Sunday, 7 January 2018

Meltdown and Spectre - How to protect against these CPU security flaws




Metldown and Spectre CPU security flaws are currently making headlines around the world. How do you protect your device from these issues?
What are Spectre and Meltdown?
Spectre and Meltdown are flaws found in processors from Intel, ARM and AMD that could allow hackers to access passwords, encryption keys and other private information from open applications.
These flaws are sending shock waves through the IT world. Actually, it was revealed that they had been present in chip designs for the past 2 decades! It was also revealed that they affect a number of companies’ processors, therefore the flaws could be found on a massive number of devices, from PCs to web servers and even smartphones.

Should Spectre and Meltdown worry me?

You shouldn’t need to panic, because so far it doesn’t look like Spectre or Meltdown have been used in an attack, and device manufacturers are working with Intel, ARM and AMD to fix these flaws.
Intel has claimed that the exploits can't corrupt, modify or delete data. Though, it has emerged that Spectre may need a processor redesign to fix.
However, this does mean that future processors will be free from the Spectre and Meltdown security flaws. So, don’t worry too much!  Still, be aware of any updates for your devices and protect yourself against the Meltdown and Spectre CPU security flaws following the advice here.

Protect yourself against the Meltdown and Spectre CPU security flaws...

... on Android phones:
Google will release a new security update on January 5 that will help protect your Android Phone against Meltdown and Spectre.
If you have a Google-branded phone, such as the Nexus 5X or the Pixel 2 or Pixel 2 XL, then you should get the update promptly, and on Google’s newer devices the update should download and install automatically.
Open the settings app on your Android device, go to ‘System’ and see if you can find new updates waiting for you. It may also be worth following your phone manufacturer on Twitter to keep up with news about the update.

...on iPhones:

Apple has has admitted taht Meltdown and Spectre are affecting all iPhones.
Apple also revealed that it had already released ‘mitigations’ for Meltdown in iOS 11.2, so make sure you keep an eye out for any new updates made available for iOS on your iPhone or iPad, and go into 'Settings' to check what version of iOS you are running.
Apple didn't say it had a fix for Spectre just yet, but it mentioned that “We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.” 

... on Windows PCs:

Windows PCs are likely to be hit hardest by Meltdown and Spectre, regardless if they run on Intel or AMD processors. The good news is that Microsoft seems to be on the case and has said that it has already released a security update on Wednesday for Windows 10, as well as previous versions of Windows.
Windows 10 should download the update automatically, but to be sure, type ‘windows update’ in the search bar of the taskbar, and select ‘Check for updates.’ Download and install any new updates it finds.

... on Macs:

Macs have also been affected by Meltdown and Spectre, and Apple has released a statement admitting the fact that all Macs have been affected.
While this is worrying, Apple also added that it has already released a series of fixes in macOS 10.13.2, so keep an eye out in the Mac App Store for any updates to OS X or macOS, and make sure you’re running the latest version of the operating system.

... on Chromebooks:

Recent Chromebooks should be automatically protected from Meltdown and Spectre, as Google released Chrome OS version 63 in December, which has features included to avoid these flaws.
If you want to know if your Chromebook is updated to version 63, or if an update is coming, check out Google’s list of Chrome OS devices, and check that it says ‘yes’ in the last column.
Following the advice above should help you to stay protected against Meltdown and Spectre.
This blog also has links to several world class Anti Virus software programs (like Zone Alarm) that can help you stay protected against future attacks.

Monday, 1 January 2018

Traditional Antivirus fails to protect 40 percent of users!

Conventional antivirus solutions are failing to protect users from attacks according to a  Malwarebytes report.

The study is based on real-world clean up scans performed by Malwarebytes. Nearly 40 percent (39.18percent) of all malware attacks cleaned on endpoints with an AV installed occurred on endpoints that had two or more traditional AV solutions registered.

In addition 39.16 percent of attacks on endpoints with a non-OS bundled AV installed occurred on an endpoint running one of the four leading traditional AV solutions.

"The results of these scans clearly indicate the ineffectiveness of today's traditional AV solutions and, more importantly, the unknown risks to users that depend only on these AV platforms to stay safe," says Marcin Kleczynski, CEO of Malwarebytes. "Antiquated AV technology is no longer enough to protect from sophisticated cyberthreats. It's crucial that consumers and businesses understand this now before they become a victim of the next attack."

The findings also show the top ransomware types detected on compromised machines are Hidden Tear (41.65 percent) and Cerber (18.26 percent). Botnets most often detected include IRCBot (61.56 percent) and Kelihos (26.95 percent). The most prevalent Trojan types bypassing traditional AV detections are Fileless (17.76 percent) and DNSChangermalware (17.51 percent).

Of ransomware attacks 48.59 percent of Hidden Tear and 26.78 percent of Cerber events were found on a compromised endpoint that had at least one of the four leading traditional AV brands installed.

To show how widespread the problem is, Malwarebytes has produced a real-time heatmap that shows each time Malwarebytes remediates instances of malware on endpoints that have a traditional AV registered. It also shows the numbers of attacks missed by leading antivirus programs.

Source: betanews.com

Delete confidential data for good
Click Here and get award winning roses and chocolate for your special someone!