Another day, another exploit. Or two. For now. News of Meltdown and Spectre is all around us...
Here are a few articles:
So what are you - and your organization - doing to respond? Advice to share? Warnings?
Let us know!
With respect to Meltdown and Spectre, I suggest a good source of notifications and updates and recommendations, which is regularly updated is:
IBM X-Force Exchange, you can sign up free and obtain notifications on important vulnerabilities as they develop regularly.
In terms of remediation, apply best practices for authorised patch management processes, and keep watching for updates.
I went here asking the same question. We have a very large global company with multiple sites not to mention acquired companies. Getting updates on all the bios might take a while for us but I am going to suggest on some steps that can be done. Anyway, just want to know how others are handling this vulnerability.
I suggest you collate an inventory of all your vendors/suppliers and commence communicating with them directly. This will give you a pretty good idea on how proactive they are and also the timeline and quality of advice provide by each supplier.
I definitely recommend keeping an eye out on regular updates. If I find any further information, I will endeavour to post it for all and sundry.
Here is a nice graphic from Daniel Miessler that gives an overview of the threats. "Must have code execution" limits exposure.
Our vendor list is prepared and emails/phone calls will be made today to check on their exposure.
We are alpha testing the Microsoft patches today.
Also, we are tailoring some internal and external communications.
Hackers would first need to install malicious software on your computer in order to take advantage of these flaws.
That means they need to select their targets and hack each one of them before running a sophisticated attack to steal a computer's sensitive information.
Consequently, we have to have stroung computer security implemented and the malicious software will not enter your system...
So, endpoints may have exposure to the issue in this fashion. Your own servers are likely fine, but anything in a multi-tenant, public cloud is another story as an attacker could get a VM instance on the same physical host as yours and if the hypervisor host is vulnerable, it can be a major issue in terms of disclosure.