Cyberattacks continue to evolve at a worrying pace. Just when you think one security threat has been fixed, a more dangerous version of that threat is discovered. One such threat is Spectre and it’s more recent variant, NetSpectre. Read on to learn more.
Two vulnerabilities, known as Meltdown and Spectre, have been found affecting almost every Windows desktop and server. Computers affected by these two vulnerabilities are susceptible to having their data stolen, such as personal photos and passwords. As a countermeasure, Windows developers have released an update for Windows users. Here’s everything you need to know.
Issues with Microsoft’s Spectre and Meltdown patches
After the January 3rd announcement of unprecedented security vulnerabilities, Microsoft has been rushing to release security updates for its Windows operating system. At their most basic, these complex vulnerabilities, named Spectre and Meltdown, make it possible for a program installed on your computer to access any information stored on your hard drive, even if it is protected.
These flaws mean that anything you’ve typed into your computer is at risk: credit card numbers, passwords -- all of it. But don’t rush off to install fixes just yet. There are a few speed bumps you’ll have to navigate on your road to safety.
According to reports, Microsoft’s patches have caused several problems to some users’ computers. For some, installing the new patches has resulted in computers with older processors to crash more often than usual. Users with newer processors have found their computers struggling to boot up, with some never getting past the Windows loading screen.
As a result, on more than one occasion, hardware and software vendors have recommended that its customers postpone installing the new patches.
Spectre and Meltdown can cause serious damage, but that doesn't mean anyone should run off to haphazardly attempt computer repair above their ability. Until the process for installing patches has been ironed out, we recommend enlisting help.
Hire a professional
Given the issues on patches, IT novices shouldn’t update their computers on their own. Without adequate experience, you might install the wrong patch and cause even more problems to your computer. Or worse, install one of the pieces of malware masquerading as Spectre patches. Instead, why not call a professional to update your computer and protect your system from Meltdown and Spectre?
Data and network security is no easy task. We offer advanced, multi-layer protection to keep your data safe and sound. Give us a call and we'll explain how we can help.
For ages, most people assumed that setting a strong password on their WiFi router was enough to prevent cyberattacks, but recent events prove otherwise. Two Belgian security analysts have found a serious weakness in WiFi networks, called KRACK, that puts your wireless devices in danger.
What is KRACK?
Simply put, KRACK, short for ‘key reinstallation attack,’ allows hackers to bypass WPA2 -- a security protocol used by routers and devices to encrypt activity -- and intercepts sensitive data passing between the mobile device and the wireless router, including login details, credit card numbers, private emails, and photos.
In extreme cases, KRACKed devices can be remotely controlled. For example, hackers can log in to your surveillance systems and shut them down.
What’s worse, Internet of Things devices -- like smart thermostats and IP cameras -- rarely receive security fixes, and even if some are available, applying patches are difficult, as these devices tend to have complex user interfaces.
The good news, however, is you can do several things to mitigate the risks.
Download patches immediately
According to recent reports, security patches have already been released for major platforms, including iOS, Windows, and Android. Router manufacturers such as Ubiquiti, Mikrotik, Meraki, and FortiNet have also issued firmware updates, so make sure to install them as soon as possible.
Although IoT patches are rare, consider getting your smart devices from reputable vendors that push out updates regularly. It’s also a good idea to contact a managed services provider to install the updates for you.
Use Ethernet connections
Some wireless routers don’t yet have a security patch, so while you’re waiting, use an Ethernet cable and disable your router’s wireless setting. Turn off the WiFi on your devices as well to make sure you’re not connecting to networks susceptible to KRACK.
Stay off public networks
Free public WiFi networks -- even ones that are password-protected -- in your local cafe should also be avoided because they usually don’t have holistic security measures in place, making them easy targets for cybercriminals.
Connect to HTTPS websites
If you do need to connect to a public WiFi hotspot, visit websites that start with “HTTPS,” and stay away from ones that are prefaced with “HTTP.” This is because HTTPS websites encrypt all traffic between your browser and the website, regardless of whether the connection is vulnerable to KRACK
Hop on a Virtual Private Network (VPN)
You can also use a VPN service to hide all network activity. Simply put, VPNs encrypt your internet connection so that all the data you’re transmitting is safe from prying eyes.
Although the potential impact of a KRACK hack is devastating, security awareness and top-notch support are the best ways to stay safe online. Want more security tips? Contact us today.