Contact Us Today to Receive a Free Dark Web Scan by our Team of Security Experts

Logo
LogoLogo

After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 

  1. Home
  2. Alerts
  3. After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 
Server cooling fan
May 23,2018

After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 

Alerts, Data Breach, Security

The discovery of the Spectre and Meltdown vulnerabilities earlier this year was major news throughout the tech industry. These processor vulnerabilities potentially exposed the data of hundreds of millions of popular devices including servers, tablets, and smartphones. 

Spectre and Meltdown left the door wide open for hackers to manipulate a CPU data processing efficiency technique to gain access to sensitive information. Companies like Apple and Microsoft have worked to develop patches and updates to fix these vulnerabilities, but some have resulted in slower CPU performance. 

Now, a new vulnerability has emerged that is similar to Spectre and Meltdown. Microsoft and Google’s Project Zero have just announced the discovery of a flaw called Speculative Store Bypass-Variant 4 

Speculative Store Bypass 

The vulnerability is called Variant 4 because Spectre and Meltdown make up Variants 1-3. Bad actors can potentially use Variant 4 to access data that is supposed to be locked on Intel, ARM, and AMD processors. This process, called ‘Speculative Store Bypass’, manipulates processors into loading private data into insecure files.  

US-CERT’s advisory mentioned that hackers could access older CPU memory values using Variant 4, and experts also believe it could expose certain web browsing components, such as Javascript ad modules. 

Is Variant 4 a Major Vulnerability? 

Microsoft has classified Variant 4 as a low-level risk, while Intel and Google have classified it as a medium risk. Intel also says there is no current evidence that this vulnerability has been used by hackers, yet. 

Many patches and updates for the Spectre and Meltdown vulnerabilities already include safeguards against Speculative Store Bypass, but Intel says it will be releasing a comprehensive fix for Variant 4 within the next few weeks. In fact, the update is already available for manufacturers and software vendors. 

Protecting Your Data Moving Forward 

Companies will be rolling out Variant 4 patches and fixes over the next few weeks and months, but another CPU flaw will undoubtedly emerge at some point. Researchers had been expecting additional vulnerabilities to appear ever since Spectre and Meltdown, and Variant 4 is likely only the first. 

JDL Group can set up the right IT and security systems to properly defend your CPUs and network against vulnerabilities like Variant 4. JDL Group can also make sure your processors are always updated with the latest patches and fixes. Contact us today. 

References: 

https://www.wired.com/story/speculative-store-bypass-spectre-meltdown-vulnerability/ 

https://www.cnet.com/news/intel-microsoft-reveal-new-variant-on-spectre-meltdown-chip-security-flaws/ 

 

0
Related Posts
Aug 04,2020
Broadband Bonding – Fast, Secure and Reliable Internet Connectivity
COVID-19, Education, Security
May 23,2020
Changes in Education due to pandemic
COVID-19, Education, Security
Mar 02,2020
Phishing Attack + IT Incompetence = $200,000 Ransomware Payout for University
Education, Ransomware, Security, Uncategorized
Feb 18,2020
Why schools are “Failing” in Cyber-Security
Education, Ransomware, Security
Jan 21,2020
Keeping Your Firm Compliant with the New York SHIELD Act Law
Best Practices, Law Firms, Security
Jan 15,2020
Law Firm Security: The Basics
Best Practices, Law Firms, Ransomware, Security
Jan 14,2020
Cyber Attackers Targeting Education
Education, Ransomware, Security
ransomware protection
Nov 19,2019
Email Threats to Harm Law Firms into the Next Decade
Data Breach, Law Firms, MSSP, Security
Nov 18,2019
3 Approaches School Districts Can Take To Protect Against Increasing Cyber Attacks
Best Practices, Education, Security
JDL Essentials for Law Firms Cybersecurity
Nov 12,2019
Essential Practices to Protect Your Law Firm From Cyber Attacks
Best Practices, Data Breach, Law Firms, Security
Security Assessment
Nov 04,2019
Why Security Assessments Are Essential for Law Firms
Best Practices, Law Firms, Security
Ransomware Attack Disrupts Court Cases
Oct 28,2019
TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines
Data Breach, Law Firms, Ransomware, Security
Ways to protect your law firm JDL
Oct 14,2019
5 Ways Law Firms Can Protect Their Sensitive Client Data
Best Practices, Data Breach, Law Firms, Ransomware, Security, Uncategorized
JDL Keys to law firm cybersecurity
Sep 17,2019
Key Steps to Follow for Law Firm Cybersecurity
Best Practices, Data Breach, Law Firms, Security
Aug 28,2019
First Ever 2019 NYSBA Technology Summit
Best Practices, Law Firms, Security
5 Steps to Stop a Breach of Your Law Firm
Aug 08,2019
5 Steps to Stop a Breach of Your Law Firm
Best Practices, Data Breach, Law Firms
Healthcare Cyber Security
Apr 10,2019
Managing Risks in Healthcare Cyber Security
Best Practices, Health Care, Security
Mar 21,2019
Three Methods Schools Can Use To Improve Cyber Security
Best Practices, Security
Jan 14,2019
Creating a Cybersecurity Culture
Best Practices, Insider Threats, Security
Jan 02,2019
Small Business Cyber Security
Security
Dec 17,2018
The Rise of SD-WAN
Security
Nov 30,2018
The Corporate Cloud: Cloud Security
Security
Abstract AI Art
Nov 08,2018
The Rise and Risk of IoT Devices in the Workplace
Security
IT Support with two computers
Oct 18,2018
Protecting Your Law Firm in 2019: Part 2
Law Firms, Security
JDL Group | Mobile Security NY, NJ, PA
Sep 04,2018
5 Tips to Keep Your Mobile Workforce Safe and Secure
Best Practices, Insider Threats, Security
Mobile Ransomware graphic
Aug 21,2018
Defining the Eight Most Nefarious Cyber Threats.
Best Practices, Data Breach, Security
JDL Group can help your school or district make sure it is prepared for anything with the latest in endpoint protection.
Jul 28,2018
Failing the Phish Test
Best Practices, Data Breach, Insider Threats, Security
World Cup Game
Jun 21,2018
New Phishing Campaigns are Targeting World Cup Fans 
Alerts, Best Practices, Security
data privacy NJ
Jun 07,2018
FBI Issues Malware Public Service Announcement, Learn How to Protect Your Data
Alerts, Best Practices, Security
JDL Group can help your school or district make sure it is prepared for anything with the latest in endpoint protection.
May 10,2018
Public Schools Are Being Attacked by Hackers More Than Ever
Data Breach, Ransomware, Security
Healthcare Malware Prevention
Apr 24,2018
A New Hacker Group is Targeting the Healthcare Industry and Infecting Medical Equipment with Malware
Data Breach, Health Care, Life Sciences, Ransomware
ransomware protection
Apr 11,2018
Less Than Half of Ransomware Victims Recover Their Data After Paying the Ransom Demand
Best Practices, Ransomware, Security
Atlanta Ransomware | Atlanta Bitcoin Ransom
Mar 27,2018
Atlanta’s Computer Systems Infected with Ransomware, Hackers are Demanding Over $50,000 in Bitcoin
Alerts, Ransomware, Security
Crypto Malware Protection | IT Blog
Feb 28,2018
Hackers are Using Malware to Generate Cryptocurrencies
Security
Spectre and Meltdown Vulnerabilities
Feb 13,2018
Spectre and Meltdown Vulnerabilities: What Happened and How to Secure Your Computers
Security
Jan 29,2018
Insider Threats – Your Organization’s Top Security Risk
Alerts, Best Practices, Data Breach, Security
data breach protection | NYC MSSP
Jan 15,2018
Top 3 Causes of Data Breaches
Data Breach, Security
Dec 20,2017
Battling Ransomware: 3 Tips for Health Care Organizations
Best Practices, Data Breach, Health Care, Life Sciences, Ransomware
patient information data security | medical cyber security
Dec 04,2017
Protecting Patient Information from Ransomware
Best Practices, Data Breach, Ransomware
Nov 20,2017
How to Reduce Your Law Firm’s Cyber Risk
Best Practices, Data Breach, Law Firms, Security
Nov 06,2017
How to Protect Your Law Firm and Clients from Phishing Email Scams
Best Practices, Law Firms, Security
Oct 23,2017
Hackers Hold Entire School District To Ransom
Data Breach, Security
data security firm nj
Oct 16,2017
Responding to a Data Breach Best Practices
Best Practices, Data Breach, Security
Oct 02,2017
Why Law Firms Need to Make Cybersecurity a Priority
Best Practices, Law Firms, Security
Apr 04,2017
Your Business Should Be in the Headlines for the Right Reasons, Not for a Cyber Attack
Security
Mar 29,2017
Tip of the Week: How to Be Active and Proactive With Your Network
Security
Hacker Protection NYC
Mar 24,2017
Alert: 33.7 Millions Records Released to Public Due to Leak of Massive Marketing Database
Alerts
IT Security | Cyber Security NJ
Jan 31,2017
The “S” in HTTPS is More Important Than You May Think
Best Practices, Security

Leave a Comment

Your email address will not be published. Required fields are marked *

thirteen + four =

This site uses Akismet to reduce spam. Learn how your comment data is processed.