Hackers will try to exploit Spectre and Meltdown bugs. What you need to know
Spectre and Meltdown, the two major flaws discovered in computer processors, could allow cybercriminals to steal passwords or other sensitive data. And experts are on the lookout for them.
The flaws have existed in modern processors for 20 years, but news surfaced last week that virtually all computers and smartphones are affected by the bugs.
So far, there is no evidence that hackers have exploited the vulnerabilities.
But it’s only a matter of time before attempts are made, according to Matt Tait, a senior fellow at UT Austin’s Strauss Center.
“We’ll absolutely see in the next few weeks and months people using this vulnerability, especially in the web browser to steal passwords,” Tait told CNNMoney.
Many tech companies were made aware of the flaws long before the news was made public and have been working on fixes for consumer products and services.
Consumers who keep their web browsers, apps and devices up-to-date should be protected from anyone trying to use these vulnerabilities.
“If you install your security updates, you will get new clever software features designed to protect your computer,” Tait said. “When your browser updates, it will prevent websites from attacking your processor and stealing your password.”
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise