Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
  • News

    #50securedays- Week 7!

    Day 33: It’s all about convenience these days but is it safe? No matter how much you trust the platform make sure you do not save your credit/debit card details online. It just takes a few more seconds to fill in those details each time but it’s worth it. #50securedays

    Day 34: We’re all on social media to keep up with friends and family but how many personal data do you actually share on these channels? Make use of privacy settings. Do not keep your profile open to the public. Identity theft is growing on a large scale. #50securedays

    Day 35: Check the URL of every website you visit and make sure their website URL starts with an https because that shows they encrypt the data transmitted between you and their website. If they don’t have it there, do not transmit any personal data to that website. #50securedays

    Day 36: Some people are good actors! The social engineering scams that have actually worked in the past are the ones where someone poses as someone else in the business or seeking assistance to get more information. #50securedays

    Day 37: Track your steps in the digital world to know where and what you’ve shared online and if you haven’t used an account for a while, consider if you should delete it. #50securedays

    News

    #50securedays- Week 6!

    Day 28: New apps are generated on a daily basis, but be careful what applications you download, dubious duplicate versions of reputable apps are out there. Check before you install! #50securedays

    Day 29: E-mails can be intercepted, forwarded, or accessed by others – avoid sending any private information by e-mail. #50securedays

    Day 30: If you haven’t tried this, you must!! Visit www.haveIbeenpwned.com to see if your account has been compromised in a breach. #50securedays

    Day 31: This can be so annoying, right?! Pop-ups are one of the mediums used to carry malware. Ensure your browser is set to block pop-ups. Use an ad blocker. Do not click on any of the links, make sure you close the ad and restart your browser. #50securedays

    Day 32: Check your balance on a weekly basis to see if there have been any unusual transactions. Pay attention to pending transactions. If anything appears to be suspicious, report to your bank immediately. #50securedays

    If you would like to speak to our security consultants on best practices to ensure the security of your business please get in touch with us, contact us to discuss your unique requirements.

    News

    Security Advisory Notice – Critical Intel Chip Vulnerability

    A new vulnerability codenamed “Foreshadow” has been discovered in Intel processors1. The vulnerability can be exploited to read data from the chip giant’s security guard extensions (SGX) technology, while variants can break protections that run on operating systems and in virtual machines in data centres.

    Foreshadow is the third major vulnerability discovered in the past year and builds on research related to the Meltdown and Spectre flaws revealed earlier this year. The vulnerability affects Intel’s commonly used Core and Xeon processors.

    Further research by Intel’s security team identified a number of applications of L1T1F that could impact other processors, operating systems and virtualisation software.

    What are the Vulnerabilities Identified and What Devices Are Impacted?

    CVE-2018-3615 (for SGX)

    Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

    CVE-2018-3620 (for operating systems)

    Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

    CVE-2018-3646 (for virtualization)

    Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

    Affected chips

    See the following link for affected products

    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

    Vendor remediation

    Microsoft

    August patch Tuesday updates released yesterday (14-08-2018) contain the latest mitigations from Intel which should protect against two of the L1TF attacks when combined with previous Spectre and Meltdown mitigations. The third variant, Intel says, is more complicated, but may only affect certain datacentres using virtualization. Though Intel hasn’t observed these attacks being used yet, it would be a good idea to keep your PC up to date with the latest patches.

    Security update KB4343899

    https://support.microsoft.com/en-ie/help/4343899/windows-7-update-kb4343899

    Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Serverguidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)

    Amazon

    An updated kernel for Amazon Linux (ALAS-2018-1058) is available within the Amazon Linux repositories. As a general security best practice, Amazon recommends that customers patch their operating systems or software as relevant patches become available to address emerging side-channel issues.

    Google

    Google has deployed mitigations to Google’s infrastructure, including the infrastructure that underpins Google Cloud, which prevent the creation of vulnerable page-table entries within host operating systems.2

    Google Cloud mitigations against L1TF

    Google Compute Engine employs host isolation features which ensure that an individual core is never concurrently shared between distinct virtual machines. This isolation also ensures that, in the case that different virtual machines are scheduled sequentially, the L1 data cache is completely flushed to ensure that no vulnerable state remains. In addition, Google have also developed and deployed infrastructure that allows them to monitor their hosts for certain classes of these attacks.

    Google recommendations to protect environments against L1TF

    The mitigations described above address the L1TF vulnerability for the majority of Google Cloud customers.

    Customers are encouraged to update their images to prevent the possibility of indirect exploitation within their environments.  This is particularly important for customers running their own multi-tenant services. For product-specific details and recommended user actions, please refer to the Product Status page.

    New and emerging security vulnerabilities will always be a reality, and Google constantly works across the industry to discover and address vulnerabilities to protect our users and customers. Google Cloud customers benefit from the shared responsibility model of public clouds, meaning much of the burden of addressing new vulnerabilities is offloaded to their cloud provider

    VMware

    Advisory ID: VMSA-2018-0020

    VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault – VMM vulnerability.

    https://www.vmware.com/security/advisories/VMSA-2018-0020.html

    Relevant products

    VMware vCenter Server (VC)

    VMware vSphere ESXi (ESXi)

    VMware Workstation Pro / Player (WS)

    VMware Fusion Pro / Fusion (Fusion)

    vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for L1 Terminal Fault – VMM. This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor’s or another VM’s privileged information that resides sequentially or concurrently in the same core’s L1 Data cache.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3646 to this issue.

    CVE-2018-3646 has two currently known attack vectors which will be referred to as “Sequential-Context” and “Concurrent-Context.”

    Attack Vector Summary

    Sequential-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core.

     

    Concurrent-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading enabled processor core

     

    Mitigation Summary

    The Sequential-context attack vector is mitigated by a vSphere update to the product versions listed in the table below.  See link https://www.vmware.com/security/advisories/VMSA-2018-0020.html

    This mitigation is dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms) also listed in the table below. This mitigation is enabled by default and does not impose a significant performance impact.

    The Concurrent-context attack vector is mitigated through enablement of a new feature known as the ESXi Side-Channel-Aware Scheduler. This feature may impose a non-trivial performance impact and is not enabled by default.

    See link https://kb.vmware.com/s/article/55806 for Workstation

    See link https://kb.vmware.com/s/article/57138 for Fusion

    Cisco

    Advisory ID: cisco-sa-20180814-cpusidechannel

    To exploit any of the vulnerabilities (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) an attacker must be able to run crafted or script code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector from which to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.

    A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as the operating system or hypervisor, is patched against the vulnerabilities in question.

    Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. See the Affected Products section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.

    Cisco will release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

    Citrix

    Advisory ID: XSA-273

    In x86 nomenclature, a Terminal Fault is a pagetable walk which aborts due to the page being not present (e.g. paged out to disk), or because of reserved bits being set.

    Architecturally, such a memory access will result in a page fault exception, but some processors will speculatively compute the physical address and issue an L1D lookup.  If data resides in the L1D cache, it may be forwarded to dependent instructions, and may be leaked via a side channel.

    Furthermore:

    * SGX protections are not applied

    * EPT guest to host translations are not applied

    * SMM protections are not applied

    This issue is split into multiple CVEs depending on circumstance.  The

    CVEs which apply to Xen are:

    * CVE-2018-3620 – Operating Systems and SMM

    * CVE-2018-3646 – Hypervisors

    Vulnerable systems

    Systems running all versions of Xen are affected. Only x86 processors are vulnerable.  ARM processors are not known to be affected. Only Intel Core based processors (from at least Merom onwards) are potentially affected.  Other processor designs (Intel Atom/Knights range), and other manufacturers (AMD) are not known to be affected. x86 PV guests fall into the CVE-2018-3620 (OS and SMM) category.  x86 HVM and PVH guests fall into the CVE-2018-3646 (Hypervisors) category. Full details of mitigation steps see link http://xenbits.xen.org/xsa/advisory-273.html

    Red Hat Linux

    For affected products open the link below and click on the Impact tab

    https://access.redhat.com/security/vulnerabilities/L1TF

    Diagnosing if your system is vulnerable

    Use the detection script to determine if your system is currently vulnerable to this flaw. To verify the legitimacy of the script, you can download the detached PGP signature as well, with the signing key on our Product Security openPGP Keys page . The current version of the script is 1.2.

    Remediation

    For remediation steps open the link below and click on the Resolve tab.

    https://access.redhat.com/security/vulnerabilities/L1TF

    How Can Ward Help?

    For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.

    For all other customers, if you would like additional information or would like support in assessing and protecting your environment, please contact support@ward.ie or your account manager, as appropriate.

    Please see links below for further reading:

    1  https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

    https://cloud.google.com/blog/products/gcp/protecting-against-the-new-l1tf-speculative-vulnerabilities

     

    News

    #50securedays | Week 5

    Day 21: Before you send out any e-mails, make sure you cross-check the e-mail address, especially if you are sending out sensitive information. #50securedays

    Day 22: Don’t let information fall into the wrong hands. Do not leave print outs containing sensitive information lying around. If you really need to print it, pick it up from the printer immediately. #50securedays

    Day 23: For many organisations shredding of paper is essential for GDPR compliance! Removing information no longer required is good practice, but ensure it is destroyed and not just thrown away. #50securedays

    Day 24: Spotted someone at work you don’t recognise? Ask them if they need anything and direct them to the front desk to get them sorted. #50securedays

    Day 25: Make sure you are aware if a device is connected to your laptop and that you have not allowed access to the data unless and until you trust the source. #50securedays

    Day 26: This is an easy to fix solution that helps people solve a problem much faster. Screen-shares are common to use and most of the time safe but make sure you are always present and aware of what is being looked at from the other side. #50securedays

    Day 27: Outlook users, a more secure way is to keep your reading pane turned off so that when you receive any spam or dodgy e-mail you can delete without having any access or visibility to any text or link in the e-mail. #50securedays

    If you would like to speak to our security consultants on best practices to ensure the security of your business please get in touch with us, contact us to discuss your unique requirements.

     

     

     

     

     

    News

    #50securedays | Week 4

    Day 15: Avoid sending personal information such as your bank details or phone numbers via e-mail, even to friends, emails can fall into the wrong hands. #50securedays

    Day 16: Malicious users check if your email is active by tricking you into responding to fake unsubscribe requests. So, if you don’t recognise the sender, avoid unsubscribing and stick to deleting the e-mail permanently. #50securedays

    Day 17: Do not give out personal details over a call just because someone asks for it. Be careful and do not hesitate to ask questions back. There could be someone on the other line pretending to be someone else. #50securedays

    Day 18: How many times have you received spam text message? Just make sure you don’t click any of these links, even by accident. If you have, call your telecom provider. #50securedays

    Day 19: Our phones are our best friends anywhere we go especially when we’re by ourselves. Be aware of your surroundings, do not type in your passwords or open sensitive information in public transports. #50securedays

    Day 20: Ads can be very tempting but sometimes we need to be cautious about buying things online using public Wi-Fi. This can be risky, so it’s best to connect to your own network when you make a purchase. 50securedays

    If you would like to speak to our security consultants on best practices to ensure the security of your business please get in touch with us, contact us to discuss your unique requirements.

    News

    #50securedays- Week 3 is here!

    Day 10: Make sure you carry your staff ID card anywhere you go. If you left it somewhere, notify your admin or your security team immediately. You don’t want it to fall into the wrong hands. #50securedays

    Day 11: We all receive promo e-mails but what if some come with attachments, do you open them? Don’t! Downloading the attachment gives the signal to the sender that your e-mail id is valid. #50securedays

    Day 12: It is important to use a USB encryption especially when it contains sensitive information, this prevents access to the files if the USB is lost or stolen. #50securedays

    Day 13: Did you know? Barcodes can be used by hackers to take money via your phone. Check that you can trust the source before you scan a barcode. #50securedays

    Day 14: Make sure you turn on the firewall on your laptops as this will help you filter unwanted traffic. #50securedays

    If you would like to speak to our security consultants on best practices to ensure the security of your business please get in touch with us, contact us to discuss your unique requirements.

    News

    #50securedays have begun! Here is Week 2!

    Recap of Week 2!

    Day 6: If you are connected to any public wifi, make sure you do not have access to any personal or sensitive information. #50securedays

    Day 7: Never leave your password on a piece of paper. Use a password key manager, it’s the safest way of storing your password. #50securedays

    Day 8: Keep your web browser updated to the latest version and make sure all your plugins are updated. The latest updates will help you stay protected from any security threat. #50securedays

    Day 9: Don’t forward emails without reading it carefully. If you don’t sure report it to your security team or delete it immediately because there might be a possibility of a link in there being infected with malware. #50securedays

    If you would like to speak to our security consultants on best practices to ensure the security of your business please get in touch with us, contact us to discuss your unique requirements.

    News

    #50securedays has begun- Week 1!

    Not sure if you noticed but we’ve started something interesting in the past two weeks on our social channels and here is a recap of week 1!

    Day 1: We’ve all been there! Even if you have to leave your desk for 1-30 seconds, you need to lock your system. Privacy matters in security! #50securedays

    Day 2: Spot the difference? Did you know that having a clean desk policy helps you comply with data protection guidelines? #50securedays

    Day 3: You may have a personal and a business account in most of these apps but experts recommend not transferring any business files to any of your personal accounts. #50securedays

    Day 4: If Zuckerberg does, maybe we should too. How do you cover your webcam? Comment below on ideas you have. #50securedays

    Day 5: Bluetooth is one of the most popular short-range wireless technologies but there is a high risk involved in it. Make sure you turn them off, if you’re not connecting a device and if you need to, make sure you’re aware what is connected to it. #50securedays

    If you would like to speak to our security consultants on best practices to ensure the security of your business please get in touch with us, contact us to discuss your unique requirements.

    News

    Ward Infosec: Can ISO 27001 save your business?

    Only 38% of global organizations claim they are prepared to handle a sophisticated cyber-attack. The question is, are you prepared?

    Customer loyalty
    IBM projected that these mega breaches, which can range from one million records lost to 50 million.

    Problem: Currently breaches are occurring more frequently and unexpectedly. Consumers are more hesitant than ever to share their data because it could personally impact them from monetary loss, identity theft or maybe even something worse.

    Solution: The application of an Information Security Management System (ISMS) in line with ISO 27001 will ensure you a better position to manage risks in your business. ISO 27001 certification provides a level of confidence that a business is following an internationally recognised best practice standard for the management of Information Security.

    What’s the impact?
    The global average cost of a data breach: $3.86 million.

    Problem: The number of security incidents is on the rise and organisations are now facing increasing demand in their budget to respond to these incidents. The question we ask businesses is, do you have the right approach?

    Solution: With the proper operational application of the ISMS, you follow a best practice approach to risk management. Our services can help your business stay secure end-to-end.

    Why might businesses be at risk?
    93% of organisations are currently using cloud services.

    Today, everything is connected to the internet, whether you’re a small or big enterprise, from the staff in the front desk to the CEO can be a target for an attack. Having a certification like the ISO 27001 will help the organisation manage their information security from endpoint to the cloud.

    ISO 27001 & GDPR

    As the leading international standard and certification for information security, ISO 27001 covers 75-80% of GDPR.

    With the new regulation that came into force on May 25th 2018 one of the best practice Ward recommends is having an ISO 27001 certified ISMS in place as part of your GDPR journey.

    Why?
    The regulator will see that an organisation has implemented significant diligence in their compliance obligations either in a BAU audit or post an incident.

    Interested to know more about our ISO offering, download the whitepaper here.

    Ward has a large pool of trained, certified and experienced ISO27001 consultants that assist many businesses to become certified to ISO 27001 in a timely and in a cost-effective manner. Speak to our ISO experts now, contact us or call: 1800 903 552 to discuss your unique requirement.

     

    News

    Ward Infosec: The True Story Behind GDPR

    With GDPR just around the corner, businesses are in panic mode. We work with businesses across all industries from retail, agriculture, education, manufacturing and many more.

    Here is our 5 step guide to help you on your GDPR journey:

    Compliance

    With the number of data breaches that have happened in the last one year, the truth is out, personal data is being misused. We are connected to the internet every day. We are so used to sharing our data online without any hesitation because we thought it was safe but things have changed.

    Rights of a customer:

    How many irrelevant e-mails do you get on a daily basis? How many ads do you come across that you’re not interested in? As a customer we’re being tracked in every way. It isn’t wrong for a business to do that but a customer should have the right to opt-out and feel comfortable with your brand tracking their behavioural pattern.

    Trust:

    Customers are far more educated about what’s going on in the cyber world. They are now more reluctant to share details about themselves. If your business can convince them on how responsible you’ll be with their data, there is a good chance that the trust will be built at a much early stage.

    Life after GDPR: Prevention is better than cure

    With the kind of breaches that are expected to take place in the future, it is critical for businesses to have a security incident and event management in place. Many companies out there rely on internal staff but it is recommended to have a third party involved especially to fill up the gaps that might be missed before and after a breach takes place. According to IBM’s latest study, having an incident response team can save €15 per record that is €371,384 per breach. You’re not only saving up on the cost of a breach but you’re preventing on any possibility of an attack and you’ve also got back-up just in case things go wrong.

    GDPR isn’t all about the fines, it’s about who you are protecting at the end, your customer and your business.

    Ward Solutions are a nationwide organisation that offers a wide range of information security services that have helped many businesses across the world.

    If you would like to know more about our GDPR services, e-mail us or call 1800 903 522 to discuss your unique requirements.