Small Action, Big Security Win
The Power of a Reboot: Small Action, Big Security Win
A great meltdown to the new year.
Happy New Year,
As the relentless passage of time continues so do the reports of new security vulnerabilities. This time it is the turn of Intel (bing bong bong bong) based CPUs with Meltdown. And the Spector vulnerability for pretty much every system including smartphones.
What now ?!
An extremely serious flow in the design of Intel CPU's allows an attacker to access memory on the system. More technical details on the Meltdown flaw here. Spectre is much more serious as it is harder to mitigate and defend against as most systems will be affected. Thankfully it is also harder to exploit, this is not to say that it will stay that way for long. More technical details on Spectre here.
Whats the risk ?
If your system is affected, the exploits can read the memory content of your computer. This may include passwords and sensitive data stored on the system. This includes desktops, laptops, servers, smartphones, also virtualised systems.
What can we do ?
For the Meltdown flaw there are already patches from the major operating system providers incoming. Keep an eye out for them in the coming days.
For Spectre this one is so fundamental it may not be patched by vendors for sometime. Expect updates to trickle out slowly.
There is more information on the official Meltdown & Spectre website.
**Update**
Microsoft have some mitigation steps to follow here
2024
10 Years of Cyber Essentials
Cyber Essentials is 10 Years Old 🎉
Cyber Essentials Price Increase From April 2024
Cyber Essentials Price Increase From April 2024
2023
Changes to the Cyber Essentails Scheme 2023
Changes to The Cyber Essentails Scheme 2023
2022
Free membership to SECRC
Free membership with the Cyber Resilience Centre for the South East
UK organisations urged to check cyber security re threat to Ukraine
UK organisations urged to check cyber security re threat to Ukraine
2021
Cyber Essentials Price Increase 2022
Cyber Essentials Price Increase
BIG Changes to Cyber Essentials requirements
BIG Changes to Cyber Essentials requirements
NCSC 2021 Annual Review
NCSC 2021 Annual Review
Windows 10 1909 Now End of Life
Windows 10 releases end of support in May 2021 Windows 10, version 1909 (also known as the November 2019 Update), is now out of support.
Windows 10 1909 goes End of Life May 2021
Windows 10 releases reaching end of support in May 2021 Microsoft has reminded users that Windows 10, version 1909 (also known as the November 2019 Update), ...
2020
Patch to mitigate stolen red team tools
When Fireeye were breached a few weeks ago one of the outcomes was their Red team toolsets were stolen. These tools had been developed inhouse to facilitate...
A Christmas gift to you - The Little Book of Scams
The Cyber Resiliance Centre has released the Little Book of Scams, a practical guide for business owners and will help you:
SolarWinds Attack - Sunburst/Solargate
Over the weekend it was revealed that nation-state hackers had breached Solarwinds (a provider of remote patching and management tools amongst other things)....
COVID-19 Operating Policy Update
Update Certification Audits and Assessments. Update During this unprecedented time, we wanted to update you on how we’re approaching the situation and how th...
October is Cyber Awareness Month.
Yes it’s October already and that means it is cyber security awareness month.
2 Versions of Windows 10 about to go end of life.
Windows 10 1803 1809 will be end of support this year (2020)
COVID-19 Operating Policy Update Aug
Update Certification Audits and Assessments. Update During this unprecedented time we wanted to update you on how we’re approaching the situation and how thi...
Critical Vulnerability in all Windows DNS Servers.
Microsoft have just put out an advisory and I strongly advise that you or your IT team action this workaround while you test patches as soon as possible, on...
Flash will be EOL by the newyear.
Flash will be end of life 31st December 2020 It’s been with us for over 20 years and a pain point in IT support and security for almost as long. Adboe will n...
The new normal means more working from home.
NCSC have come out with a guide to help businesses adjust to this way of operating. Here are some key takeaways.
COVID-19 Operating Policy
Certification Audits and Assessments. During this unprecedented time we wanted to update you on how we’re approaching the situation and how this affects your...
2019
My version of Windows 10 is not supported?
Wait what? I thought that Windows 10 was the latest version of Windows.... This is a typical response from clients during a scoping call or pre audit meet...
1 year left for Windows 7, Server 2008, Exchange/Office 2010
</p> Time is running out for support for Windows 7, Server 2008, Exchange 2010 and Office 2010 with support due to be stopped in 2020. (Thats 1 year...
2018
Windows 10 1607 not supported after 10th April 2018
As mentioned in a previous post, Microsoft's support model has changed in Windows 10. Most customers are on an 18 Month supported version window. The next ve...
A great meltdown to the new year.
Happy New Year, As the relentless passage of time continues so do the reports of new security vulnerabilities. This time it is the turn of Intel (bing bong b...
2017
KRACKing WPA2 Wifi
Researchers this week published information about a serious weakness in WPA2 — the security standard that protects all modern WiFi networks. In non-tech spe...
Google Chrome puts certificate link back where is should be.
A long while ago Google took the odd decision to move the ability to check a certificate from the URL bar in Chrome and buried it deep in the developer tools...
Install iOS 10.3.3 ASAP
Apple have released iOS 10.3.3 and it has a large number of fixes that you should apply as soon as you can. iOS 10.3.3 fixes a number of security issues, tha...
Code Red for Wcry, Do the Cyber Essentials
Those of us who remember Code Red back in 2001, that worm spread around the internet in around 14 hours. That was an early demonstration to how important it ...
Windows 10 1507 not supported after 9th May 17
When Windows 10 was released back in July 2015 it was hailed as the last version of Windows. Well that is not the case. Microsoft licensing and versions prac...
Updated Cyber Essentials Requirements From March 1st 2017
The National Cyber Security Centre (NCSC) has released the latest requirements for Cyber Essentials. These are changes or enhancements from the old requirem...