Meltdown and Spectre - How to protect against these CPU security flaws

Metldown and Spectre CPU security flaws are currently making headlines around the world. How do you protect your device from these issues?

What are Spectre and Meltdown?

Spectre and Meltdown are flaws found in processors from Intel, ARM and AMD that could allow hackers to access passwords, encryption keys and other private information from open applications.

These flaws are sending shock waves through the IT world. Actually, it was revealed that they had been present in chip designs for the past 2 decades! It was also revealed that they affect a number of companies’ processors, therefore the flaws could be found on a massive number of devices, from PCs to web servers and even smartphones.

Should Spectre and Meltdown worry me?

You shouldn’t need to panic, because so far it doesn’t look like Spectre or Meltdown have been used in an attack, and device manufacturers are working with Intel, ARM and AMD to fix these flaws.

Intel has claimed that the exploits can't corrupt, modify or delete data. Though, it has emerged that Spectre may need a processor redesign to fix.

However, this does mean that future processors will be free from the Spectre and Meltdown security flaws. So, don’t worry too much!  Still, be aware of any updates for your devices and protect yourself against the Meltdown and Spectre CPU security flaws following the advice here.

Protect yourself against the Meltdown and Spectre CPU security flaws...

... on Android phones:

Google will release a new security update on January 5 that will help protect your Android Phone against Meltdown and Spectre.

If you have a Google-branded phone, such as the Nexus 5X or the Pixel 2 or Pixel 2 XL, then you should get the update promptly, and on Google’s newer devices the update should download and install automatically.

Open the settings app on your Android device, go to ‘System’ and see if you can find new updates waiting for you. It may also be worth following your phone manufacturer on Twitter to keep up with news about the update.

...on iPhones:

Apple has has admitted taht Meltdown and Spectre are affecting all iPhones.

Apple also revealed that it had already released ‘mitigations’ for Meltdown in iOS 11.2, so make sure you keep an eye out for any new updates made available for iOS on your iPhone or iPad, and go into 'Settings' to check what version of iOS you are running.

Apple didn't say it had a fix for Spectre just yet, but it mentioned that “We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.” 

... on Windows PCs:

Windows PCs are likely to be hit hardest by Meltdown and Spectre, regardless if they run on Intel or AMD processors. The good news is that Microsoft seems to be on the case and has said that it has already released a security update on Wednesday for Windows 10, as well as previous versions of Windows.

Windows 10 should download the update automatically, but to be sure, type ‘windows update’ in the search bar of the taskbar, and select ‘Check for updates.’ Download and install any new updates it finds.

... on Macs:

Macs have also been affected by Meltdown and Spectre, and Apple has released a statement admitting the fact that all Macs have been affected.

While this is worrying, Apple also added that it has already released a series of fixes in macOS 10.13.2, so keep an eye out in the Mac App Store for any updates to OS X or macOS, and make sure you’re running the latest version of the operating system.

... on Chromebooks:

Recent Chromebooks should be automatically protected from Meltdown and Spectre, as Google released Chrome OS version 63 in December, which has features included to avoid these flaws.

If you want to know if your Chromebook is updated to version 63, or if an update is coming, check out Google’s list of Chrome OS devices, and check that it says ‘yes’ in the last column.

Following the advice above should help you to stay protected against Meltdown and Spectre.

This blog also has links to several world class Anti Virus software programs (like Zone Alarm) that can help you stay protected against future attacks.

'BadNews' Android malware in approved apps may have been downloaded 9 million times!

A new breed malware has been discovered within at least 32 Android apps, which may have been downloaded up to nine million times!

The so-called 'BadNews' malware was outed by security firm Lookout Mobile Security in a blog post on Friday and the affected apps have now been removed by Google.

All of the apps found to contain the malicious code had been approved by Google, but it appears that the harmful elements had been added after the fact, disguised as updates.

Apps containing the BadNews code have been reporting back to a server and revealing sensitive information like the phone number and handset serial number.

'Bad guys are smart'

The affected apps include English and Russian-language games, dictionaries, wallpapers and were able to make it past the Google Bouncer software that scans the Play store for harmful apps.

Marc Rogers, principal security researcher for Lookout, told Ars Technica: "You can't even say Google was at fault in this because Google very clearly scrutinized all these apps when they want in.

"But these guys were cunning enough to sit there for a couple of months doing absolutely nothing and then they pushed out the malware.

"This is a wakeup call for us in the industry to say: 'Bad guys are smart as well and they'll take a look at the security models we put in place and they'll find weaknesses in them. That's exactly what they've done here."

Source: http://www.techradar.com

Facebook site infiltrated!

The Facebook security teams has confirmed that the social networking site was targeted in a "sophisticated attack" last month.

The digital intrusion apparently occurred when a small number of Facebook personnel visited a compromised mobile developer website.

"The site hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines," a Facebook rep explained.

"After analyzing the compromised website where the attack originated, we found it was using a 'zero-day' (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability."

Interestingly, Facebook says it wasn't not alone in the above-mentioned attack, as other sites were infiltrated as well.

However, the rep was also quick to point out that the social networking site had found "no evidence" of compromised user data.

"As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future," the rep added.


Source: www.tgdaily.com/

How to spot an Email Hoax

Spotting the latest email hoaxes may be easier than you think!

There are thousands of email hoaxes moving around the Internet at any given time. Some may be the latest email hoaxes around. Others may be mutated versions of hoax messages that have travelled the Internet for years. These email hoaxes cover a range of subject matter, including:

• Supposedly free giveaways in exchange for forwarding emails.
• Bogus virus alerts.
• False appeals to help sick children.
• Pointless petitions that lead nowhere and accomplish nothing.
• Dire, and completely fictional, warnings about products, companies, government policies or coming events.

The good news is that, with a little bit of foreknowledge, email hoaxes are easy to detect. Hidden within the colourful prose of your average email hoax often lurk telling indicators of the email's veracity.

Probably the most obvious of these indicators is a line such as "Send this email to everyone in your address book". Hoax writers want their material to spread as far and as fast as possible, so almost every hoax email will in some way exhort you to send it to other people. Some email hoaxes take a more targeted approach and suggest that you send the email to a specified number of people in order to collect a prize or realize a benefit.

Another indicator is that hoaxes tend not to provide checkable references to back up their spurious claims. Genuine competitions, promotions, giveaways or charity drives will usually provide a link to a company website or publication. Real virus warnings are likely to include a link to a reputable virus information website. Emails containing Government or company policy information are likely to include references to checkable sources such as news articles, websites or other publications.

A third indicator is often the actual language used. Email hoax writers have a tendency to use an emotive, "over-the-top" style of writing peppered with words and phrases such as "Urgent", "Danger", "worst ever virus!!", "sign now before it's too late" and so on, often rendered in ALL CAPITAL LETTERS for added emphasis. Paragraphs dripping with pathos speak of dying children; others "shout" with almost rabid excitement about free air travel or mobile phones. As well, some email hoaxes try to add credibility by using highly technical language.

Before forwarding an email, ask yourself these questions:

1. Does the email ask you to send it to a lot of other people?
2. Does the email fail to provide confirmation sources?
3. Is the language used overly emotive or highly technical?

A "yes" answer to one or more of the above questions, should start some alarm bells ringing. These indicators do not offer conclusive evidence that the email is a hoax but they are certainly enough to warrant further investigation before you hit the "Forward" Button.

Source: www.hoax-slayer.com