Tag: spectre

Spectre makes a comeback

When one cyberattack is stopped, another more powerful variant almost always takes its place. It happens all the time with ransomware, computer viruses, and Trojan horses. Recently, this has become the case with Spectre attacks, which exploit a fundamental flaw in modern computer chips. Here’s everything you need to know.

Spectre 101
For those who don’t know, Spectre is a vulnerability in modern computer chips like Intel and AMD that allows hackers to steal confidential information stored in an application’s memory, including passwords, instant messages, and emails. Malicious code running on a computer or web browser could be used to exploit this vulnerability, but ever since Spectre was discovered, Microsoft, AMD, Intel, and other tech companies released a series of updates to fix it.

What is NetSpectre?
To perform Spectre attacks, malware would have to run on a targeted machine to extract sensitive data. But in late July, Austrian security researchers found a way to launch Spectre-style attacks remotely without locally installed malware. The new attack is called NetSpectre and it can be conducted over a local area network or via the cloud.

So far, it’s impractical for average hackers to use this method to steal data. In tests, researchers were able to steal data at a rate of between 15 to 60 bits per hour, which means it would take days to gather corporate secrets and passwords. As such, NetSpectre will probably be used by hackers who want to target specific individuals but don’t want to resort to obvious methods like phishing scams or spyware.

Experts also warn that while NetSpectre may be impractical now, hackers may develop faster and more powerful variants in the future.

How should you protect your business?
NetSpectre attacks exploit the same vulnerabilities as the original Spectre so it’s important to install the latest firmware and security updates. You should also secure your networks with advanced firewalls and intrusion prevention systems to detect potential NetSpectre attacks.

Last but not least, working with a reputable managed services provider that offers proactive network monitoring and security consulting services can go a long way in protecting your business from a slew of cyberthreats.

If you’re looking for a leading managed security services provider, why not talk to us? We provide cutting-edge security software and comprehensive, 24/7 support. Call us today for more information.

Published with permission from TechAdvisory.org. Source.

New Windows update for PC vulnerabilities

Two newly discovered Windows vulnerabilities, known as Meltdown and Spectre, make it possible for hackers to steal all sorts of confidential information. To resolve this issue, Microsoft has released an update. Continue reading to stay protected.

Issues with Microsoft’s Spectre and Meltdown patches

After the January 3rd announcement of unprecedented security vulnerabilities, Microsoft has been rushing to release security updates for its Windows operating system. At their most basic, these complex vulnerabilities, named Spectre and Meltdown, make it possible for a program installed on your computer to access any information stored on your hard drive, even if it is protected.

These flaws mean that anything you’ve typed into your computer is at risk: credit card numbers, passwords — all of it. But don’t rush off to install fixes just yet. There are a few speed bumps you’ll have to navigate on your road to safety.

Incompatibility issues

According to reports, Microsoft’s patches have caused several problems to some users’ computers. For some, installing the new patches has resulted in computers with older processors to crash more often than usual. Users with newer processors have found their computers struggling to boot up, with some never getting past the Windows loading screen.

As a result, on more than one occasion, hardware and software vendors have recommended that its customers postpone installing the new patches.

Spectre and Meltdown can cause serious damage, but that doesn’t mean anyone should run off to haphazardly attempt computer repair above their ability. Until the process for installing patches has been ironed out, we recommend enlisting help.

Hire a professional

Given the issues on patches, IT novices shouldn’t update their computers on their own. Without adequate experience, you might install the wrong patch and cause even more problems to your computer. Or worse, install one of the pieces of malware masquerading as Spectre patches. Instead, why not call a professional to update your computer and protect your system from Meltdown and Spectre?

Data and network security is no easy task. We offer advanced, multi-layer protection to keep your data safe and sound. Give us a call and we’ll explain how we can help.

Published with permission from TechAdvisory.org. Source.

Meltdown and Spectre fixes cause problems

It’s been three weeks since one of the worst IT security vulnerabilities in history was announced, and consumers are still receiving mixed messages about how to protect themselves. We usually encourage users to install software updates as often as possible, but when it comes to Meltdown and Spectre, that advice comes with an asterisk.

Unsecured data storage

Spectre and Meltdown are the names given to two hardware flaws that allow hackers to see any piece of information stored on your computer. Although slightly different in execution, both take advantage of a hardware feature that computer chips use to access and store private information. For the last 20 years, security experts believed this information could not be stolen or spied on by malicious software, but that assumption was proven false on January 3, 2018.

Now that the Spectre and Meltdown vulnerabilities are public information, hackers can use them to create programs that steal passwords, social security numbers, credit card numbers, and anything else you type into your computer.

Because these problems are hardware-based, none of the updates will be able to secure the vulnerable storage; they’ll simply prevent your computer from storing anything in it. Currently, there are patches for:

  • Operating systems (Windows, macOS, and Linux)
  • Web browsers (Chrome, Firefox, Safari, Edge, and IE)
  • Chip firmware (low-level programs installed on the processor itself)

If you’re using an Apple computer, these updates are relatively easy to install. If you’re using a Windows or Linux-based computer, these patches may cause your machine to freeze, reboot unexpectedly, or significantly slow down.

Why should I wait to install the updates?

Intel, one of the chipmakers responsible for the Spectre and Meltdown flaws, has provided contradictory recommendations on more than one occasion. As recently as January 18, Intel recommended waiting for an updated patch, but in the same announcement also recommended “consumers to keep systems up-to-date.”

Experts believe detecting an attack that is based on one of these flaws will be relatively easy and represent an alternative to installing updates that could render your computer unusable.

What should I do?

IT support experts will be able to quickly and easily assess what is the best option for your computers. For example, our team can determine whether or not your hardware will conflict with the current patches, and either install them or set up a detection strategy that will help you mitigate the risks without ruining your computer.

If you need expert IT support for quick responses and ironclad security — give us a call today.

Published with permission from TechAdvisory.org. Source.

Spectre & Meltdown: how to protect yourself

Spectre and Meltdown are critical security flaws that affect a majority of computers today, including the one you’re using to read this. They can leak your passwords and other sensitive data, which is why software companies are working on security patches. The good news for Apple users is that fixes are now available to keep their devices temporarily safe.

Download and install security patches ASAP

Apple has already released software updates for all affected devices, and you need to install them now. Here’s how:

  • macOS – Click the Apple icon on the topmost part of your screen and check whether your system has been updated to macOS 10.13.2. If not, click the ‘Software Update…’ button to go directly to the App Store, then click the ‘Update’ button for macOS High Sierra.
  • iOS – To update to iOS 11.2, go to Settings > General > Software Update and download and install the new software.
  • tvOS – To update to tvOS 11.2, go to Settings > System > Software Updates and follow Apple’s step-by-step instructions to update your software.

The company hasn’t confirmed whether they would release patches for devices running on outdated software, so if your business still uses previous versions of Macs, iPhones, or iPads, make sure they do not have critical company data stored on them. Better yet, upgrade to new devices so that they’re better protected against legacy system vulnerabilities.

Practice browser safety

The Spectre bug could also exploit vulnerabilities in browsers, so make sure you update Safari too. Apple is set to release Safari updates for Macs and iOS devices soon, and it’s highly recommended to download and install them as soon as they become available.

You should also avoid using non-Apple browsers like Chrome, Microsoft Edge, or Firefox, as they have yet to release security patches against the bugs.

Download applications only from the App Store

Downloading apps from the App Store is one of the best ways to ensure you install only secure apps. Third-party stores are prone to malicious apps that could be disguised as legitimate and harmless — or worse, an exact copy of a well-known app.

The App Store has had incidents of malicious applications targeting iPhones, but these cases are rare. It is also much better at vetting suspicious apps and is relatively safer than other open-source platforms.

Moreover, avoid jailbreaking your devices, as this just makes them and your systems more prone to malware. And regardless of where you’ve downloaded an app, practice extreme caution when running new, unfamiliar apps, whether on Macs or iPhones.

Because of the sheer scale of Spectre and Meltdown, there’s a greater need for businesses to consult with IT professionals who can install powerful security software and other protections. Our cyber security team is ready to answer your questions about these and other system bugs. Call us today for professional advice.

Published with permission from TechAdvisory.org. Source.