US-CERT Warns of New Cybersecurity Vulnerabilities
The United States Computer Emergency Readiness Team (US-CERT) has posted an Alert (TA18-004A) with guidance on two new cybersecurity vulnerabilities that could affect health care organizations.
On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown and Spectre that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.
The description in the US-CERT Alert states:
CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. These attacks are described in detail by CERT/CC’s Vulnerability Note VU#584653, the United Kingdom National Cyber Security Centre’s guidance on Meltdown and Spectre, Google Project Zero(link is external), and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz). The Linux kernel mitigations for this vulnerability are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages.
Follow the link below for a list of OS advisories and patches.
Want to read the full alert and receive alert emails?