devices are essential for today’s enterprise, and require access to sensitive applications and data. While these devices have excellent security for the mobile operator’s services, they lack basic security for use within an enterprise network,” commented Steven Sprague, Wave’s CEO. “ARM, with the TrustZone Ready Program, is taking the lead in making sure that standards-based security implemented in the TrustZone Trusted Execution Environment (TEE) is integrated into chipsets for mobile devices. Wave is committed to sharing its expertise in Trusted Platform Module (TPM) implementations, application development and trust infrastructure support.”
“Wave’s infrastructure for managing TPM and TPM-mobile-enabled devices will allow enterprise users to exploit the full capabilities of Trusted Computing Group standards across multiple device types,” added Jon Geater, Director of Technology for ARM Secure Services Division and Board Representative of ARM at GlobalPlatform. “ARM welcomes Wave into the TrustZone Ready Program as a valuable partner that will bring secure enterprise services to TrustZone secured devices running GlobalPlatform Trusted Execution Environments.”
Eliminating passwords, Providing Health Measurements for mobile devices
The TPM, shipped on more than half a billion PCs, is a cryptographic component built on specifications from the Trusted Computing Group. The TPM brings strong, enterprise-grade security features to consumer devices that are widely deployed in enterprise networks. The TPM for mobile devices is uniquely designed to support the security needs of multiple stakeholders, allowing enterprises to provide strong security in end-user applications, satisfy the security requirements of third-party application developers, and support other parties.
With a TPM Mobile implemented within the hardware-based security boundaries of ARM’s TrustZone and protected by a full function Trusted Execution Environment, enterprises will be able to take advantage of the strong security of the TPM in the following ways:
• Protect corporate devices and user identities
• Measure and attest to the integrity and health of the mobile device
• Implement secure network access
• Provide secure messaging for corporate traffic
• Reduce the need for user passwords, with reliance on the device itself as a strong authentication token for access to services and data, including cloud-based functions.
• Offer central control over devices which are lost or stolen to protect sensitive data
Increased emphasis on trusted computing is driving the security industry toward hardware-based technologies that offer improved access control, encryption, and the early detection of malware. With Wave’s industry-leading trusted computing solutions, customers are empowered to secure endpoint data, protect data-in-motion and ensure that only trusted devices gain access to the enterprise network. Wave’s solution will provide enterprises with cross-platform interoperability between PCs and mobile devices for trusted computing-based functions and applications.
Data Breach at Illinois Healthcare System
https://www.infosecurity-magazine.com/news/data-breach-at-illinois-healthcare/
Illinois healthcare system FHN has notified patients of a data breach that took place in February.
An investigation was launched by the Freeport-based healthcare provider after it transpired that the email accounts of a number of employees had been compromised.
According to a notice issued by FHN, the alarm was raised when suspicious activity was spotted within the compromised email accounts. FHN responded by securing the accounts and hiring a "leading computer forensic firm" to determine what had occurred.
The investigation into the incident concluded on April 30 and determined that an unauthorized person accessed the accounts between February 12 and February 13.
FHN stated: "The investigation was unable to determine whether the unauthorized person actually viewed any emails or attachments in the accounts. Out of an abundance of caution, we reviewed the emails and attachments contained in the email accounts to identify patient information that may have been accessible to the unauthorized person."
After reviewing the emails and attachments that were compromised in the incident, FHN found that sensitive data belonging to some patients had been accessible to the unauthorized third party.
Information exposed in the data breach included some patients’ names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information.
In some instances, patients’ health insurance information and/or Social Security numbers were also identified in the compromised email accounts.
"This incident did not affect all FHN patients, but only those patients whose information was contained in the affected email accounts," stated FHN.
FHN is offering complimentary credit monitoring and identity protection services to those patients whose Social Security numbers and/or drivers’ license numbers were exposed in the incident.
FHN announced on July 31 that patients had been notified of the data breach. The company said it was taking steps to prevent future cyber-incidents.
"To help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancements to our email environment, including enabling multi-factor authentication," stated FHN.
==================================================================
Now if FHN had used Wave VSC 2.0, would there have been this unauthorized (unknown and unapproved devices) access to the employees' email accounts.... NO!! Better security at less than half the cost!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Ivanka Trump uses an ancient Dell laptop - here's what we know about it
Laptop mag
It has a Trusted Platform Module.
=================================================================
Hopefully the ways that Wave could be protecting Ivanka's computer and data with an activated TPM and an initialized SED are being done so.
=================================================================
https://www.wavesys.com/
Annual Government Spending Approaches Historic Territory
https://www.nextgov.com/cio-briefing/2020/08/annual-government-spending-approaches-historic-territory/167474/
Driven heavily by the Defense Department, contract spending across government will exceed $600 billion in fiscal 2020.
Even before the COVID-19 pandemic forced the federal government into emergency spending mode, agencies—including the Defense Department—were on pace to blow past the single-year contract spending record of $598 billion set in fiscal 2019.
As of Aug. 5, the federal government has obligated $438 billion in spending, with agencies expected to unload almost $200 billion more before the close of the 2020 fiscal year on Sept. 30, according to a Bloomberg Government analysis. The government typically spends about one-third of all money appropriated by Congress in its fourth quarter—July, August and September—since most money unspent is returned to the Treasury.
“We’ve been saying at the end of fiscal 2020, total government spending is likely to be around $630 billion,” Daniel Synder, director of government contracts analysis at Bloomberg Government, told Nextgov. “That was before we factored anything related to the CARES Act or COVID-19 spending.”
Synder said the $2 trillion stimulus package passed in March could add another $10 billion to $20 billion to the government’s total discretionary spending in fiscal 2020—much of it on networking capacity, bandwidth and telework services—which would put the government’s total discretionary spending to $650 billion or more.
The government’s discretionary spending has increased significantly since 2015, driven largely by the Defense Department. Discretionary spending at the Army, Navy and Air Force each jumped approximately 10% in fiscal 2019. Since 2015, annual defense spending on contracts increased $122 billion—totaling $404 billion in fiscal 2019—while civilian agencies spent some $193 billion on goods and services in fiscal 2019. Agencies that deal with health care, including the Veterans Affairs and Health and Human Services departments, saw the largest increases in discretionary spending among civilian agencies. Conversely, the departments of Energy, State and Homeland Security saw their discretionary spending obligations decrease.
The fourth quarter spending surge is likely to drive record technology spending as well. Bloomberg Government’s analysis estimates agencies will obligate about $28 billion on unclassified IT contracts in the fourth quarter, about $1 billion more than agencies spent last year.
==================================================================
With all the damage that Russia and China are doing on government networks and to organizations, and all of this free cash flow that the government currently has, spending it on MFA (Wave VSC 2.0) and Wave solutions would be one of the most efficient and effective ways to allocate the funds!!! Stopping unauthorized access, stopping ransomware, stopping the effects of phishing, stopping malware and stopping cyber attacks: Who does all that?? WAVE DOES!!!! Hasn't this cyber fiasco gone on long enough?!
Better security at less than half the cost!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Microsoft Office 365 is becoming the core of many businesses. And hackers have noticed
https://www.zdnet.com/article/microsoft-office-365-is-becoming-the-core-of-many-businesses-and-hackers-have-noticed/
As cloud-based services become the key to many business operations, hackers are refocusing their aim.
As the use of Microsoft's Office 365 grows – encompassing services including Exchange, Teams, SharePoint, OneDrive and more –the sheer amount of data stored in the cloud is proving to be a tempting target for some of the most sophisticated hacking operations in the world, according to cybersecurity researchers at FireEye Mandiant.
"The amount of data in Office 365 is just huge and attackers are obviously interested in data. But also they can now access that data from pretty much anywhere in the world," Doug Bientock, principal consultant at Mandiant told ZDNet, ahead of the research being presented at the Black Hat USA security virtual conference.
It often doesn't take much for hackers to compromise the networks of organisations they're targeting; it's possible to acquire lists of email addresses of employees at a company, and attackers will attempt to use brute-force attacks to crack any common or weak passwords. It doesn't even have to involve a spear-phishing attack. Some attacks, however, are significantly more sophisticated.
"The attacker will take those valid credentials, login to the VPN and they will move around the network with the intent of escalating their privileges to a global admin account for Office 365," Josh Madeley, principal consultant at Madiant and co-author of the presentation, told ZDNet.
It's believed that a significant majority of – if not all – state-backed advanced persistent threat (APT) groups are interested in deploying this kind of attack, but one that definitely has is APT35, a hacking operation working out of Iran, which Madeley described as "notorious" for exploiting cloud services to gain access to the sensitive information it wants to see.
"They'll gain access to your Office 365 environment then use the security tooling to search the contents of every mailbox, every Teams chat, every SharePoint document," he explained.
From there, APT35 search for credentials that'll give them access to other departments, even other companies, and anywhere they can extract sensitive information from.
The hackers are not trying to exploit a weakness in Office 365; simply the way in which it has become a core part of corporate IT infrastructure makes it an attractive target. But the way corporations and users are securing Office 365 could be improved to protect against attacks of this kind. The first step organisations can take to prevent attacks is to make sure that common, easily guessable passwords aren't being used.
Organisations should also ensure that multi-factor authentication is applied to as many employee accounts as possible, so in the event of a password being stolen or beached, there's an additional layer of defence to stop attacks.
"The biggest two things we recommend are enabling multi-factor and doing it intelligently with as few exceptions as possible. So everyone in the organisation and every application needs to apply multi-factor – and think about how often you want to prompt that," said Bienstock.
It's also recommended that organisations take the time to understand activity on their networks, so it's possible to detect and stop suspicious activity before it can do significant damage.
"There's good security out of the box in Office 365, but if you need to protect against APTs, there needs to be some time and effort into understanding the logs and building up robust monitoring so you can see something is happening when it shouldn't be so you can cut them off," he said.
=================================================================
https://www.wavesys.com/
When choosing a MFA solution, choose better security at less than half the cost (Wave VSC 2.0)!!!
=================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Excerpts:
Key Features:
Easy security compliance
• Comports with NIST guidelines for BIOS integrity
Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
• Real-time alerts for zero-day detection of APTs
• Get Windows 8 Malware protection now—WEM covers previous versions of Windows
Punishing Cybersecurity Errors Found to be Counterproductive
https://www.infosecurity-magazine.com/news/punishing-cybersecurity-errors/
Over four in 10 (42%) organizations take disciplinary action against employees who make cybersecurity errors, which puts them at greater risk of attack, according to a new study by CybSafe.
In a survey of UK businesses, it was found that mistakes such as falling for simulated phishing scams are regularly punished. This includes naming and shaming employees (15%), decreasing access privileges (33%) and locking computers until appropriate training has been completed (17%). Additionally, 63% of organizations will inform the employees’ line manager when cyber-mistakes are made.
As part of the research, CybSafe conducted a lab-based experiment to test the impact of these kinds of punishments. It found that doing so has a “highly detrimental” impact on staff, with punishments increasing anxiety levels and reducing productivity. The findings suggest punishments may have a long-term impact on employees’ mental health and actually reduce their cyber-resilience.
Dr John Blythe, head of behavioural science at CybSafe, commented: “People fall for phishing attacks and other cybersecurity mistakes because they’re human and because they have been trained to click links. Bad habits are difficult to shake, especially when today’s phishing attacks can be highly convincing.”
“Formally punishing staff for making cybersecurity slips is, in the vast majority of instances, a problematic approach. It’s unfair and diminishes productivity. It can cause heightened levels of resentment, stress, and scepticism about cybersecurity.”
Blythe added that this kind of approach may make staff more reluctant to report cybersecurity errors quickly, putting organizations in more danger.
Dr Matthew Francis, executive director at CREST, said: “The findings have highlighted how some well-meaning organizations are negatively impacting their cyber-resilience by ‘outing’ or reprimanding individuals and that cybersecurity errors can serve as positive opportunities to educate people, to trigger long-term and sustained changes in security awareness and behavior."
=================================================================
Rather than have companies punishing their employees for wrong moves when it comes to phishing, why not use Wave VSC 2.0 which protects users and organizations from the effects of phishing?!! A LOT more organizations should be using Wave VSC 2.0!!!
==================================================================
wavesys.com
Survey: FIs are spending 15Pct more YoY on Cybersecurity
https://www.pymnts.com/news/security-and-risk/2020/survey-financial-institutions-are-spending-15-percent-more-yoy-cybersecurity/
Financial institutions (FIs) plan to spend 15 percent more protecting their computer networks in 2020 than they spent in 2019, according to a report based on the results of a survey conducted by Deloitte & Touche LLP and the Financial Services Information Sharing and Analysis Center.
The survey examined cybersecurity spending per employee and concluded it increased on average to $2,691 annually from $2,337. It also found that some unnamed FIs expect to spend more than $3,000 per employee this year.
The authors of the report based on the survey wrote: “Over the last few months, the COVID-19 pandemic has forced many companies to accelerate their digitization efforts. As office closures and restricted movement compelled everyone and everything that could go virtual to do so, many institutions had to more fully embrace a digital transformation in operations, distribution and customer engagement.
“This sudden shift, however, has compounded problems for many chief information security officers (CISOs) and cybersecurity teams charged with securing the digital fortress at their firms. Hackers and cyberscammers are trying to take advantage of expanding technology footprints and new attack surfaces, with most employees working remotely.”
The World Economic Forum also stated in a late July report that the swift move by companies to digital operations is creating opportunities for cybercriminals.
Bloomberg, working with data contained in the report, calculated that for the biggest banks, which tend to spend more on security than smaller peers, the totals could approach $1 billion annually: roughly $850 million annually for J.P. Morgan Chase and nearly $900 million annually for Wells Fargo. Bloomberg’s methodology would have Citigroup and Bank of America spending about $700 million annually each.
The survey was conducted in late 2019 and January 2020 and included 53 participating firms.
Consultancy Accenture found in 2019 that the leading attacks on large organizations that year were malware attacks, web-based attacks and denial-of-service attacks.
==================================================================
Financial institutions have a big responsibility on providing great cybersecurity. Please see the article below which reveals the kind of cybersecurity FI's would want by increasing their budgets. Wave VSC 2.0 - Better security at less than half the cost!!! Please see the link below for all of Wave's solutions.
==================================================================
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
Wins competitive evaluation against market leader in two-factor authentication tokens
https://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Lee, MA -
December 17, 2015 -
Wave Systems Corp. (NASDAQ: WAVX) announces a five-year master licensing agreement (MLA) with a leading global corporation (as determined by the 2015 Fortune Global 500 List) for its Virtual Smart Card 2.0 solution. This MLA sets the terms and pricing for licenses and maintenance across the customer’s global organization and establishes it as their preferred two-factor authentication solution. Instead of one large license purchase for the entire organization, each of the customer’s subordinate divisions will make separate orders in accordance with the terms of this MLA.
The first purchase of 2,000 VSC 2.0 licenses under this agreement, when added to a previous purchase, completes the requirement for the customer’s global IT division. That division will now lead the internal effort to standardize the remaining 150,000+ endpoints within their organization with the new Wave VSC 2.0 solution. While there are no minimum order requirements under the agreement, discussions for additional orders are underway.
“Our five-year agreement with this customer is the first very large scale contract for VSC 2.0 and is an important milestone for Wave,” said Bill Solms, President and CEO of Wave Systems. “This customer is a major global financial services company and their standards for protecting their systems from unauthorized access and the integrity of their data are of the highest order. Wave had to pass a very rigorous technical and business review to win the competition. We believe that this client’s decision to choose Wave Virtual Smart Card 2.0 over their incumbent solution gives us tremendous credibility in the two-factor authentication market. We will remain engaged with this company in order to complete the additional sales and deployments in the months ahead.”
Wave Virtual Smart Card 2.0 is a tokenless, hardware-based, two-factor authentication solution that offers superior security at less than half the cost of comparable solutions. It is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7, 8 and 10. It also provides management support for the Microsoft Virtual Smart Card on Windows 8 and 10. Wave’s VSC solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, significantly lower total cost of ownership, and a greatly reduced risk of unauthorized access.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure Passphrase and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with both TPM 1.2 and TPM 2.0 security chips
==================================================================
https://www.wavesys.com/
DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns
https://www.cyberscoop.com/taidoor-malware-report-china-cisa-dod-fbi/
Excerpts:
It wasn’t immediately clear if Taidoor was being used in any recent or ongoing espionage campaigns from China. But of the four malware samples Cyber Command shared on VirusTotal, only two are detected by any engines.
Even in the cases where the private sector does have protections related to Taidoor campaigns, the protections aren’t widespread — only FireEye and BitDefender protect against some parts of the Taidoor upload.
==================================================================
Given how Wave Endpoint Monitor works, it makes a lot of sense that Wave could be stopping this malware. Others don't appear to have the technological advantage that Wave Endpoint Monitor has. The Chinese malware has been going on for 10 years. WEM should be protecting your organization against malware and sneaky malware like this!!!
==================================================================
https://www.wavesys.com/products/wave-endpoint-monitor
Detect attacks before it’s too late
Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.
Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately
A Patriotic Solution to the Cybersecurity Skills Shortage
https://www.darkreading.com/operations/a-patriotic-solution-to-the-cybersecurity-skills-shortage-/a/d-id/1338475
Excerpts:
A June survey of 273 cybersecurity professionals conducted by organizers of Black Hat confirmed a jaw-dropping reality to many working in the security industry — 92% of respondents said there is "a shortage of well-trained and qualified security professionals [that] is significantly affecting the safety and security of data, both personal and financial."
That's terrifying … and most of America has no idea. Even in a time of double-digit unemployment, there is no sign the cybersecurity workforce gap will be filled quickly.
It's not enough to just change the direction of a trend line; this is a chance to create opportunities and add new firepower in our fight against cybercrime (which, by the way, costs the global economy $400 billion a year — and that number is growing).
================================================================
What if we used cyber technology that Wave has to reduce the demand for cybersecurity professionals!!! With Wave VSC 2.0 and Wave ERAS, unknown and unapproved devices could be kept off the network. This could keep all of the research being done to track potential bad guys on the network with existing technology could be done better by Wave by only allowing known and approved devices on the network. Less demand for cybersecurity workers and greater security and greater efficiency for the organization using Wave solutions!!!!
Better security at less than half the cost!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Huawei somehow becomes the #1 phone manufacturer, thanks to the coronavirus
https://arstechnica.com/gadgets/2020/07/huawei-claims-1-smartphone-spot-after-samsung-sales-plummet/
Huawei survives the COVID-19 economy, Samsung tanks, and Apple's sales are way up.
==================================================================
With Samsung's phone sales having tanked 30%, phone security that is done right (use Wave software) could be a big new advantage for Samsung's future sales and help existing customers before they upgrade!!! It will also help protect organizations' networks. Having secure Samsung phones in corporate fleets could re-solidify Samsung's brand and sales!! Please read posts 245994 and 246007 for more information on Samsung and Arm.
=================================================================
https://www.wavesys.com/
Nation State Attackers Shift to Credential Theft
https://www.infosecurity-magazine.com/news/nation-state-attackers-shift-to/
A greater focus is being placed on credential theft by nation state actors rather than stealing money.
Speaking on a virtual briefing, Jens Monrad, head of Mandiant Threat Intelligence for EMEA at FireEye, focused on attacks from Russia, Iran and China and their various activities. Monrad said attacks are easily done because of the user’s common digital footprint, which can allow an attacker to pick up on items about the victim and use them in a social engineering scenario.
He explained that the biggest detection of malware seen by FireEye customers is focusing on stealing credentials and stealing information “and that makes sense as regardless of your motivation, if you can steal or buy stolen credentials. you will make less noise in your operation.”
Furthermore, if an attacker wanted to do a high stake “heist,” or if you wanted to rob a house, if you could purchase the access code to the alarm system or purchase the keys, you make less noise than if you break in and make more noise.
“Credentials can vary from anything that requires a username and password to databases or access to cloud environments,” he said. “This is just part of the ecosystem we currently see, and [cyber-criminals] advertise databases and tools and services on the underground forums.”
Monrad added, from a cyber-criminal perspective or even as part of nation state campaign, buying those credentials may give you more of a silent entry into a system. “If you’re a cyber-criminal deploying ransomware post-compromise, this will make you more successful in your intrusions.”
He said this is why Mandiant is focused on credential theft as a sole operation, as it sees this as a challenge for organizations to control their credentials, to monitor for stolen credentials and to make sure that they use the best guidance on passwords and enforcing MFA.
Asked by Infosecurity if the company's research had not considered nations which were seeking financial gain from attacks, such as North Korea, Monrad said the intention had been to focus on diplomatic attacks by Russia, “dual use” by China and “where anything is a threat” by Iran, but he admitted that where North Korea is involved, they do still see “those big money heists."
He said that financial attacks are still happening, and there are more standard cyber-attacks taking place where the attacker tries “to gain large financial sums in one cyber-attack,” but the “longer game” with credential theft is now common, and from a cyber-criminal perspective, the value in purely financial attacks is diminishing, with more money made from “selling access to desktop machines.
“With the exception of North Korea we do see that change,” he concluded, noting there is more interest in interacting with the banking transfer systems and mechanisms, and specifically with the SWIFT banking transfer system.
==================================================================
Built-in security (TPM) is already built-in to business computers to act as a piece of authentication in addition to a PIN with Wave VSC 2.0 that protects against Nation State credential theft. The Nation State hacker would need your computer (TPM) to try to get at your data!!! That is much more difficult than having unprotected computer credentials stolen by a Nation State!!!
That's one way Wave can protect organizations from the effects of credential theft. The other is unknown and unapproved devices can be kept off the network so they don't steal sensitive data (or credentials)!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Today’s ‘mega’ data breaches now cost companies $392 million to recover from
https://www.zdnet.com/article/todays-mega-data-breaches-now-cost-companies-392-million-in-damages-lawsuits/
==================================================================
Taking chances with cybersecurity products other than Wave VSC 2.0 have yielded less than spectacular results (100,000+ data breaches in the last few years) and sticking with them could lead to more breaches or mega breaches. Make the wise choice, and prevent breaches with Wave!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Hacker leaks 386 million user records from 18 companies for free
https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/
=================================================================
Its baffling that situations like these happen over and over again, and Wave has the solutions to solve the problems. Eventually the market is going to wake up to solving data breaches by using Wave solutions to it's massive benefit!!! Word of mouth, and word to social media, email can be great marketing!!!
==================================================================
https://www.wavesys.com/
Dave data breach affects 7.5 million users, leaked on hacker forum
https://www.bleepingcomputer.com/news/security/dave-data-breach-affects-75-million-users-leaked-on-hacker-forum/
=================================================================
Promo.com discloses data breach after 22M user records leaked online
https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/
=================================================================
Data breaches seem to be never ending occurences, but with Wave ERAS and Wave VSC 2.0, these solutions solve the problems in a multitude of ways. Only known and approved devices on the network and then the unknown and unapproved devices (hackers) don't have access to sensitive data (ie. databases with 7.5 million and 22 million records on them)
Wave VSC 2.0 could prevent the effects of credential stuffing which could give hackers access to more users' sites.
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Token-free, password-free user authentication
We know you’ve dreamt about shredding your list of passwords. Go on and do it.
Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
==================================================================
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
https://www.wavesys.com/
Oversight Democrats Want at Least $1B for Technology Upgrades in Next Relief Bill
https://www.nextgov.com/it-modernization/2020/07/oversight-democrats-want-least-1b-technology-upgrades-next-relief-bill/167200/
==================================================================
With all the bad stuff that has happened in the cyberworld like phishing, ransomware, unauthorized access, malware and cyberattacks, and others, isn't it time to utilize Wave VSC 2.0 and Wave solutions by updating government systems!! Wave solutions could prevent this bad stuff from happening!!! Better security at less than half the cost!!!
Choose data protection that actually works!!
https://www.wavesys.com/wave-alternative
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Russia’s GRU hackers hit US government and energy targets
https://arstechnica.com/information-technology/2020/07/russias-gru-hackers-hit-us-government-and-energy-targets/?comments=1
A previously unreported Fancy Bear campaign persisted for well over a year.
Russia's GRU military intelligence agency has carried out many of the most aggressive acts of hacking in history: destructive worms, blackouts, and—closest to home for Americans—a broad hacking-and-leaking operation designed to influence the outcome of the 2016 US presidential election. Now it appears the GRU has been hitting US networks again, in a series of previously unreported intrusions that targeted organizations ranging from government agencies to critical infrastructure.
From December 2018 until at least May of this year, the GRU hacker group known as APT28 or Fancy Bear carried out a broad hacking campaign against US targets, according to an FBI notification sent to victims of the breaches in May and obtained by WIRED. According to the FBI, the GRU hackers primarily attempted to break into victims’ mail servers, Microsoft Office 365 and email accounts, and VPN servers. The targets included "a wide range of US-based organizations, state and federal government agencies, and educational institutions," the FBI notification states. And technical breadcrumbs included in that notice reveal that APT28 hackers have targeted the US energy sector, too, apparently as part of the same effort.
Please see the above link for the rest of this article.
=================================================================
Wave VSC 2.0 - BETTER SECURITY AT LESS THAN HALF THE COST!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Air Force crafts $1B cybersecurity contract for small businesses
https://www.fedscoop.com/air-force-agile-cybersecurity-technology-contract/
=================================================================
Calling on Bill Solms and Steven Sprague for their help in this and other Wave matters. They were on the verge of making Wave great!!
Vulnerability in Cisco Firewalls Exploited Shortly After Disclosure
https://www.securityweek.com/vulnerability-cisco-firewalls-exploited-shortly-after-disclosure
Cisco this week informed customers that it has patched a high-severity path traversal vulnerability in its firewalls that can be exploited remotely to obtain potentially sensitive files from the targeted system. The first attempts to exploit the flaw were observed shortly after disclosure.
The vulnerability, identified as CVE-2020-3452, impacts the web services interface of Cisco’s Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software, which run on the company’s firewalls.
According to the networking giant, an attacker can exploit the vulnerability without authentication by sending an HTTP request with directory traversal character sequences to the targeted device. However, the company pointed out that the attack only works if the device uses the AnyConnect or WebVPN feature with a certain configuration.
Cisco has also highlighted that exploiting the vulnerability only allows the attacker to access files on the web services file system, not ASA or FTD system files or files on the underlying operating system.
“The web services files that the attacker can view may have information such as WebVPN configuration, bookmarks, web cookies, partial web content, and HTTP URLs,” Cisco explained.
The vulnerability was reported to Cisco by Mikhail Klyuchnikov of Positive Technologies and independently by Abdulrahman Nour and Ahmed Aboul-Ela of RedForce.
“The cause [of the vulnerability] is a failure to sufficiently verify inputs,” Klyuchnikov explained. “An attacker can send a specially crafted HTTP request to gain access to the file system (RamFS), which stores data in RAM. Thus an attacker could read certain WebVPN files containing such information as the WebVPN configuration of Cisco ASA users, bookmarks, cookies, web content, and HTTP URLaddresses.”
Cisco initially said it was not aware of any attacks exploiting CVE-2020-3452, but within hours the company updated its advisory to inform customers that a PoC exploit had been made available.
Aboul-Ela published a PoC exploit on Twitter and others published an NMAP script for it. Cisco’s advisory was again updated roughly 24 hours after disclosure to say that the company had become aware of “active exploitation of the vulnerability.” No details appear to have been made available on these attacks.
Rapid7 reported seeing 85,000 ASA/FTD devices on the internet, including 398 spread across 17% of the Fortune 500 companies. Only roughly 10% of the exposed devices have been rebooted since the release of the patch, which indicates that they have likely been patched.
==================================================================
https://www.wavesys.com/wave-alternative
Excerpts:
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Please see the above link for the full Wave Alternative!!!
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Taking on the perfect storm in cybersecurity
https://techcrunch.com/2020/07/23/taking-on-the-perfect-storm-in-cybersecurity/?renderMode=ie11
==================================================================
https://www.wavesys.com/wave-alternative
Choose data protection that actually works
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
=================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Cyber Hygiene is the Key to CMMC Compliance Preparedness
https://www.nextgov.com/ideas/2020/07/cyber-hygiene-key-cmmc-compliance-preparedness/167057/
The challenge is that many contractors don’t have full visibility into their organization’s network and security.
Across all sectors, theft of intellectual property and sensitive information due to malicious cybercriminals threatens economic and national security. There are a number of initiatives aimed at simplifying and standardizing IT risk management, all with the same goal: stronger, more streamlined and more consistent cyber risk management to help keep federal systems and data secure. To achieve this, IT decision-makers must first determine what is on the network, and in order to do that, they need reliable data and improved real-time visibility.
The Defense Department’s Cybersecurity Maturity Model Certification, or CMMC, auditing process aims to create consistent cybersecurity practices for contractors that do business with the federal government—and protect the defense supply chain from security breaches.
Defense contractors will be required to prove they have—and they are using—the mandatory cyber practices to achieve each level of cyber maturity.
Cyber Hygiene Challenges
To prepare for compliance, contractors need a formalized approach to cybersecurity, as they will be required to demonstrate their cyber hygiene to the CMMC Controlled Third Party Assessment Organization (C3PAO) accreditors.
The challenge is that many contractors don’t have full visibility into their organization’s network and security, which leaves their networks—along with DOD networks—vulnerable to attacks. They need complete, continuous threat monitoring and visibility into all assets on the network—an increasingly complex goal in the internet of things, bring-your-own-device, and work-from-home world.
As contractors work to address individual cybersecurity vulnerabilities, most have implemented a complex patchwork of point products that don’t integrate, are difficult to manage and keep patched, and can’t give the IT leadership team a full view of the threats. If contractors continue to install different point products to resolve each individual problem, they will continue to increase complexity, cost and risk. And, they won’t achieve the visibility needed to manage risk and meet CMMC requirements.
Preparing for CMMC Implementation
Contractors need the capability to track and report network security status aligned with requirements in real time. This means identifying risks and vulnerabilities as well as prioritizing them across the networks, and the ability to respond and remediate when needed. Contractors should consider a holistic approach that integrates IT operations and security. IT leaders need a platform—a single pane of glass view—to understand their environment. This platform must provide the capability to integrate endpoint management and security (i.e., gather data from all endpoints, make needed updates, and gain the ability to reduce risk in real time).
CMMC compliance can be accelerated by addressing use-cases across the CMMC’s 17 security domains and 43 capability areas ranging from basic IT hygiene to advanced persistent threat hunting. A solution that helps to achieve many of the CMMC’s targets by mapping to key capability requirements, facilitating continuous reporting, and supporting progression through the CMMC’s defined maturity tiers is essential.
Technology is constantly evolving, and so are the tactics and approaches of cybercriminals—especially given a newly distributed workforce. When you consider the added layer of BYOD, most personal devices don’t have a protective perimeter, they have the tools the device came with. If these endpoints have periodic connectivity to the agency network, cybercriminals no longer have to penetrate a multi-layered protected perimeter to get into the main server. They can use the unprotected device as an entry point into the network. Defense contractors should leverage a solution that can run discovery and asset tools in their organization’s network, so they can locate and evaluate the unknown devices discovered.
Having a single, unified platform that aligns endpoint management and security, helps contractors compile data from all endpoints. The platform should provide comprehensive threat monitoring with detailed incident analysis so that contractors can identify, isolate and mitigate threats in real-time. This helps simplify management of hybrid environments, gives contractors a better understanding of their environment, and prepares them for future CMMC audits. These steps help the defense community achieve the ultimate goal: stronger resiliency against cyber risks.
The DOD is only as strong as its weakest link—and a healthy central IT infrastructure is critical to identifying, preventing and mitigating cyber risks for every organization. Contractors must start by achieving good cyber hygiene. As they work to stand up a CMMC-compliant IT infrastructure, it’s important to ask the following questions:
•How many computers do you have on your network? And are they authorized to be there?
•What applications are installed? And are they all up to date?
•What are users doing? And is it authorized?
•How comfortable are you with your patch/vulnerability/risk posture?
•Have you recently been breached or had an outage that could have been prevented?
Reducing risk at a point in time to achieve CMMC compliance is beneficial to the security posture of both contractors and the DOD—but the real goal is to understand the environment and reduce risks continuously—protecting systems, data, and the mission.
=================================================================
It would be a great idea to make the TPM a requirement for devices on the network!!! That way only known and approved devices would be accessing the network. TPMs are in nearly 100% of corporate computer fleets so most of the employees would be able to access most employers' networks and the remaining would have to upgrade to a TPM in a device!!! Then there wouldn't be a need to worry about those unknown devices that employees sometimes insecurely use on the network and also therefore no HACKERS on the network. Tanium is a well known name, but is it better security at less than half the cost like Wave VSC 2.0 is? There have been 100,000 data breaches over the last few years and Tanium and RSA Securid covered a lot of the market during that time??? Wave can do better!!!
=================================================================
https://www.wavesys.com/
CDM is securing agencies involved with coronavirus response, including vaccine research
https://www.fedscoop.com/cdm-coronavirus-response-agencies/
The head of the Continuous Diagnostics and Mitigation (CDM) cybersecurity program says it is working to improve network visibility and data protection at agencies central to the coronavirus response, including vaccine research.
The CDM program’s parent agency, the Cybersecurity and Infrastructure Security Agency, has been “deeply engaged” with the different operational divisions at the Department of Health and Human Services, said Kevin Cox, the program’s manager. Intelligence has shown U.S. adversaries are looking to spy on U.S. vaccine research, and the Department of Justice announced Tuesday it had indicted two Chinese nationals on charges of conspiring with China’s intelligence agencies to steal data from organizations working on a medical breakthrough.
Cox also said the program is aiding the Small Business Administration, which is tasked with distributing loans to companies affected by the pandemic, and other agencies that took on similar jobs during the crisis this year.
“We’re helping to ensure they have a better understanding of what their networks look like — everything that’s connected,” Cox said, speaking during the launch of the Advanced Technology Academic Research Center‘s Security Working Group. “If they don’t know what’s on their network, they can’t protect it.”
CDM is also providing those agencies visibility into whether users are authorized or not and, to the extend the cloud is involved, working with providers and CISA’s Trusted Internet Connections and EINSTEIN teams to ensure proper security protections, Cox said.
“Number one, the system is protected as much as possible,” Cox said. “But should there be a compromise on the system, even if an adversary gets the data they can’t do anything with it.”
CDM deploys network monitoring tools to give agencies a better sense of who is inside and why. Increased telework during the pandemic has uncovered new gaps, and CDM is helping agencies address those, as funding allows, because the current environment could stick around “for some time,” Cox said.
Unrelated to its work around the coronavirus, CDM launched a data quality management initiative in the fall and finalized a plan in May that agencies are now implementing. CDM works to certify an agency’s cybersecurity data elements, and once they’re ready, the agency can use the Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm to get a sense of its security posture and eventually use that information for risk management.
One CDM “tiger team” helped agencies understand how AWARE works, and a second is helping them understand their threat attack surface to be able to mature the algorithm to that risk management point.
“The holy grail here is getting ongoing authorization in place, where we no longer have to manually assess each of our systems every three years,’ Cox said. “Rather we can use near real-time tools and, in some cases, real-time tools to help show that our systems are secure.”
=================================================================
It doesn't sound like CDM detects known and unknown devices the effective way Wave does. This would give organizations better visibility that only known and approved devices are accessing the network. With Wave VSC 2.0 and Wave ERAS your organization could do that!!! Please see the links below for content on how Wave can help secure your data and network. Better security at less than half the cost!!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs
=================================================================
https://www.wavesys.com/wave-alternative
https://www.wavesys.com/
https://www.wavesys.com/contact-information
House Republicans urge Trump to take action against Chinese hackers targeting coronavirus research
https://thehill.com/policy/cybersecurity/508142-house-republicans-urge-trump-to-take-action-against-chinese-hackers
==================================================================
Rather than getting into a cyberwar with China, why not stop the Chinese hackers with a strong defense?!! Its interesting how the Chinese have been successfully hacking the U.S.(with the existing 2FA) for as long as they have, and yet Wave goes unnoticed despite having great technologies (Wave VSC 2.0 and Wave solutions) to stop the Chinese and other hackers. Wave could make things a whole lot easier for U.S. organizations and the government!!! These organizations could get Wave VSC 2.0 (MFA) FAST and help avert a potential cyberwar!!!
BETTER SECURITY AT LESS THAN HALF THE COST!!!
==================================================================
https://www.wavesys.com/
German intelligence agencies warn of Russian hacking threats to critical infrastructure
https://www.cyberscoop.com/german-intelligence-memo-berserk-bear-critical-infrastructure/
A Kremlin-linked hacking group has continued its long-running efforts to target German companies in the energy, water and power sectors, according to a confidential German government advisory obtained by CyberScoop.
Investigators earlier this year uncovered evidence of the hackers’ “longstanding compromises” at unnamed German companies, according to the memo that German intelligence and security agencies sent last week to operators of critical infrastructure.
The hacking group — dubbed Berserk Bear and suspected by some industry analysts of operating on behalf of Russia’s FSB intelligence agency — has been using the supply chain to access the German companies’ IT systems, said the alert from the BSI, BND, and BfV federal agencies.
“The attackers’ goal is to use publicly available but also specially written malware to permanently anchor themselves in the IT network…steal information or even gain access to productive systems [OT networks],” the advisory said. There was no evidence of a disruptive attack on any company’s industrial networks, German authorities said. The agencies did not respond to a request for comment.
Berserk Bear is best known in the U.S. for a years-long campaign to collect data on U.S. energy companies, which the Trump administration blamed on the Russian government in 2018. It is one of a handful of hacking teams that Moscow can call on to spy on industrial computer networks, analysts say. Another group — known as Sandworm and believed to be operating on behalf of Russia’s GRU military intelligence agency — gained notoriety for cutting off power in Ukraine in 2015 and 2016.
Berserk Bear is less conspicuous. They have used “waterholing,” or infecting websites and then picking off high-value login credentials, to compromise the IT networks of critical infrastructure companies in Europe and North America. In 2018, the hacking group “conducted extensive, worldwide reconnaissance across multiple sectors, including energy, maritime and manufacturing,” and also targeted U.S. government organizations, according to a report from cybersecurity company CrowdStrike.
This is far from German firms’ first encounter with Berserk Bear. In 2018, the BSI — one of Germany’s main cybersecurity agencies — also accused the hacking group of trying to breach the IT networks of German energy and power companies.
Robert M. Lee, CEO of industrial cybersecurity company Dragos, said his analysts were aware of the group’s history — and that of a related set of hackers his company calls “Allanite” — of targeting German and U.S. electric utilities.
“They have been aggressive and targeted numerous utilities, including those in the U.S., over the last couple years,” Lee said. “To date, they haven’t shown the capability or intent to disrupt [utilities’] operations. Given their focus on industrial control systems and wide targeting, though, we continue to track them and report on them to the community.”
Sven Herpig, a cybersecurity expert with the German think tank SNV, welcomed the advisory and urged German companies to heed the warning. The memo has “concrete recommendations of how to spot and protect against an intrusion” from Berserk Bear, he said.
The Russian Embassy in Washington, D.C., did not respond to a request for comment on the German agencies’ report.
==================================================================
It should be obvious that Wave solutions could have a very big, positive impact on defending German critical infrastructure. Wave Endpoint Monitor could protect against 'specially written malware' and Wave VSC 2.0 could protect against the 'picking off of high value login credentials!!!' If 'Europe and North America' used Wave VSC 2.0 and Wave ERAS, the spies (unknown and unapproved devices) could be kept off the network!!!
=================================================================
https://www.wavesys.com/
Report: CIA runs secret cyberwar with little oversight after Trump gave the OK, say US government officials
https://www.theregister.com/2020/07/16/cia_secret_cyberwar/
Details start to emerge on real-world impact of Prez-signed secret memo.
The CIA is running a secret cyberwar including Russian-style hack-and-leak operations with little or no oversight, US officials have warned.
The covert operations are largely targeted at Iran, China, Russia, and North Korea, say anonymous sources, and have included the public disclosure of 15 million debit card details belonging to customers of Iranian banks, according to a report by Yahoo! News.
The approval for the operations stems from a National Security Presidential Memorandum (NSPM) signed in 2018 by President Trump which has long been known about but the contents of which remain top secret. It has been officially described as authorizing “offensive cyber operations.”
At the time, the relevant memo, NSPM 13, caused serious concern among experts, not least because it removed many of the constraints introduced by the Obama administration.
But critics were assured that safeguards remained in place, as did civilian oversight. Those critics may have been proved right, however, if all the details in the Yahoo! story are to prove accurate.
The CIA is now able to authorize its own covert cyber operations, according to officials, rather than gain approval from the White House or discuss plans with other departments. One source called the memo “very aggressive,” and “a vehicle to strike back.”
Most critically, according to the report, the CIA is not required to prove it has evidence that organizations are carrying out activities on behalf of another’s countries intelligence services before it can launch a cyber offensive against them. It merely has to have a strong suspicion, opening up news organizations, non-profits, tech companies, and a whole range of other bodies to state-sponsored hacking.
Free-for-all
The memo has also been read as approving operations that were rejected by previous administrations, including leaking or deleting banking data. The dumping online of details on millions of debit cards belonging to customers of three Iranian banks linked to Iran’s Islamic Revolutionary Guard Corps back in November was almost certainly a CIA operation, the report states.
Other examples include 7.5 terabytes of data on Russian company SyTech, which was suspected of doing work for Russia’s FSB, that was provided to journalists in July 2019, and the personal details, including phone numbers and photos, of dozens of Iranian agents in March that year that were leaked on Telegram.
A former official said that while similar operations had been considered in the past, they had often been stopped or limited by inter-governmental discussion. When it comes to leaking financial information, one former official said, Treasury officials had always shot plans down because they feared they could damage the global financial system for little gain. “They had been bandied about at senior levels for a long time, but cooler heads had always prevailed," the official was quoted as saying.
The rest of the article is at the above link.
==================================================================
This article if true or not true just shows the need for the U.S. government and critical industries to have a strong cyber-defense. Wave VSC 2.0 (MFA) has already tested under the significant security requirements with the U.S. government. Preparation before things potentially happen is a great idea especially when Wave VSC 2.0 is better security at less than half the cost!!! With Wave VSC 2.0 and Wave ERAS, the government could keep the bad guys (unknown and unapproved devices) from accessing the network and therefore keep the bad guys from accessing sensitive data!!!
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/contact-information
Securing devices for a challenge of a lifetime
https://trustedcomputinggroup.org/securing-devices-for-a-challenge-of-a-lifetime/
Excerpts:
Some of the recommendations from this perspective include using reliable and safer authentication to protect government data, such as strong password and multi factor authentication. With a wide range of security options on offer, TCG provides building blocks to create secure systems. The second step would be to implement Trusted Platform Modules (TPM) for device provision and will allow for a trusted relationship between interconnected devices. TCG protected devices provide hardware-based, embedded security subsystems based on TPM chips, which create reliable protections against these issues and enable truly cost-effective implementation.
These steps, along with TPM protected devices, will help prepare devices for a challenge of a lifetime.
=================================================================
For a great article that helps explain the TPM better, go to post #245925!! What is trusted platform module?
=================================================================
Multi factor authentication is what Wave VSC 2.0 does and it does it with a TPM!!! Wave's solution (Wave VSC 2.0) could be very, very helpful here and for many different organizations!! For more information on Wave VSC 2.0 and Wave's other solutions, please read the content at the links below!!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/
https://www.wavesys.com/contact-information
340 GDPR fines for a total of €158,135,806 issued since May 2018
https://www.helpnetsecurity.com/2020/07/16/gdpr-fines/
Since rolling out in May 2018, there have been 340 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine, Privacy Affairs finds.
Whilst GDPR sets out the regulatory framework that all EU countries must follow, each member state legislates independently and is permitted to interpret the regulations differently and impose their own penalties to organizations that break the law.
Nations with the highest fines
•France: €51,100,000
•Italy: €39,452,000
•Germany: €26,492,925
•Austria: €18,070,100
•Sweden: €7,085,430
•Spain: €3,306,771
•Bulgaria: €3,238,850
•Netherlands: €3,490,000
•Poland: €1,162,648
•Norway: €985,400
Nations with the most fines
•Spain: 99
•Hungary: 32
•Romania: 29
•Germany: 28
•Bulgaria: 21
•Czech Republic: 13
•Belgium: 12
•Italy: 11
•Norway: 9
•Cyprus: 8
The second-highest number of fines comes from Hungary. The National Authority for Data Protection and Freedom of Information has issued 32 fines to date. The largest being €288,000 issued to an ISP for improper and non-secure storage of customers’ personal data.
UK organizations have been issued just seven fines, totalling over €640,000, by the Information Commissioner. The average penalty within the UK is €160,000. This does not include the potentially massive fines for Marriott International and British Airways that are still under review.
British Airways could face a fine of €204,600,000 for a data breach in 2019 that resulted in the loss of personal data of 500,000 customers.
Similarly, Marriott International suffered a breach that exposed 339 million people’s data. The hotel group faces a fine of €110,390,200.
The largest and highest GDPR fines
The largest GDPR fine to date was issued by French authorities to Google in January 2019. The €50 million was issued on the basis of “lack of transparency, inadequate information and lack of valid consent regarding ads personalization.”
Highest fines issued to private individuals:
•€20,000 issued to an individual in Spain for unlawful video surveillance of employees.
•€11,000 issued to a soccer coach in Austria who was found to be secretly filming female players while they were taking showers.
•€9,000 issued to another individual in Spain for unlawful video surveillance of employees.
•€2,500 issued to a person in Germany who sent emails to several recipients, where each could see the other recipients’ email addresses. Over 130 email addresses were visible.
•€2,200 issued to a person in Austria for having unlawfully filmed public areas using a private CCTV system. The system filmed parking lots, sidewalks, a garden area of a nearby property, and it also filmed the neighbors going in and out of their homes.
=================================================================
Rereading previous post could be helpful. Using Wave VSC 2.0 and Wave SED Management could be the better alternative (the Wave Alternative) for the companies impacted by GDPR!!! The fines are potentially enormous as evidenced by what the Marriott and British Airways are facing. Use the two solutions from Wave to have the biggest positive impact on helping your company with data protection and better security!!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/
https://www.wavesys.com/contact-information
=================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
EU Court Ruling Means New Global Protections for EU Customer Data
https://www.darkreading.com/endpoint/privacy/eu-court-ruling-means-new-global-protections-for-eu-customer-data/d/d-id/1338374
The ruling in a case involving Facebook means that international companies must provide EU-level privacy controls for EU-generated data no matter where it's stored or transferred.
A new ruling from a European Union court could have repercussions for data collection and sharing around the world. With the final ruling in the case of Facebook v. Schrems, the court has decided that companies cannot provide EU customers with lesser privacy rights just by moving their data to a non-EU jurisdiction.
The case, which began in 2013, has been through several stages of rulings after courts decided in 2015 that the "Safe Harbour Agreement" existing between the EU and US was insufficient to protect EU citizens' privacy rights.
In response to the ruling, the EU and US negotiated the Privacy Shield framework, and companies began using Standard Contractual Clauses (SCCs) to define privacy. This latest ruling invalidates the Privacy Shield framework and requires that SCCs protect privacy at a minimum to the extent provided by General Data Protection Regulation and other EU privacy laws.
In practice, this means that any company dealing with European citizens' data must provide privacy protections equivalent to those of the EU, no matter where the data is transferred, stored, or processed. For many international firms, this means a dramatically higher level of protection is required if they want to continue doing business in Europe
==================================================================
Dramatically higher level of protection translation- Wave VSC 2.0 and Wave SED management!! Wave has invested its core direction in these two products/solutions so that companies effected in this article could have better security and protect the privacy of its customers!!!
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/products/wave-self-encrypting-drive-management
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Iran-linked hackers steal sensitive data from US Navy member, researchers say
https://www.cyberscoop.com/iran-hackers-us-navy-ibm/
Excerpt:
It took the Navy months to evict the intruders from the Navy's internal computer network.
==================================================================
Organizations still allow hackers to roam or unintentionally allow them on the network and they are not able to kick them off after months of trying. Unknown and unapproved devices (hackers) wouldn't be allowed access to the network when organizations use Wave ERAS and Wave VSC 2.0. The Navy wouldn't have had the above problem if they had used Wave!!!
There were 100,000 data breaches is the last few years. That's way too much. 40% of those breaches were unauthorized access. That's too much too!!! Shouldn't the existing 2FA products be stopping this unauthorized access?!! Based on Wave's technology, Wave VSC 2.0 could do a lot better!!! Two important sectors, financial services, and the U.S. government have successfully tested Wave VSC 2.0.
==================================================================
https://www.wavesys.com/
https://www.wavesys.com/contact-information
Barack Obama, Joe Biden, Elon Musk, Apple, and others hacked in unprecedented Twitter attack
https://www.theverge.com/2020/7/15/21326200/elon-musk-bill-gates-twitter-hack-bitcoin-scam-compromised
The scams appear to be part of a widespread hacking operation affecting multiple accounts
The Twitter accounts of major companies and individuals have been compromised in one of the most widespread and confounding hacks the platform has ever seen, all in service of promoting a bitcoin scam that appears to be earning its creator quite a bit of money.
We don’t know how it’s happened or even to what extent Twitter’s own systems may have been compromised. The hack is ongoing, with new tweets posting to verified accounts on a regular basis starting shortly after 4PM ET. Twitter acknowledged the situation after more than an hour of silence, writing on its support account, “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.”
Please see link above for the rest of the article.
==================================================================
If knowd was active, this wouldn't be happening, and people would have an easy time of securely logging into their accounts. Wave Knowd could prevent potential tragedies as a result of 'not so good' authentication options by Twitter. Both users and Twitter would be protected as a result. If this was done through Twitter's corporate network, Wave VSC 2.0 could protect Twitter as well!!! Both sides could be protected by Wave with Wave Knowd and Wave VSC 2.0. Better security at less than half the cost!!! Wave solutions could make life so much easier for Twitter and more profitable!!!!
=================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords
Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services
https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords
Lee, MA -
May 9, 2013 -
Wave Systems Corp. (NASDAQ: WAVX), the Trusted Computing Company, today announced Wave Knowd, a new web service available for preview that significantly reduces the vulnerability and use of passwords by leveraging the unique identity of computing devices. With a simple integration of Wave Knowd, any website can establish reliable and consistent identity relationships with the devices its customers use most often for Internet services. Wave Knowd, which signifies “Known Devices,” is being tested by partners to provide the backbone for general purpose machine identity.
“The maturation of the web mandates a change in how we, and our computing devices, connect to the web,” said Steven Sprague, Wave CEO. “With cable television, satellite radio, bank kiosks and mobile phones, the service relationship is tied to the endpoint device. The web needs the security and simplicity of this same model, where our computing devices themselves play an added role in authentication. I access dozens of web services every day from the computer in my home office, and want those sites to know and trust my PC so they’ll stop continually asking me to log in. Wave Knowd enables that trust.”
To make web authentication stronger and simpler, Wave Knowd provides a new approach to signing on and accessing Cloud and Internet services. From online banking to business services and even consumer gaming, passwords are failing to provide a level of security that either service providers or users can trust. Knowd is built upon the concept that only known devices should ever access a protected network. Knowd incorporates all of your access and identity solutions together to establish a relationship of trust between users’ computing devices, and the web services they access.
“We interact online using so many devices now, but from a security perspective those devices aren’t all equal. Accessing medical records or confidential business files from my kid’s smartphone is certainly not as trustworthy as connecting from my business PC with an encrypted drive,” continued Mr. Sprague. “Wave Knowd is all about making the Web simpler and safer, and that new foundation of trust begins with known devices, and known capabilities.”
Once machine identity is established, any web site—from gaming, social networking or shopping; to banking, business and financial services—can use Wave Knowd to create a reliable and persistent identity for the connecting device. Knowd allows Web sites to streamline access for users who repeatedly log on from trusted devices, while bolstering security. Initial authentication creates a unique and anonymous relationship between each computing device and each web service accessed, and then the level of trust between the two grows over time. Knowing the device can also help the site prevent fraud and phishing, or simply provide quicker no-password access. Wave is the partner helping to create and manage these relationships.
“Wave Systems was the obvious choice to provide ID Dataweb’s attribute exchange with device identity services,” said David Coxe, CEO at ID Dataweb. “In Knowd, Wave has provided a system that is rooted in state of the art device security technologies such as the Trusted Platform Module and other secure elements, while also offering a simple web based integration. It’s easy to identify if a connecting device is highly trusted, or whether it requires added screening and security.”
ID Dataweb uses Wave’s Knowd solution as part of the Identity Ecosystem supported through a grant from the U.S. Department of Commerce’s National Institute of Standards and Technology’s NSTIC initiative (National Strategy for Trusted Identities in Cyberspace). ID Dataweb has created a standards-based platform to simplify online identity verification using OpenID credentials.
Providing the Tools to Manage Trust in the Cloud: What’s Your Trust Score?
Wave Knowd is a powerful enhancement for any website. The endpoint identity service links an individual users’ unique device identity, with the Internet services that are typically protected only by username and password access. Users are prompted by their cloud service provider to register their primary computing devices to create a unique and persistent device identity relationship with their Internet services and service providers. No personal ID information is obtained by Wave, as Knowd works purely as a machine identity service. Furthermore, registered devices are given a unique ID for every service provider, establishing a separate trust relationship with each service.
Wave Knowd asserts a Trust Score that helps both consumers and cloud services or relying parties to determine the level of trust granted to each specific computing device. For example, a home PC that is used regularly for banking will quickly build a high Trust Score. Users can achieve a higher Trust Score by installing a small software application (Wave Knowd currently supports Windows 7 and 8, with Apple and Android to follow later this year). Business-class PCs containing a standard Trusted Platform Module (TPM) can establish even greater trust by leveraging the TPM security chip to create and securely store a unique device ID.
Knowd provides a web service with a new capability to enable or disable features based on the device that the user is actively using, providing a new security option for the end user. Perhaps an account password can only be reset from the user’s registered home computer and not from anywhere in the world, thereby linking in all of the user’s investment in the security of their home, from their alarm system to the doorman. Every web service can benefit from integrating Wave Knowd as part of the user’s experience.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card
https://www.wavesys.com/