Wave Systems Corp. (fka WAVXQ)

[Genz2]

Antivirus Makers Confirm—and Deny—Getting Breached by Hackers Looking to Sell Stolen Data

https://gizmodo.com/antivirus-makers-confirm-and-deny-getting-breached-afte-1834725136

Symantec and Trend Micro are two of the three top U.S. antivirus companies that a group of Russian-speaking hackers claim to have compromised, Gizmodo has confirmed.

Last week, Advanced Intelligence (AdvIntel), a New York-based threat-research firm, reported that a hacking group was attempting to sell internal documents and source code allegedly stolen from three major antivirus companies. Citing an ongoing law enforcement investigation and its own disclosure policies, AdvIntel did not reveal the names of the alleged victims.

The hackers, known as “Fxmsp,” are said to be offering to sell the stolen data—around 30 terabytes’ worth—for over $300,000. Gizmodo has not itself reviewed or verified any of allegedly stolen documents.

Symantec, the company that makes Norton Antivirus software, denied on Monday having been contacted by AdvIntel. “We have no indication that Symantec has been impacted and do not believe there is reason for our customers to be concerned,” it said.

That statement, however, was quickly refuted by AdvIntel, which said it first reached out to Symantec via a trusted partner on May 8. It then had two remediation calls with the company by the end of last week, it said. (Gizmodo reached out to Symantec about the discrepancy and will update if we hear back.)

Screenshots offered up as proof by Fxmsp appear to show stolen development documentation, an artificial intelligence model, and antivirus software base code, according to AdvIntel. Its researchers assessed the threat as highly credible, stating that Fxmsp—which is said to run in both Russian- and English-speaking circles—has already earned close to $1 million off verified corporate breaches.

Yelisey Boguslavskiy, AdvIntel’s director of research, confirmed last week that his company had been in contact with the potential victims. Following Symantec’s denial, Boguslavskiy said AdvIntel “reached out to Symantec via trusted partners on May 8, directly, and had two remediation calls on May 9 and May 10.”

Security software firm Trend Micro, meanwhile, told Gizmodo that data linked to one of its testing labs had been accessed without authorization. It labeled the incident as “low risk,” however, and said that neither customer data nor any source code had been accessed or exfiltrated.

Boguslavskiy also took issue with Trend Micro’s statement, saying it was “incorrect based on the portion of the data we have and the actor’s statement.”

Trend Micro said its investigation into the matter was still underway and that it was working “closely with law enforcement,” but that it wanted to “transparently share what we have learned.”

A spokesperson for McAfee, the maker of McAfee VirusScan, would not immediately confirm whether the company had been contacted about a potential breach. It is looking into the matter, they said, adding: “We’ve taken necessary steps to monitor for and investigate it.”

Update, 5/13: Updated with a statement from AdvIntel about its contact with Symantec and Trend Micro.
==================================================================
With these three companies apparently being breached, Wave Endpoint Monitor and Wave's Solutions should attract more buying since Wave's cybersecurity solutions successfully protect Wave and its customers. I recall years ago SKS going head to head with an executive from Symantec over what was a more beneficial product, antivirus, a blacklisting approach from Symantec or a whitelisting approach like Wave Endpoint Monitor from Wave. With 1900 breaches a quarter (via Help Net Security), it seems like Wave Endpoint Monitor and Wave Solutions have for years been overlooked to the detriment of a lot of companies and governments. Many organizations are using what is not working rather than seeing the opportunity that Wave offers with better cybersecurity solutions!!
=================================================================
https://www.wavesys.com/

https://www.wavesys.com/wave-alternative

The IT perimeter is gone

With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.

It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.

You have to start with the device

Wave has an alternative: security that’s built into each and every device.

We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.

We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.

Security that’s confirmed, not assumed

With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.

A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.

Do we need to say that with Wave, compliance is no problem?

Start closing your security gaps today, with what you’ve got

You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.

It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.

Questions? Read on, or contact our sales department.