Meltdown and Spectre - How to protect against these CPU security flaws

Metldown and Spectre CPU security flaws are currently making headlines around the world. How do you protect your device from these issues?

What are Spectre and Meltdown?

Spectre and Meltdown are flaws found in processors from Intel, ARM and AMD that could allow hackers to access passwords, encryption keys and other private information from open applications.

These flaws are sending shock waves through the IT world. Actually, it was revealed that they had been present in chip designs for the past 2 decades! It was also revealed that they affect a number of companies’ processors, therefore the flaws could be found on a massive number of devices, from PCs to web servers and even smartphones.

Should Spectre and Meltdown worry me?

You shouldn’t need to panic, because so far it doesn’t look like Spectre or Meltdown have been used in an attack, and device manufacturers are working with Intel, ARM and AMD to fix these flaws.

Intel has claimed that the exploits can't corrupt, modify or delete data. Though, it has emerged that Spectre may need a processor redesign to fix.

However, this does mean that future processors will be free from the Spectre and Meltdown security flaws. So, don’t worry too much!  Still, be aware of any updates for your devices and protect yourself against the Meltdown and Spectre CPU security flaws following the advice here.

Protect yourself against the Meltdown and Spectre CPU security flaws...

... on Android phones:

Google will release a new security update on January 5 that will help protect your Android Phone against Meltdown and Spectre.

If you have a Google-branded phone, such as the Nexus 5X or the Pixel 2 or Pixel 2 XL, then you should get the update promptly, and on Google’s newer devices the update should download and install automatically.

Open the settings app on your Android device, go to ‘System’ and see if you can find new updates waiting for you. It may also be worth following your phone manufacturer on Twitter to keep up with news about the update.

...on iPhones:

Apple has has admitted taht Meltdown and Spectre are affecting all iPhones.

Apple also revealed that it had already released ‘mitigations’ for Meltdown in iOS 11.2, so make sure you keep an eye out for any new updates made available for iOS on your iPhone or iPad, and go into 'Settings' to check what version of iOS you are running.

Apple didn't say it had a fix for Spectre just yet, but it mentioned that “We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.” 

... on Windows PCs:

Windows PCs are likely to be hit hardest by Meltdown and Spectre, regardless if they run on Intel or AMD processors. The good news is that Microsoft seems to be on the case and has said that it has already released a security update on Wednesday for Windows 10, as well as previous versions of Windows.

Windows 10 should download the update automatically, but to be sure, type ‘windows update’ in the search bar of the taskbar, and select ‘Check for updates.’ Download and install any new updates it finds.

... on Macs:

Macs have also been affected by Meltdown and Spectre, and Apple has released a statement admitting the fact that all Macs have been affected.

While this is worrying, Apple also added that it has already released a series of fixes in macOS 10.13.2, so keep an eye out in the Mac App Store for any updates to OS X or macOS, and make sure you’re running the latest version of the operating system.

... on Chromebooks:

Recent Chromebooks should be automatically protected from Meltdown and Spectre, as Google released Chrome OS version 63 in December, which has features included to avoid these flaws.

If you want to know if your Chromebook is updated to version 63, or if an update is coming, check out Google’s list of Chrome OS devices, and check that it says ‘yes’ in the last column.

Following the advice above should help you to stay protected against Meltdown and Spectre.

This blog also has links to several world class Anti Virus software programs (like Zone Alarm) that can help you stay protected against future attacks.

Traditional Antivirus fails to protect 40 percent of users!

Conventional antivirus solutions are failing to protect users from attacks according to a  Malwarebytes report.

The study is based on real-world clean up scans performed by Malwarebytes. Nearly 40 percent (39.18percent) of all malware attacks cleaned on endpoints with an AV installed occurred on endpoints that had two or more traditional AV solutions registered.

In addition 39.16 percent of attacks on endpoints with a non-OS bundled AV installed occurred on an endpoint running one of the four leading traditional AV solutions.

"The results of these scans clearly indicate the ineffectiveness of today's traditional AV solutions and, more importantly, the unknown risks to users that depend only on these AV platforms to stay safe," says Marcin Kleczynski, CEO of Malwarebytes. "Antiquated AV technology is no longer enough to protect from sophisticated cyberthreats. It's crucial that consumers and businesses understand this now before they become a victim of the next attack."

The findings also show the top ransomware types detected on compromised machines are Hidden Tear (41.65 percent) and Cerber (18.26 percent). Botnets most often detected include IRCBot (61.56 percent) and Kelihos (26.95 percent). The most prevalent Trojan types bypassing traditional AV detections are Fileless (17.76 percent) and DNSChangermalware (17.51 percent).

Of ransomware attacks 48.59 percent of Hidden Tear and 26.78 percent of Cerber events were found on a compromised endpoint that had at least one of the four leading traditional AV brands installed.

To show how widespread the problem is, Malwarebytes has produced a real-time heatmap that shows each time Malwarebytes remediates instances of malware on endpoints that have a traditional AV registered. It also shows the numbers of attacks missed by leading antivirus programs.

Source: betanews.com

61% Of Malware Attack Victims Lose Some Data Forever

Most IT users know that malware is dangerous but few are fully aware of the havoc it can wreak. A new survey from B2B International and Kaspersky Lab reveals the true scale of the malware problem: just 39% of victims manage to fully restore the data lost as a result of a breach.


As Kaspersky Lab points out, a quarter of malware attacks succeed in stealing or corrupting confidential information. In the case of 17% of victims all data is lost forever, while 44% manage a partial retrieval. This is cause for concern, considering the importance we attach to our data, Kaspersky Lab said. Among the survey respondents, 56% declared that they deemed their information more valuable than the machine storing it. The poll also showed that 10% of affected users have resorted to the services of outside experts in the effort to restore their lost data.

But a data recovery specialist may not always achieve complete success and sometimes nothing can be done. Even an expert will be helpless if the attackers have used a file encryptor. This malicious program encrypts the files on the user's computers and requires a unique key for decryption. This is the type of program known as ransomware because the attackers typically demand payment in return for the decryption key.


Computers and mobile devices have become an integral part of daily life so it would be virtually impossible not to store confidential information on digital devices. However, users can minimise the risk of data loss through regular back-ups and reliable anti-malware protection, Kaspersky Lab said.

Ransomware - A Major Threat To Internet Security

Ransomware is emerging as a major cybercrime strategy, threatening to oust fake anti-virus software as the most popular cyber-attack next year, new research by IT security firm Symantec shows.

A total of 2.8% of victims of ransomware pay a "ransom" of up to £280 to regain access to their computers which have been blocked by cryptoviruses. Victims are tricked into making the payments after receiving fake messages that look like they have been issued by police authorities. Such messages often tell users they must pay a penalty for browsing illegal content.

Cybercriminals pocket £3 million annually from blackmailing users to pay to free their PCs from the malicious software, with one criminal group having tried to plague 495,000 computers in just 18 days, Symantec said, as quoted by IT Pro.

The first cases of ransomware were found in 2009 and were mainly limited to Eastern Europe and Russia.

However, this type of cybercrime is spreading to Western Europe, the USA and Canada, Symantec said. Criminal gangs have been traced back to a single unidentified person who apparently creates ransomware on request.

As consumer demand shifts to mobile devices and the cloud, cyber-attacks will increasingly focus on Secure Sockets Layer (SSL) certificates used by mobile apps, Symantec believes. Meanwhile, according to an earlier report by IT Pro, security experts have identified a new malware strand that steals image files from PCs and dispatches them to a remote server.