Wave Systems Corp. (fka WAVXQ)

[Genz2]

New WordPress Phishing Campaigns Target User Credentials

https://securityintelligence.com/news/new-wordpress-phishing-campaigns-target-user-credentials/

A new phishing attack targeting WordPress sites uses fake database upgrade messages to cause serious problems for site owners and operators.


As reported by research firm Sucuri, this attack differs from previous phishing campaigns because it uses an email that is designed to look like a legitimate WordPress request prompting users to upgrade their database immediately. Using style and font choices similar to those of actual WordPress updates — along with a footer resembling that of parent company Automattic — fraudsters attempt to lure users into clicking an “Upgrade” button. Next, victims are asked for their username and password, followed by a request for website name and administrator username.


Indicators of illegitimacy include multiple grammatical errors in the emails themselves and the mention of an imminent “deadline,” neither of which is consistent with WordPress or hosting providers in general.


Pressing Problems for Site Owners


When attackers collect usernames, passwords and website addresses, they have everything they need to deface site content and deliver malware to users. Additionally, full access to WordPress sites enables malicious actors to install backdoors, allowing them to come and go as they please. As a result, businesses may experience a sudden drop in site traffic or discover that they’ve been blacklisted by popular search services.


This new campaign is also worrisome for its human element. While employee awareness of phishing techniques is on the rise, the simplicity of this attack, combined with its at-a-glance authenticity, makes it a real risk for WordPress administrators and anyone in charge of content creation. Given the repeated advice of security experts to upgrade services and sites ASAP to avoid compromise, it’s no surprise that some administrators are fooled by the sudden appearance of this WordPress “upgrade.”


How to Raise Awareness of Phishing Campaigns


Security experts recommend conducting comprehensive employee training to promote the concept of shared responsibility for enterprise security. Security leaders should follow this up with videos, newsletters and in-person training sessions to ensure that employees have the most up-to-date information.


IBM experts also recommend implementing phishing identification and reporting mechanisms that use machine learning and advanced phishing detection algorithms to spot new campaigns before they compromise corporate networks.
================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management


Token-free, password-free user authentication

We know you’ve dreamt about shredding your list of passwords. Go on and do it.

Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.

Decrease expenses with virtual smart cards

You know what else happens when you take passwords out of the equation? A lot fewer calls to IT. Imagine if you took password resets out of the picture – that frees up a chunk of IT time, lowering your operating expenses significantly.

If your organization currently uses traditional tokens or smart cards, switching to virtual smart cards takes an even bigger burden off of IT – we use the hardware-protected credentials in the TPM to create a virtual smart card, which performs the same functionality as traditional smart cards. That means no need to purchase, deploy, replace or maintain external tokens, smart cards or smart card readers. Because virtual smart cards are already on your machines and can’t be forgotten, lost or stolen, you have lower capital expenses and lower operating expenses.

Wave's is the only management to support virtual smart cards on Windows 7, as well as Windows 8 and 8.1.

Key Features:

Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies

Low TCO
• Reduce operating expenses by eliminating password reset and shortening deployment times
• Minimize capital expenses by using hardware you already have
• Integrate with Microsoft Active Directory for IT familiarity

Superior User Experience
• No more tokens or smart cards to achieve two-factor authentication
• Eliminate VPN/WiFi/website passwords for faster access to resources
• No add-on software means improved OS performance

Flexibility
• Compatible with Windows 8.1, 8, 7 and Vista operating systems – manage mixed environments from one console
• Create custom management policies to suit your organization’s needs
• User and device authentication from a common console

Seamless Device Authentication
• Access control over wireless (i.e. 802.1x)
• Single sign-on
• VPN authentication (i.e. Microsoft DirectAccess)

<p><em>Microsoft, Windows, and BitLocker are either registered trademarks or trademark of the Microsoft group of companies.</em></p>