This week, AV-TEST's census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17.
AV-TEST CEO Andreas Marx says that the different strains of malware mostly contain recompiled versions of the same proof-of-concept code released with the initial report on the bugs.
It doesn't appear that any of the exploits work yet, but it's clear that malware authors are working to actively exploit Meltdown and Spectre.
Early reports suggested that mitigating Meltdown and Spectre would be easy, but in practice, attempts to mitigate the defects have been a catastrophe.
Marx believes different groups are working on the PoC exploits to determine if they can be used for some purpose. “Most likely, malicious purposes at some point,” he said.
The expert believes the current malware samples are still in the “research phase” and attackers are most likely looking for ways to extract information from computers, particularly from web browsers. He would not be surprised if we started seeing targeted and even widespread attacks in the future.
Malware Exploiting Spectre, Meltdown Flaws Emerges [Eduard Kovacs/Securityweek]
Journalist’s Resource published this great comic by Josh Neufeld, explaining the basic concepts behind differential privacy, the data collection method used to prevent bad actors from de-anonymizing the information gleaned from the 2020 Census. The original source includes some other great resources on differential privacy, but since the comic itself is made available under a […]
Last spring, a Baltimore underwent a grinding, long-term government shutdown after the city's systems were hijacked by ransomware. This was exacerbated by massive administrative incompetence: the city had not allocated funds for improved security, training or cyberinsurance, despite having had its emergency services network taken over by ransomware the previous hear, and five city CIOs […]
I’m not the kind of person who possesses the programming or IT knowledge to run my own servers and host my own email. But I can manipulate some things on the internet or on local networks, like how to access the gateway to your router and make some changes in there, even if I […]
Just as in almost any industry that seeks high-demand, well-trained workers, certification often becomes key. For project managers, that means anyone who’s serious about serving in that role with a respected company knows they’re going to need the seal of approval in one of the field’s most recognized methodologies before they stand much of a […]
Popping a new battery in a smoke detector or adding salt to your water softener are easy fixes. But if you run into trouble or a necessary repair in a cramped, tight place, sometimes with no obvious fix or easy access, it can be a pretty frustrating exercise. Since flying blind is the absolute worst, […]
Firing up the engines each morning and attacking the day with gusto and purpose can feel like a mighty tall order sometimes. We’ve all been there. But on those sluggish, why-don’t-I-just-stay-here-in-bed-all-day kinda days, it might just take a rational, calming, reassuring nudge to make it happen. No matter what it takes to keep you motivated […]