Wave Systems Corp. (fka WAVXQ)

[Genz2]

Cloud-based video creation service Animoto alerts California DOJ of possible data theft

The cloud-based video creation service Animoto disclosed to the California Attorney General's office last week that it discovered suspicious systems activity indicative of a July 10 breach that may have resulted in stolen information.

Affected data includes birth dates, geolocation, genders, email addresses and hashed and salted passwords. It is not known if the salt key for these passwords was also acquired; however, payment card information does not appear to be impacted.

According to Animoto's submitted notification, the company began investigating after receiving an alert of unusual activity on July 10. "Upon review, Animoto identified queries being run against its user database. Animoto immediately stopped the queries and launched an investigation with the assistance of third-party experts," the disclosure document states. On August 6, 2018, Animoto's investigation confirmed the queries were unauthorized and that user data may have been obtained on or around July 10, 2018."

Based in New York with an office in San Francisco, Animoto began informing potentially impacted individuals on Aug. 16, the notification continues, adding that in response to the incident, the company has changed employee and system passwords and is instructing users to do the same to their own passwords. Animoto also reduced the number of users who can access certain systems.

“Breaches in cloud environments are often the result of misconfigurations and poor security hygiene. With cloud attacks being increasingly automated, the timeframe to detect and respond is extremely brief," said Zohar Alon, CEO and co-founder of Dome9, in emailed comments. " Any door left open will be discovered and quickly used to exploit an organization's valuable assets. Businesses need to monitor their threat landscape on a real-time basis and enforce security discipline. Continuous compliance and active cloud protection are essential to keeping sensitive information safe and secure.”
================================================================
SANS: 20 critical security controls you need to add

https://www.networkworld.com/article/2992503/security/sans-20-critical-security-controls-you-need-to-add.html

1. Inventory of Authorized and Unauthorized devices
=================================================================
California Attorney General Concludes that Failing to Implement the Center for Internet Security's (CIS) Critical Security Controls 'Constitutes a Lack of Reasonable Security'

https://www.prnewswire.com/news-releases/california-attorney-general-concludes-that-failing-to-implement-the-center-for-internet-securitys-cis-critical-security-controls-constitutes-a-lack-of-reasonable-security-300223659.html
================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Secure device & user authentication

Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.

Here’s how it works:

Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication

Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.

Token-free, password-free user authentication

We know you’ve dreamt about shredding your list of passwords. Go on and do it.

Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.

Decrease expenses with virtual smart cards

You know what else happens when you take passwords out of the equation? A lot fewer calls to IT. Imagine if you took password resets out of the picture – that frees up a chunk of IT time, lowering your operating expenses significantly.

If your organization currently uses traditional tokens or smart cards, switching to virtual smart cards takes an even bigger burden off of IT – we use the hardware-protected credentials in the TPM to create a virtual smart card, which performs the same functionality as traditional smart cards. That means no need to purchase, deploy, replace or maintain external tokens, smart cards or smart card readers. Because virtual smart cards are already on your machines and can’t be forgotten, lost or stolen, you have lower capital expenses and lower operating expenses.

Wave's is the only management to support virtual smart cards on Windows 7, as well as Windows 8 and 8.1.
================================================================
https://www.wavesys.com/products/wave-virtual-smart-card