Tuesday, January 09, 2018

Security Round Up: Meltdown & Spectre Patch Scams

It is likely you have heard of the security threats labeled Meltdown and Spectre. These vulnerabilities exist on Intel processors but must be addressed by the current operating system they are running to patch the issue. Patches are being released, although some are being blocked by anti-virus software. Machines that have not been running can also miss these patches. 

Worse yet, there are new phishing email scams being sent that pretend to have information about patches. This security round up covers some basic information about the Meltdown and Spectre threats as well as patch scams.

Security Round Up: Meltdown & Spectre Patch Scams

Both Meltdown and Spectre are security flaws that exist at the architectural level of processors. This means the operating system running on your device hardware, and the software running on top of that operating system, are all vulnerable. Unfortunately, the patches that will thwart the exploit must come from the operating system manufacturers. As security updates are released, it is important to apply them.

While the Meltdown and Spectre threats remain, here are some important things to keep in mind:
  • Update the devices you use every day! These devices are the most vulnerable since they are powered on more, are often used in multiple locations and likely have more data on them.
  • Do not ignore or dismiss updates that require a system reboot. Rebooting a device is nearly always tedious, but often this is when critical parts of security patches are applied as the services are not in use. If you have a webpage you cannot lose, add it to your bookmarks before rebooting.
  • Power on devices that are not always running, make sure they are on long enough for the update cycle to finish. If necessary, temporarily adjust the device's power settings so the device does not enter sleep mode.
  • Be sure to check for updates a second time once updates have finished. This is especially important for devices not being used daily.
  • Operating system manufacturers like Microsoft and Apple will not email you with information about patches! Patches will be delivered through proper channels, meaning the update services embedded in the operating system. Unfortunately, like many threats, people will try to use these vulnerabilities as a way to get people to open phishing emails. Be alert and stay away from these emails and any links or attachments included within them.
  • Verify devices are up to date! This may sound redundant, but some anti-virus software blocked the patch update process because the update blocks anti-virus from accessing the system. This meant the anti-virus software saw the patch as a threat to the device. If necessary, temporarily disable existing anti-virus to run patches from the manufacturer through the update service.
While Meltdown and Spectre began as a flaw in Intel processors, the responsibility for patching these exploits falls on operating system manufacturers. Microsoft, Apple and Linux have been working furiously to address these flaws and have released some patches. Updating devices, even those not often used, to be sure the patches are applied is critical in protecting your information. Stay away from phishing emails that claim to address these issues and use the existing update services within the operating systems instead to best protect yourself.

As always, new security threats will always be found. Be sure you do the best you can to keep from falling victim to these exploits and those wishing to take advantage of timing and fear.

Enjoy this post? Subscribe to our Blog

No comments:

Post a Comment