#Spectre and #Meltdown – What do we do?

Seems like now about every 6 months or so every asks this same question about some new vulnerability.  The answer should be the same, do the same thing you should have been doing before this vulnerability came out. In an Assumed Breach model of security, these vulnerability would have already existed, and your other network controls, in most cases, would have rendered them no worse than a phishing email (which… Read More »#Spectre and #Meltdown – What do we do?

WannaCry – Sifting Through The Hype

There has already been a number of blog posts and analysis of the WannaCry ransomware attack.  I am not going to attempt to add any detail to that.  I do find it helpful to have a consolidated list of well sourced resources. Bottom Line Rollout MS17-010 to any systems that don’t have it If you have unsupported operating systems and/or can’t patch – figure out how to isolate those devices,… Read More »WannaCry – Sifting Through The Hype

Heartbleed: What you need to know

Heartbleed is a serious vulnerability that can allow attackers to intercept secure communications.  Email, Websites, VPNs, and other trusted security technologies are at risk – passwords and encryption keys can be breached.  You most likely have something that is affected.  What to do Update anything using OpenSSL, see below for more information. Check to see if you are vulnerable. (Adrian Hayter, a consultant with CNS Hut3, revealed a proof of concept that… Read More »Heartbleed: What you need to know