Worse yet, there are new phishing email scams being sent that pretend to have information about patches. This security round up covers some basic information about the Meltdown and Spectre threats as well as patch scams.
Security Round Up: Meltdown & Spectre Patch Scams
- Update the devices you use every day! These devices are the most vulnerable since they are powered on more, are often used in multiple locations and likely have more data on them.
- Do not ignore or dismiss updates that require a system reboot. Rebooting a device is nearly always tedious, but often this is when critical parts of security patches are applied as the services are not in use. If you have a webpage you cannot lose, add it to your bookmarks before rebooting.
- Power on devices that are not always running, make sure they are on long enough for the update cycle to finish. If necessary, temporarily adjust the device's power settings so the device does not enter sleep mode.
- Be sure to check for updates a second time once updates have finished. This is especially important for devices not being used daily.
- Operating system manufacturers like Microsoft and Apple will not email you with information about patches! Patches will be delivered through proper channels, meaning the update services embedded in the operating system. Unfortunately, like many threats, people will try to use these vulnerabilities as a way to get people to open phishing emails. Be alert and stay away from these emails and any links or attachments included within them.
- Verify devices are up to date! This may sound redundant, but some anti-virus software blocked the patch update process because the update blocks anti-virus from accessing the system. This meant the anti-virus software saw the patch as a threat to the device. If necessary, temporarily disable existing anti-virus to run patches from the manufacturer through the update service.