You’ve probably been hearing a lot about Meltdown and Spectre -and you’ll continue to over the next several weeks. These bugs affect most CPU manufacturers, including (to various degrees) Intel, AMD, ARM and now Qualcomm.
To be clear, this impacts essentially every network on the planet.
What Ripple has already done
We’ve been keeping a close eye on patches and updates that affect supported systems you have (ie servers, desktops, virtual machines, and cloud-based platforms). As they become available, we’ve been pushing them out to our customers.
What should YOU do?
- We’re expecting to see malicious folks try to take advantage of this. Stay wary/cautious/clear of any messages or pop-ups that claim to have a simple fix.
- Update (1/18/18). Malware Bytes has released a post on a fake site pretending to be the German Federal Office for Information Security (BSI) claiming to have a patch. More specifically, “…the same fraudulent domain has a link to a ZIP archive (Intel-AMD-SecurityPatch-11-01bsi.zip) containing the so-called patch (Intel-AMD-SecurityPatch-10-1-v1.exe), which really is a piece of malware.” – Malware Bytes.
- If you see ANYTHING that you’re uncertain of, please contact us if you’re a client or looking to become one -or your current IT Support specialist.
Here’s what Intel has released about it: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
If you’d like to read where the vulnerabilities and bugs were first revealed, please follow these links (Advance Notice: a lot of this is very technical, but we wanted to share it nevertheless):
- SANS recently held a webinar on the topic as well: https://www.sans.org/webcasts/106815
- Here’s an overview from the New York Times: https://www.nytimes.com/2018/01/03/business/computer-flaws.html
We plan to publish a more in-depth report later in the month as concrete information today is limited. This is what we know today.