Important Alert from Design Data Corporation
Proactive Alert #011018
On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities known as Meltdown and Spectre.
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.
All chip makers and Microsoft have or will be releasing updates to resolve the security flaw. The expectation is that that within the next week these will be addressed.
What is Design Data Corporation Doing?
- Recommending all users reboot their computers regularly
- Continuing to ensure servers are properly patched and monitored
- Providing tools to educate on email phishing – contact us to learn more
What Can You Do?
As with everything in today’s security climate, the best way to stay safe is to ensure that your computers are properly patched and kept up to date.
- Make sure to reboot your computer and other devices on a regular basis so updates can be installed
- Be aware of email phishing – these vulnerabilities are exploited by malware infections.
- Follow our blog for our Stay Safe campaign – here is our first post on email security
As always, if you have any questions, please contact us at support@DesignDataCorp.com or call 717-295-9712.
To learn more about the Meltdown and Spectre security flaws, you can view the US-CERT alert here: https://www.us-cert.gov/ncas/alerts/TA18-004A