Vulnerability Management

The Vulnerability That Keeps On Giving: Seven New Variations of Spectre and Meltdown Discovered

Meltdown and Spectre Overview On January 8, 2018, Revolutionary Security reported on Meltdown and Spectre, which are kernel-level vulnerabilities impacting the processing of unauthorized local memory. These vulnerabilities take advantage of a CPU feature called “speculative execution,” which is leveraged by the CPU to optimize performance by running tasks that may not actually be required. The vulnerabilities reported in January take advantage of speculative execution and trick the processor to leak data returned from other applications under certain circumstances. The [...]

Check Yourself Before You Assess Yourself

7 Questions to Achieve Awareness of the Security Posture of Your Environment After working as a consultant for several years, I sometimes think back to my days as a SCADA security analyst for an oil and gas company.  If I knew then what I know now, how would I have done things differently? If I were responsible for keeping an oil and gas company’s assets, processes, and people safe from cyber threats, how would I go about doing that? Where [...]

Preventing a Meltdown: Recommendations for the Meltdown / Spectre Vulnerabilities

Meltdown and Spectre Overview Meltdown and Spectre are kernel vulnerabilities that can result in the loss of system confidentiality through access to unauthorized memory locations on the local system. Meltdown (CVE-2017-5754) affects Intel chips – mostly impacting PCs. Spectre is broader and is based on two separate vulnerabilities (CVE-2017-5753 and CVE-2017-5715) and also impacts AMD and ARM chips, so most PCs, Apple devices, and smartphones are also impacted. Cloud and virtualized environments can also leak memory outside the running virtual [...]