Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for January 2018 time period.

SPECTRE, WHAT YOU NEED TO KNOW:  Researchers disclosed this week the details of two new attack methods allowing malicious actors to gain access to sensitive information stored in a device’s memory by exploiting security holes in Intel, AMD and ARM processors.

Spectre and Meltdown, have already been addressed by several vendors, including Microsoft, Apple and Google, and Intel and others are also working on rolling out patches.

Billions of PCs, mobile devices and cloud instances are vulnerable to attacks leveraging the Spectre and Meltdown vulnerabilities.  More info here: Spectra

Mentioned A Few Days Ago: Apple is aware of the macOS vulnerability disclosed by a researcher and the company plans on patching it later this month.

A security expert who uses the online moniker Siguza has made public the details for a local privilege escalation vulnerability affecting all versions of the macOS operating system.

The flaw allows a malicious application installed on the targeted system to execute arbitrary code and obtain root privileges.Four of the vulnerabilities addressed with the 2018-01-01 security patch level were rated Critical, all of them remote code execution bugs. The remaining 16 issues resolved in this patch level were High risk elevation of privilege and denial of service vulnerabilities.  If you haven’t updated your apple products, no better time than right now!

Microsoft Patches for CPU Flaws Break Windows, Apps

Users have complained that the updates released by Microsoft last week for the Spectre and Meltdown vulnerabilities cause Windows to break down on some computers with AMD processors

Google patched several Critical and High severity vulnerabilities as part of its Android Security Bulletin for January 2018.

A total of 38 security flaws were resolved in the popular mobile OS this month, 20 as part of the 2018-01-01 security patch level and 18 in the 2018-01-05 security patch level. Five of the bugs were rated Critical and 33 were rated High risk.  Update your Android products today!

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions. We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.