Shane Chambers No Comments

Defcon 1 – Critical Meltdown and Spectre Bugs Means Billions of Intel Devices Easily Hackable

2018 certainly knows how to make an entrance. The Christmas turkey has barely been finished and we’re told that nearly every electronic device on the planet with an Intel processor (from servers to PCs, smart devices and more) are susceptible to not one, but possibly two of the worst critical hardware related flaws ever known (Meltdown & Spectre). Flaws that can allow a hacker to steal your data without a hint of detection. In cases like these we often hear “but I have the latest next generation antivirus software”, but it’s not going to help you here I’m afraid. “And I have the latest next generation firewall and a state of the art SIEM solution just installed” – no good for fixing this either. You may even be really good and have your staff trained in security awareness and your systems backed up offsite – but unfortunately neither will address the root cause of this global issue. Even Santa couldn’t help fix this one – that’s how serious this is.

Meltdown and Spectre are the names given to two processor vulnerabilities which utilise a process called speculative execution - present on almost every CPU since '95

Meltdown and Spectre could be the worst ever bugs to hit electronic devices, making them easily hackable.

The hardware flaws have been aptly named “Meltdown” and “Spectre”. They sound like something straight out of a James Bond spy movie – and to be honest – the names aren’t far off, given if exploited, spying on you is exactly what a hacker could do. Predictions have already come in from experts that this could be the biggest disaster in IT history, and similar to the KRACK WiFi vulnerability of last year, Meltdown and Spectre could take years to fully fix. While important workarounds are available in some cases and must be put in place (see below) , only a hardware redesign in processor architecture will truly lay these bugs to rest.

To make matters worse, now that the crafty hackers know about it and with the EU GDPR data protection regulation coming into force on the 25th May – we predict, this year is going to see some considerable cyber-attacks that will try to take advantage of at least one of these flaws which may result in some pretty serious data breaches and some serious GDPR related fines. Its time like these one would think “Why did we ever go paperless?”.

Read more

Shane Chambers 1 Comment

Businesses Confused by “State of the Art” GDPR Tech Requirement

GDPR is coming. Rapidly, as it so happens, and at the time of writing there is just over 6 months to go until the 25th May 2018 deadline for compliance. Since the GDPR was adopted by the EU in 2016, businesses have been trying their best to understand the impending data protection regulation and, ultimately, ensure they are compliant. The GDPR is no straight-forward matter, though, as much of the phrasing is purposely vague to allow for possible technological advances, and to ensure that the regulation itself does not become obsolete in the near future. The idea is that if the GDPR specified which technologies were to be employed by a business in order to safeguard its data, it may be superseded by new technologies – thus reducing the effectiveness of the regulation. A key GDPR requirement, under Article 32, states that data controllers and processors are required to “implement appropriate technical and organizational measures” taking into account “the state of the art and the costs of implementation” and “the nature, scope, context, and purposes of the processing”. But what exactly does state of the art mean?


The EU has specifically worded some GDPR requirements in a vague manner, to ‘future-proof’ them from technological advances

Read more

Shane Chambers 1 Comment

Cyber Security Is Not Just for IT – It’s for Everyone

Traditionally, cyber security has been seen as an IT department’s problem. They make sure everyone has antivirus on their PCs and take care of the firewall – and as long as they’re doing it right, then everyone else is safe… right? This has lulled users and business owners into a false sense of security of late, believing that cyber security simply isn’t their area or that it’s not in their job description. However, this attitude is now being taken advantage of in a big way by cyber criminals, who have discovered that individual users are much easier to target and deceive. As a result, users often takes actions which inadvertently allows the hackers to bypass the IT security systems. Traditional antivirus is dead, and even more advanced next-generation antivirus simply can’t stop the most deadly attacks. Now, everyone in an organisation has a part to play in keeping it secure, from the bottom all the way up to the CEO.


Hackers are now finding it easier to target regular users, who often lack cyber security training, than to try and bypass complex technical measures put in place by IT

Read more

Shane Chambers No Comments

Windows 10 Creators Update Introduces New Features to Defend Against Ransomware

Ransomware has taken the world by storm this year, costing millions for businesses around the world. In the last 12 months alone, the number of ransomware variants spotted in the wild has more than doubled. As its prevalence has increased, so has the complexity of the attacks, and new ways to defend against them have been developed. Microsoft have been known to take the ransomware threat very seriously, even releasing a security patch for the long obsolete Windows XP operating system in the wake of the infamous WannaCry attack back in May. With the realease of the Windows 10 Creators Update (build 1703), now there are even more features built right in to the OS that can prevent and protect against ransomware. In fact, it’s so secure that Microsoft claim no Windows 10 devices were affected by WannaCry.


The Creators Update of Windows 10 is Microsoft’s most secure operating system yet, containing many anti-ransomware features

Read more

Shane Chambers 1 Comment

Cybercrime as a Service – Online scamming courses, €10 hacking software, & much more

Everyone’s talking about cyber security these days, and there’s a seemingly endless list of protective measures to be taken to prevent cyber attacks. It can be a bit daunting, and at times hard to secure the right budget, so is all this hype about security really necessary? The short answer is – YES. The long answer is that in order to understand why cyber security has taken over the forefront of IT for businesses, you must first understand that cyber criminals are no longer just bedroom hackers; they’re a fully fledged industry.


Cybercrime costs the economy an estimated $450 billion globally

Cybercrime-as-a-Service is on the rise in a big way, with criminals constantly developing more advanced ways to steal businesses’ hard-earned cash over the internet. The industry continues to evolve and adapt and is now highly organised. All one has to do is log onto certain sites on the Dark Web and they’ll be greeted with professional hackers offering ransomware, malware, phishing, DDoS and much more as-a-service.

Read more