The Vulnerability That Keeps On Giving: Seven New Variations of Spectre and Meltdown Discovered

The Vulnerability That Keeps On Giving: Seven New Variations of Spectre and Meltdown Discovered

Meltdown and Spectre Overview On January 8, 2018, Revolutionary Security reported on Meltdown and Spectre, which are kernel-level vulnerabilities impacting the processing of unauthorized local memory. These vulnerabilities take advantage of a CPU feature called “speculative execution,” which is leveraged by the CPU to optimize performance by running tasks that may not actually be required. The[...]

Cyber Intelligence Leads to Resiliency

Cyber Intelligence Leads to Resiliency

Security by Compliance Within this blur of a technology driven society, time and time again we see companies that have designed a security operations center to meet their compliance needs, and yet still appear on the evening news as being a victim of a cyber attack.  Security’s goal, protecting the digital assets of an organization from attacks, differs from that of compliance, which is ensuring[...]

Preventing a Meltdown: Recommendations for the Meltdown / Spectre Vulnerabilities

Preventing a Meltdown: Recommendations for the Meltdown / Spectre Vulnerabilities

Meltdown and Spectre Overview Meltdown and Spectre are kernel vulnerabilities that can result in the loss of system confidentiality through access to unauthorized memory locations on the local system. Meltdown (CVE-2017-5754) affects Intel chips – mostly impacting PCs. Spectre is broader and is based on two separate vulnerabilities (CVE-2017-5753 and CVE-2017-5715) and also impacts AMD and ARM[...]

Validating Security Controls and Countermeasures with Penetration Testing

Validating Security Controls and Countermeasures with Penetration Testing

It’s been a few weeks and the dust is starting to settle following the reported data breach in September 2017 at Equifax, one of the big three credit reporting agencies. While other major data breaches have been the result of advanced methods possibly utilizing leaked classified attack techniques, this attack was performed by exploiting a well-known vulnerability within a popular web application.[...]