Security News Weekly Roundup

MeltdownPrime and SpectrePrime: New Versions of Meltdown and Spectre: Cornell University Library Link

  • New variant of Meltdown and Spectre Vulnerabilities which allow unauthorized access to all memory through cpu hardware vulnerabilities.
  • We will continue to see additional variants of Meltdown and Spectre as researchers dig deeper.

What You can do:

  • Patch frequently and often, and continue to patch as advised by vendors.
  • Have a patch management program, use it, and make someone responsible for managing the process.
  • Consider new CPU architectures Intel is planning on releasing by the end of 2018.

Winter Olympics Cyberattack Potentially Traced back to IT Vendor: Cyberscoop Link

  • Malware samples uploaded to VirusTotal.com suggest the origin of the attack was IT Vendor, Atos
  • Atos is investigating a potential breach of their systems with Partner McAfee.
  • Supply Chain attacks compromising vendors provide a method for gaining access to heavily guarded targets.

What You can do:

  • Ask your IT provider(s) how secure is their environment and what policies and procedures they have in place to protect you, especially if they have direct access to your environment.
  • It is okay to ask cloud, (fill-in-the-blank)-as-a-service providers, and outside vendors how they are securing their operations. Ultimately it is your decision who to trust.
  • Understand and document risk when transferring it to an outside party.

Stalking via Citymapper and OSINT(Open Source Intelligence)Darkport Link

  • Interesting article along the lines of the recent Strava news regarding publicly available user information.
  • Citymapper a popular GPS and directions app was vulnerable to collection of user info.
  • Citymapper has since fixed the issue.

What You can do:

  • Consider the applications you use and how they are collecting your private information.
  • Knowing that it is impossible for any application and vendor to be 100% secure, ask yourself if the convenience of the app outweigh your privacy?

iOS Device Character BugOpen Radar Bug ReportApple Security Update

  • An Indian symbol caused iOS devices to crash when rendering it on screen.
  • Apple has released an updated which patches the bug.

What You can do:

  • Update your Apple and iOS devices.
  • Sell your Apple and iOS devices and get an Android device, but then again it will eventually have a vulnerability or bug, so consider regressing and getting a flip phone.

uTorrent Remote Code Execution – Google Project Zero Report

  • Default settings of uTorrent allow any website to access downloaded torrents and copy downloaded files from the exposed machine.
  • Bittorrent has failed to fix this issue with a recent patch and vulnerability is now public.

What You can do:

  • Use an alternative application until the vulnerability is properly patched.
  • Public Service Announcement: Remember that torrents are totally legal but torrenting copyrighted content is illegal.

 

Questions?  Call us today in Chicago at 773-205-0200 | Email us at  | Request a FREE Consultation

 

Contact Us

Call today! 773.205.0200 or use the form below.