Tag: Computer security

Created: 04 Jan 2018 Guidance for enterprise administrators in relation to the recently published processor vulnerabilities ‘Meltdown’ and ‘Spectre’ What are Meltdown/Spectre? 'Meltdown' and 'Spectre' are two related, side-channel attacks against modern CPU microprocessors that can result in unprivileged code reading data it should not be able to. [bctt tweet="'Meltdown' and 'Spectre' are two related, side-channel attacks against modern CPU microprocessors that can result in unprivileged code reading data it should not be able to - 'Meltdown' and 'Spectre' guidance, IABM"] Most devices - from smartphones to hardware in data centres - may be vulnerable to some extent. Vendors are working on (or have already released) patches to mitigate the issue. The NCSC advise you to patch your devices as soon as possible. What are the vulnerabilities? Processors in most devices employ a range of techniques to speed up their operation. The Meltdown and Spectre vulnerabilities allow some of these techniques to be abused, in order to obtain information about areas of memory not normally visible to an attacker. This could include secret keys or other sensitive data. These vulnerabilities comprise: Spectre (bounds check bypass and branch target injection): CVE-2017-5753 and CVE-2017-5715 Meltdown (rogue data cache load): CVE-2017-5754 For more...

Cybersecurity requires a holistic organizational approach. From the leadership to each rank-and-file employee, a concerted effort must be maintained to establish, execute and follow-through with a plan to address cyber-risk management from all corners of the organization. Although there is no one-size-fits-all plan for organizations’ cyber-risk management needs, there are basic, core principles every organization should adhere to in order to maintain a solid security posture in the face of persistent attacks. “Cybersecurity doesn’t happen in a vacuum. Just as the threats are interconnected, so are the solutions.” Below are the five most common mistakes organizations make when it comes to defending their assets from cyber adversaries and how to prevent them. Mistake 1: Assuming you’re not a target. From Wall Street to Main Street, whether large or small, companies in virtually every industry are vulnerable to attacks. Often, however, the stories that make the news headlines are about theft of credit card data or personally identifiable information. As a result, companies that don’t handle this type of data often believe they are not a desirable target for cyber adversaries. In reality, adversaries are conducting massive campaigns in every sector of the economy to penetrate networks and exfiltrate information and...