Meltdown and Spectre - How to protect against these CPU security flaws

Metldown and Spectre CPU security flaws are currently making headlines around the world. How do you protect your device from these issues?

What are Spectre and Meltdown?

Spectre and Meltdown are flaws found in processors from Intel, ARM and AMD that could allow hackers to access passwords, encryption keys and other private information from open applications.

These flaws are sending shock waves through the IT world. Actually, it was revealed that they had been present in chip designs for the past 2 decades! It was also revealed that they affect a number of companies’ processors, therefore the flaws could be found on a massive number of devices, from PCs to web servers and even smartphones.

Should Spectre and Meltdown worry me?

You shouldn’t need to panic, because so far it doesn’t look like Spectre or Meltdown have been used in an attack, and device manufacturers are working with Intel, ARM and AMD to fix these flaws.

Intel has claimed that the exploits can't corrupt, modify or delete data. Though, it has emerged that Spectre may need a processor redesign to fix.

However, this does mean that future processors will be free from the Spectre and Meltdown security flaws. So, don’t worry too much!  Still, be aware of any updates for your devices and protect yourself against the Meltdown and Spectre CPU security flaws following the advice here.

Protect yourself against the Meltdown and Spectre CPU security flaws...

... on Android phones:

Google will release a new security update on January 5 that will help protect your Android Phone against Meltdown and Spectre.

If you have a Google-branded phone, such as the Nexus 5X or the Pixel 2 or Pixel 2 XL, then you should get the update promptly, and on Google’s newer devices the update should download and install automatically.

Open the settings app on your Android device, go to ‘System’ and see if you can find new updates waiting for you. It may also be worth following your phone manufacturer on Twitter to keep up with news about the update.

...on iPhones:

Apple has has admitted taht Meltdown and Spectre are affecting all iPhones.

Apple also revealed that it had already released ‘mitigations’ for Meltdown in iOS 11.2, so make sure you keep an eye out for any new updates made available for iOS on your iPhone or iPad, and go into 'Settings' to check what version of iOS you are running.

Apple didn't say it had a fix for Spectre just yet, but it mentioned that “We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.” 

... on Windows PCs:

Windows PCs are likely to be hit hardest by Meltdown and Spectre, regardless if they run on Intel or AMD processors. The good news is that Microsoft seems to be on the case and has said that it has already released a security update on Wednesday for Windows 10, as well as previous versions of Windows.

Windows 10 should download the update automatically, but to be sure, type ‘windows update’ in the search bar of the taskbar, and select ‘Check for updates.’ Download and install any new updates it finds.

... on Macs:

Macs have also been affected by Meltdown and Spectre, and Apple has released a statement admitting the fact that all Macs have been affected.

While this is worrying, Apple also added that it has already released a series of fixes in macOS 10.13.2, so keep an eye out in the Mac App Store for any updates to OS X or macOS, and make sure you’re running the latest version of the operating system.

... on Chromebooks:

Recent Chromebooks should be automatically protected from Meltdown and Spectre, as Google released Chrome OS version 63 in December, which has features included to avoid these flaws.

If you want to know if your Chromebook is updated to version 63, or if an update is coming, check out Google’s list of Chrome OS devices, and check that it says ‘yes’ in the last column.

Following the advice above should help you to stay protected against Meltdown and Spectre.

This blog also has links to several world class Anti Virus software programs (like Zone Alarm) that can help you stay protected against future attacks.

Traditional Antivirus fails to protect 40 percent of users!

Conventional antivirus solutions are failing to protect users from attacks according to a  Malwarebytes report.

The study is based on real-world clean up scans performed by Malwarebytes. Nearly 40 percent (39.18percent) of all malware attacks cleaned on endpoints with an AV installed occurred on endpoints that had two or more traditional AV solutions registered.

In addition 39.16 percent of attacks on endpoints with a non-OS bundled AV installed occurred on an endpoint running one of the four leading traditional AV solutions.

"The results of these scans clearly indicate the ineffectiveness of today's traditional AV solutions and, more importantly, the unknown risks to users that depend only on these AV platforms to stay safe," says Marcin Kleczynski, CEO of Malwarebytes. "Antiquated AV technology is no longer enough to protect from sophisticated cyberthreats. It's crucial that consumers and businesses understand this now before they become a victim of the next attack."

The findings also show the top ransomware types detected on compromised machines are Hidden Tear (41.65 percent) and Cerber (18.26 percent). Botnets most often detected include IRCBot (61.56 percent) and Kelihos (26.95 percent). The most prevalent Trojan types bypassing traditional AV detections are Fileless (17.76 percent) and DNSChangermalware (17.51 percent).

Of ransomware attacks 48.59 percent of Hidden Tear and 26.78 percent of Cerber events were found on a compromised endpoint that had at least one of the four leading traditional AV brands installed.

To show how widespread the problem is, Malwarebytes has produced a real-time heatmap that shows each time Malwarebytes remediates instances of malware on endpoints that have a traditional AV registered. It also shows the numbers of attacks missed by leading antivirus programs.

Source: betanews.com

Cyber Threats Hit Record Levels

Cyber threats and vulnerabilities have reached their highest level for more than a decade, networking equipment specialist Cisco's latest security study reveals. 

According to the Cisco 2014 Annual Security Report, which became available this week, cumulative annual alert totals rose by 14% on the year in October 2013. The IT major says that the malicious activity witnessed is at its highest level since the firm began tracking it back in 2000 as the targets of such attacks are failing to address the challenges of the quickly evolving threat landscape.

According to the report, there is a dire need for security professionals worldwide. This, coupled with the lack of adequate systems at most enterprises, leaves organisations without the necessary resources to address cyber attacks. Cisco has estimated that the global shortage of security experts will exceed one million this year.

A startling finding of the study is that all 30 of a sample of the biggest multinational company networks generated visitor traffic to websites with malware, with 96% reviewing communicated traffic to hijacked servers and 92% transmitting traffic to empty web pages, which is also usually associated with exposure to malicious activity, Cisco noted.

And it seems that malicious attacks are widening their scope among verticals. In the past two years, sectors that had remained relatively unscathed by malicious breaches, such as agriculture and mining, witnessed a substantial rise in malware encounters, the IT company said.

The research found that Multipurpose Trojans prevailed in web-delivered malware last year, accounting for 27% of all encounters, and, among programming languages, Java is still the primary target of online criminals.

In addition, Android turned out to be by far the most targeted mobile platform, accounting for 99% of all mobile malware.

Source: www.misco.co.uk

61% Of Malware Attack Victims Lose Some Data Forever

Most IT users know that malware is dangerous but few are fully aware of the havoc it can wreak. A new survey from B2B International and Kaspersky Lab reveals the true scale of the malware problem: just 39% of victims manage to fully restore the data lost as a result of a breach.


As Kaspersky Lab points out, a quarter of malware attacks succeed in stealing or corrupting confidential information. In the case of 17% of victims all data is lost forever, while 44% manage a partial retrieval. This is cause for concern, considering the importance we attach to our data, Kaspersky Lab said. Among the survey respondents, 56% declared that they deemed their information more valuable than the machine storing it. The poll also showed that 10% of affected users have resorted to the services of outside experts in the effort to restore their lost data.

But a data recovery specialist may not always achieve complete success and sometimes nothing can be done. Even an expert will be helpless if the attackers have used a file encryptor. This malicious program encrypts the files on the user's computers and requires a unique key for decryption. This is the type of program known as ransomware because the attackers typically demand payment in return for the decryption key.


Computers and mobile devices have become an integral part of daily life so it would be virtually impossible not to store confidential information on digital devices. However, users can minimise the risk of data loss through regular back-ups and reliable anti-malware protection, Kaspersky Lab said.

'BadNews' Android malware in approved apps may have been downloaded 9 million times!

A new breed malware has been discovered within at least 32 Android apps, which may have been downloaded up to nine million times!

The so-called 'BadNews' malware was outed by security firm Lookout Mobile Security in a blog post on Friday and the affected apps have now been removed by Google.

All of the apps found to contain the malicious code had been approved by Google, but it appears that the harmful elements had been added after the fact, disguised as updates.

Apps containing the BadNews code have been reporting back to a server and revealing sensitive information like the phone number and handset serial number.

'Bad guys are smart'

The affected apps include English and Russian-language games, dictionaries, wallpapers and were able to make it past the Google Bouncer software that scans the Play store for harmful apps.

Marc Rogers, principal security researcher for Lookout, told Ars Technica: "You can't even say Google was at fault in this because Google very clearly scrutinized all these apps when they want in.

"But these guys were cunning enough to sit there for a couple of months doing absolutely nothing and then they pushed out the malware.

"This is a wakeup call for us in the industry to say: 'Bad guys are smart as well and they'll take a look at the security models we put in place and they'll find weaknesses in them. That's exactly what they've done here."

Source: http://www.techradar.com

Facebook site infiltrated!

The Facebook security teams has confirmed that the social networking site was targeted in a "sophisticated attack" last month.

The digital intrusion apparently occurred when a small number of Facebook personnel visited a compromised mobile developer website.

"The site hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines," a Facebook rep explained.

"After analyzing the compromised website where the attack originated, we found it was using a 'zero-day' (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability."

Interestingly, Facebook says it wasn't not alone in the above-mentioned attack, as other sites were infiltrated as well.

However, the rep was also quick to point out that the social networking site had found "no evidence" of compromised user data.

"As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future," the rep added.


Source: www.tgdaily.com/

Bin Laden Virus To Wreak Havoc, Warns FBI

Osama is dead but is still wreaking havoc. If you get an e-mail containing bin Laden links, then it's a fake, says the FBI.

Click to enlarge

The FBI has issued a warning to computer users "to exercise caution when they receive e-mails that purport to show photos or videos of Osama bin Laden's recent death."

It warns users not to open unsolicited e-mails or click links contained within such messages, as it could be from an unknown sender.

There are several email and Facebook scams doing the rounds, one shows a Facebook page, claiming to be a video of "Osama bin Laden killed live on video."

Other emails have links saying: "See video in which Osama bin Laden is shown holding a newspaper with today's date and disprove his possible death reported by OBAMA" and another says "pictures-of-osama-dead.exe."

The news of the demise of bin Laden, the godfather of terrorism and leader of al-Qa'eda, and on the FBI's 10 Most Wanted List for more than a decade was met with jubilation across the world.

The emails, if opened, could contain a virus that could damage computers and the "malware" can embed itself in computers and spread to users' contact lists, thereby infecting their systems and could also capture personal information.

Users should also ensure they have up-to-date firewall and anti-virus software running on their machines to detect and deflect malicious software, the US's Internet Crime Complaint Center recommends.

IT security experts McAfee agrees, branding the mails "expected lures" in a blog.

"Beware of any verbiage, subject lines in emails, or links via Facebook or Twitter that contain words like these–as they will almost certainly get you into trouble," it warned. 

 

News of the death of bin Laden, confirmed by a simple tweet by a former White House staffer from his BlackBerry at 10.25 EST on May 02 sent news outlets around the world into a frenzy of activity and online searches in the US surpassed the recent interest in the British Royal Wedding.

The attack on the al-Qa'eda leader by US forces was first reported on Twittter by an IT consultant based in Abbottabad, Pakistan, who said "Helicopter hovering above Abbottabad at 1AM (is a rare event)."

He was finally caught in a hideout suburb near the town of city of Abbottabad, Pakistan.

"So I'm told by a reputable person they have killed Osama Bin Laden. Hot damn," Keith Urbahn, the former Chief of Staff of Defence Secretary Donald Rumsfeld wrote on Twitter.

However, Urbahn who also describes himself as a  Navy Reserve intel officer came in from criticism from one follower, who criticised the casual nature of the post without getting confirmation first, retweeting "I gotta say...you broke this first. Everyone was crediting you before it was confirmed. Nice work."

However, it did turn out to in fact be true, although Urbahn downplayed the significance of the event, later tweeting "Stories about the 'death of MSM [mainstream media]' because of my 'first' tweet are greatly exaggerated."

He also cited his source his source as being from the media from "a connected network TV news producer."

 

Following the tweet, The White House confirmed the death soon after, which was followed by an official address by President Obama at 11.00 EST.  

 

 

The Hallmark e-card virus - A Hoax?

Is The Hallmark e-card virus a Hoax?

There are various opinions on this subject, some caliming that it is a hoax, others that it is true. This blog only provides information from reputable sources. Below is an article on the subject from Web User, UK's best selling internet magazine.

Virus hidden in Hallmark e-card

"Surfers should beware of opening emails purporting to be from the popular card company Hallmark as they may carry a virus.

Security firm MessageLabs has intercepted emails from 25,000 IP addresses containing a new virus that arrives from the sender postcards@hallmark.com with the subject line, 'You've received a Hallmark E-Card!'

Along with the email there is an attachment entitled postcard.zip. If opened a Trojan virus will attach itself to the hosts computer and recruit it for a botnet, a web of infected computers.

According to MessageLabs the emails were sent in bursts with a surge of the malicious emails detected on 23 July.

This latest bout of malware is a variation of the Storm botnet which popularised postcard/e-card attacks last year. Web User reported on a similar scam just last month.

"As long as recipients continue to fall for these old tricks, malware authors and spammers will continue to use them," according to Matt Sergeant of MessageLabs."

The following is what Hallmark themselves have to say on the subject.

"How to retrieve legitimate Hallmark e-cards and identify fradulent e-mails

Consumer security and the integrity of our brand are of great importance to Hallmark. Occasionally, we are made aware of fraudulent e-mails and other deceptive practices, such as the postcard virus currently circulating, which we take very seriously. While Hallmark's legal team addresses these concerns, we want our consumers to be aware of how to spot a fraudulent e-mail, which may contain major greeting card company names such as Hallmark.

These fraudulent e-mails do not originate from Hallmark. The Hallmark name has been used by a third party. All legitimate Hallmark e-cards can be retrieved at www.hallmark.com/getecard with the code provided. A legitimate Hallmark e-card will include the name of the sender, a confirmation number and does not include an attachment to download.

Additional Information

Downloading attachments in these fradulent e-mails could download a virus onto a computer that compromises personal data. Here are steps consumers can take to reduce the chances of this happening:

Delete the e-mail without opening it.

If you have opened it and want to forward it to us, send it to abuse@hallmark.com. Due to the large amount of e-mail we receive at that address we will not be able to reply to your e-mail, but we will investigate. Then delete the e-mail from both your inbox and your sent folder. If you click on the link in the bogus e-mail, you will launch a Trojan virus. This virus installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel. Attackers then use that connection to remotely command your machine for the purpose gathering your personal information. An example of this virus is the Zapchast virus.

If you use Windows XP and Internet Explorer you should visit update.microsoft.com to update your browser and operating system. Then you will be less likely to be affected by the virus.

Report suspicious e-mail to your e-mail service provider so they can take action.

File a complaint at http://www.ic3.gov/.

If you are unsure if you’ve received a legitimate Hallmark E-Card, don't click on a link in the e-mail. Instead locate the EG number in the e-mail and use our E-Card pickup.

What Hallmark is doing:

Contacting the Internet providers identified as the source of the spam requesting that they shut down the imposters.

Working with Microsoft to include the virus code in their phishing filter to protect consumers who use their web browser and e-mail client software.

Working with anti-virus software corporations to get the virus code added to virus definition updates.

Reviewing Hallmark's E-Card notification and pickup procedures.

Educating consumers about how to avoid E-Card abuse.

How to tell if a Hallmark E-Card notification is real:

Hallmark e-card e-mails do not include any attachments. To be safe if you receive an e-card notification with an attachement delete it immediately, then empty your "trash" or "deleted e-mails" from your email client.

The sender's first name and last name will appear in the subject line. If you do not recognize the name of the person sending the E-Card, do not click on any links in the e-mail. Delete the e-mail.

The notification will include a link to the E-Card on Hallmark.com as well as a URL that can be pasted into a browser.

The URL will begin with http://hallmark.com/ followed by characters that identify the individual E-Card. Hover your mouse over the words "click here" in your e-mail. If you do not see the URL above, it is not a legitimate Hallmark E-Card.

Hallmark E-Cards are not downloaded and they are not .exe files.

In addition, Hallmark.com will never require an E-Card recipient to enter a user name or password nor any other personal information to retrieve an E-Card.

If you are unsure if you’ve received a legitimate Hallmark E-Card, don't click on a link in the e-mail. Instead locate the EG number in the e-mail. Then go to hallmark.com, click on the "Cards & E-Cards tab," and then on "Pick Up an E-Card" link from the dropdown menu and enter the EG number to retrieve your card.

E-mail Safety Tips:

Don’t open e-mails you know are spam. A code embedded in spam advertises that you opened the e-mail and confirms your address is valid, which in turn can generate more spam.

Don't open e-mails from unknown senders.

Don’t open attachments in e-mails unless you are expecting to receive one. If you receive an attachment that you are not expecting, even if it’s from someone you know, first read the e-mail and make sure the attachment is legitimate. If you’re still not sure, call or e-mail the sender to confirm, but do not reply to the original e-mail.

Don't click on links in e-mails that appear to be from financial companies (PayPal, banks, credit card companies, etc.) that direct you to verify or confirm account details. Instead, call the company if you are concerned about your account."