Meltdown and Spectre 0 136

 Microsoft released Security Advisory 18002 on Wednesday, January 3, 2018 to mitigate a major vulnerability to Windows in modern CPU architectures. ESET released Antivirus and Antispyware module 1533.3 the same day to all customers to ensure that use of our products would not affect compatibility with Microsoft’s patch.

The first few days of 2018 have been filled with anxious discussions concerning a widespread and wide-ranging vulnerability in the architecture of processors based on Intel’s Core architecture used in PCs for many years, as well as processors from AMD, and even affecting ARM processors commonly used in tablets and smartphones.

The good news is that ESET can help protect against the types of malware that could take advantage of these vulnerabilities.

And, ESET was one of the very first security vendors to allow the Microsoft patch against the flaw to be enabled.

While ESET protects against potential malware infection, you should also take these steps to secure your computers and data:

  • Make sure your browser is up to date. For Chrome or Firefox users:
    • Mozilla has released information describing their response, including how Firefox 57 will address these security flaws.
    • Google has stated, “Chrome 64, due to be released January 23, will contain mitigations to protect against exploitation.” In the meantime, you can enable “Site Isolation” found in current stable versions of Chrome to provide better protection.
  • Make sure you update your ESET software, then update your Windows OS to protect against this exploit. To update ESET:
  • Customers should review ESET’s Knowledgebase article for important updates.
  • See this great collection of tips, articles and recommendations from the Google Project Zero team.
  • If you have a cloud-based server or have a website hosted by hosting provider, check to see what mitigations they have implemented already to prevent Meltdown.
Previous ArticleNext Article

ESET’s top 5 tips for safe online shopping this festive season 0 288

safe online shopping

Holiday shopping is so quick and easy to do online, no traffic to get to the store, no waiting in queues or travelling to one specific shop just to find out – oh no, they’re out of stock of the one item you went there for.

We want to make sure your holiday shopping experience is quick, easy and most of all safe. Here are our top 5 tips for safe shopping this festive season:

  1. Don’t have the same passwords for all online shopping sites, have strong passwords and for extra security, change them before the holiday shopping commences.
  2. Only shop on trusted sites and directly from vendors.
  3. Don’t click on links from emails, instead go straight to the site on your browser.
  4.  When shopping online use a secure internet connection such as your home WiFi and make sure the necessary firewalls are in place – Avoid online payments via public WiFi.
  5. This coupled with a strong antivirus and/or anti-spyware software for scanning email, applications, and data that resides on your computer, you can rest assured that only you will catch or detect any form of intrusion in good time.

To find out how ESET can help secure your online shopping experience visit our website or contact us at sales@esetafrica.com

 

Breached site notifications tested by Firefox 0 224

Firefox is testing an in-browser notification to alert users when they are visiting a site that has experienced a data breach.

This project is in collaboration with  “Have I Been Pwned” the popular site that allows users to check their email to find out if their credentials have been stolen by hackers.

“Firefox is just looking at which sites have been been breached and we’re discussing other ways of using the data in the future,” Security researcher and creator of Have I Been Pwned Troy Hunt “They’ve got a broad reach and surfacing this info via Firefox is a great way to get more exposure around data breaches.”

Troy Hunt Tweet

While the ‘Breach Alerts’ feature will issue a warning about a website, it won’t actually prevent users from visiting it, only alert them. The extension currently includes an input field that users can use to subscribe an email address in order to receive an alert when they may be affected by a future breach. This feature has received some criticism as it collects users email data which poses an opportunity for a data breach of their own.

It has not yet been announced when the alerts will be baked into a standard Firefox release. Once the feature is rolled out en masse, however, it is poised to act as a constant reminder of hacks suffered by particular websites. Given their frequent occurrence, security breaches aren’t easy to keep track of, which is also where Firefox intends to come in.

In the latest in a long list of hacked websites, image-hosting website Imgur confirmed last week that the email addresses and passwords of 1.7 million user accounts had been stolen back in 2014.