One-Two Punch Combo, Malware-Ransomware and Virus Protection that Works!

by

Heimdal Thor Enterprise and Emsisoft AntiVirus – AntiMalware deliver the ONE- TWO PUNCH KNOCK OUT PUNCH COMBO

The ProActive: 

Heimdal Security – Since 2011, has been leading the fight against cybercrime, developing new technologies and providing intelligence to protect over 5,000 companies and 600,000 users against cybercriminal attacks and data security breaches.

With security Products for Home and Business , Heimdal security takes a Proactive approach to securing your data. With the complete pack THOR Premium your endpoints are SAFE! unlike traditional Antivirus products Heimdall’s complete package with Thor Premium sits basically at the network card level and is constantly scanning incoming and outgoing traffic, Your DNS is pointed to the Heimdal Security centers robust network, and traffic is scanned at the network level. By scanning through the network connection Thor can stop, block and cease an attack before it reaches your machine, since it is done in route through a highly secure DNS server. The complete Business package allows for updating 3rd party applications and Windows security patches automatically closing loophole and breaches due to unsecure or unpatched software. Automatically scheduled scans of your files and constant scanning of incoming and outgoing data and where they are connecting ( endpoints). Is your online application really connecting to say your bank or has it been hijacked and pointed to a dark web or malicious hackers page masking itself as the real deal only to steal your data?

Dark Layer Logo

Detects threats at the DNS, HTTP, HTTPS layers, before they reach your device, and prevents data leakage and compromise. With a unique, proactive approach to security, DarkLayer Guardblocks all incoming and outgoing communications to malicious servers, preventing APTs and other threats.

VectorN Logo

While antivirus is a reactive solution that scans code to stop threats, our VectorN Detection will autonomously detect and prevent infections.

Through VectorN Detection, hidden malware in your system will be immediately detected and blocked before it can compromise your data.

Xploit Resilience Logo

Through X-Ploit Resilience, available updates are automatically and silently updated. This way, you eliminate vulnerabilities before they’re exploited AND infect your PC with malware. Windows Security Pacthes and updates are applied on a scheduled basis along side many 3rd party applications, Updates to these application is patched automatcially when a new patch or update is available it will automatically be installed with the least amount of user intervention.

The Reactive:

Forget viruses – Today’s threats come in new shapes and are called Malware

Emsisoft’s high performance dual-engine scanner

Emsisoft not only detects more because it uses the full power of two major antivirus- and anti-malware technologies, it also scans quicker because of the efficient combination of the scanners.
Any unnecessary duplicates in detection are avoided, enabling the least impact on memory and overall hardware resources.

The engine Emsisoft has built complements the second Bitdefender engine, and they are combined seamlessly to maximize efficiency.

One of the ways they detect unwanted programs is through signature-based detection. What this means is that we search programs for their unique signatures, which are like fingerprints, and scan your computer for these threats. At Emsisoft, most of there lab time is spent creating detection signatures for PUPs (potentially unwanted programs) and on custom malware removal code for specific infections. We ran some numbers a while ago and discovered that more than 74% of the total detected PUPs are detected by our in-house built scan engine component.

So how does information translate to your own practical use?

Simple: all detections with an (A) postfix are from our own engine and those with (B) are from Bitdefender.

In a nutshell: We believe two engines are better than one, and we use our own technology to detect threats to your computer that might otherwise be missed. But we won’t compromise efficiency in this process — Emsisoft works to keep your memory clean and uncluttered, and to detect threats at optimal speed.

 

For the last 4 months I personally have been running Heimdal Thor Enterprise alongside the trusted Emsisoft antivirus, and feel this is the ULTIMATE SECURITY / Antivirus-Antimalware combination available by having an Reactive and Proactive software suite I feel confident my data is secure, and any internet sites I visit or use are not sneaking in backdoor threats or phishing, or worse parading themselves as the real site only to be fake and stealing any data they can get ahold of. Last thing I want to do is come home and have to clean up my own systems or laptops which is why I run both Heimdal and Emsisoft on every machine I use for the business and computer in our home. I won’t sell something I personally don’t use, and I won’t sell something which doesn’t work!
Contact RSL Computer Solutions, today and get the ONE-TWO Punch Advantage! Heimdal and Emsisoft the deadly One-Two Punch combo against Malware, Ransomware and Malicious Attacks!

Phone: 513-816-1344 or Email: Info@rslcomputers.com

by

An antivirus solution standalone is not enough to fully protect your data

If you are currently using an antivirus solution to keep your data safe and secure, know that it can’t provide 100% protection. Online threats have evolved greatly and malicious actors became real “artists” in using creative ways to spread malware.

Antivirus is only a single layer of security that you need, but can’t keep up with the increasing number of malware attacks. It does a better job at covering threats like worms, viruses, trojans, while advanced malware strains (ransomware, phishing or social engineering threats) manage to evade AV detection.

Last year, massive spam campaigns like WannaCry or NonPetya could fly below the radar of antivirus software and go undetected during the first hours or days. The timing was crucial for both home users and organizations and we’ve seen the damages caused.

Here’s an example of a spam campaign we monitored and analyzed to see how long it takes AV engines to detect advanced malware. During this malicious campaign, cyber criminals tried to bait victims into clicking on a malicious link to deliver the NanoCore malware on their devices.

The results from VirusTotal showed that in the first day only 5 AV engines out of 64 could detect this malicious campaign. A few days later, 37 out of 64 engines could find it. This indicates a low detection rate for antivirus during the first stages of an attack.

Nowadays, cyber attacks are brand new and unlisted in antivirus databases, which are designed to sneak past your AV product and compromise your computer. People rely on antivirus as their only protective layer, but it’s just not enough. Antivirus is often ineffective in blocking ransomware attacks.

Nano Core Spam Campaign 2 1

Virus Total results

You can see other examples of spam campaigns explaining why AV detection for new malware remains low.

Why extra layers of security are needed

A multi-layer approach is needed to better fight ransomware infections that can spread quickly and harvest users’ data. This happens because the malware scanning is rather reactive than proactiveThe newer a malware strain is, the harder will be for AV to detect it.

The purpose of a multi-layered security system is to stop cyber attacks on different levels, so they never reach the core of the system and essential information.

Malicious actors can find ways to manipulate the data that flows through your Internet connection to serve their malicious purposes.

We spend a large amount of time browsing the Internet, but have you thought about the danger you are exposed to? We believe that everyone should enjoy the web safely when navigating online.

To do that, you will need a tool that can help you filter the Internet traffic and eliminate all the threats out there that antivirus can’t block. A tool focused on proactive cybersecurity.

We believe that you shouldn’t wait for something bad to happen to improve your online safety and protect your digital assets.

What Heimdal PRO can do for you

If you didn’t know about our product, Heimdal PRO is built to protect its customers from attacks like ransomware traditional antivirus can’t detect.

Heimdal PRO can block different ransomware infection sources such as malicious email attachments, infected links you may receive in your email, infected web pages or malicious web apps that appear legitimate at first, but aimed at spreading ransomware.

Here’s how Heimdal PRO works and how it can stop a ransomware infection in 4 different stages:

how Heimdal PRO blocks

Heimdal PRO is an antimalware solution that includes three layers of protection against ransomware.

1. Traffic scanning and filtering

With its DarLayer Guard feature, Heimdal PRO proactively scan for all your incoming and outcoming Internet traffic to identify all types of malicious connections.  It does that by changing the DNS (Domain Name System) for IPv4 and IPv6 to a different address and block a malicious web address.

When the engine is enabled, Heimdal PRO will apply a filter on the network adapter that will scan for infected sites and other web locations (servers, online ads, etc) with the potential to install a ransomware on your devices.

In the image below, on the right side, you can see how many web traffic scans Heimdal has performed on your system in the last 7 days and how many web addresses were blocked.

You should know that all the filtering process takes place quickly and will not affect your Internet connection speed.

Traffic filtering layer

2. Detection and blocking of advanced malware (VectorN Detection)

The Malware engine analyzes potentially malicious code to detect and block ransomware attacks. It compares the signatures of the files on your PC with our constantly updated database to find any matches.

With the malware scanning feature, Heimdal PRO works proactively to detect and block second generation malware like ransomware that tries to compromise users’ endpoints and encrypt their files. All websites you are accessing are scanned and verified in our internal database.

You can choose to turn it off, but we don’t recommend doing it, because it will decrease your protection level.

VectorN Detection feature works hand in hand with the DarkLayer Guard feature and tries to search and detect for patterns in the number of blocks that DuarLayer Guard records. It uses Machine Learning Detection (MLD) to perform an in-depth analysis of all incoming and outgoing HTTPS, HTTPS, and DNS traffic.

You can see in the image below how many malware scans Heimdal PRO has completed on a system in the last 7 days, as well as how many malware strains Heimdal has cleaned from your PC in the same frame time.

Malware Detection feature

3. Automatic and silent patching feature was created to silently keep your software programs and applications, including operating system, up to date and patched, without annoying you with notifications.

In Heimdal PRO, the patching system is split into two sections:

  • software patching (designed to monitor and update the programs installed on your computer and details about them) 
  • recommended software (here you’ll find programs Heimdal recommends to install that will automatically be inserted into the software patching list).

Software Patching system

 

To better handle ransomware attacks, you need to see the bigger picture and take all the security measures to prevent these attacks.

Use this anti-ransomware protection plan and better secure your endpoints against ransomware.

What you should know is that Heimdal PRO is compatible with any antivirus product available on the market that will block threats at their root. An anti-malware solution isn’t meant to replace your AV product, but complement it, so users can benefit from multiple layers of protection to better fight against ransomware.

With both software products installed on a PC, more security gaps are closed and you can enhance online safety.

Please let us know what you think of our product and what other features you’d like us to include. Your feedback is important.

The easy way to protect yourself against malware
contact RSL Computer Solutions, LLC for a free trial

Use it to:Block malicious websites and servers from infecting your PCAuto-update your software and close security gapsKeep your financial and other confidential details safe

EASY AND RELIABLE. WORKS WITH ANY ANTIVIRUS.

https://rslcomputers.com/185-2/

New Year – New Services

by

With the New Year comes More Managed Services, Security and Antivirus Options- RSL Computer Solutions the choice for Small Business-Small Office and Home Office, Computer and I/T Services

For 2019 we will be adding more Firewall and Security options for Small Business / Home Office environments

More antivirus and web protection applications and managed services.

Thanks for using and recommending  RSL Computer Solutions the past couple years!

We look forward to providing  service and support- keeping you running and secure- with minimum downtime in 2019!

 

Security Cameras

by

We offer both NVR and XVR (DVR) Based Video Security Systems.

Avoid exposure to the two major NVR brands and preserve your firm’s reputation and credibility. The Mirai Botnet and recent discovery of master password backdoor access to those two major platforms are risks easily avoided. Our vendors DVR and NVR have no backdoor master passwords, and 350 full time engineers focused on performance, reliability, and customer security and privacy.

Our choice of vendor offers NVR with higher performance, higher quality construction, and the intuitive GUI that alleviates customer anxiety on first time installations. Better hardware and software. The CMS is intuitive and more powerful than PSS. We’re confident you’ll agree that these platforms are truly first class. Very easy to use. With a full line of IP Cameras that receive same stellar end user feedback.

From 4 channel analog models to 128 IP channel input; 16 Hot-Swappable SATA Bays, H.265, Up to 12MP Recording Resolution Integrator Series Network Video Recorder offering 4K HD

Click for more information

Secure Cloud Based Backup Solutions,

by

Why you should be using an Offsite Backup Service

Keeping a regular backup of your computers and storage systems prevents data loss, but to completely protect databases, email archives and other critically important data, businesses should keep at least two separate backups including one offsite backup.

An offsite backup is a copy of key files and folders kept in a separate physical location from your primary storage device. From a disaster recovery viewpoint, there are several key advantages to offsite file storage.

Protection From Natural Disasters

One of the more obvious advantages of an offsite backup is the protection that users gain from natural events. If you cannot access your computer or storage system for any reason, you can use the offsite copy to restore your data in the meantime.

Offsite backups have provided some businesses with essential protection from downtime following major fires, earthquakes, hurricanes and floods. In some cases, this protection is worth millions of dollars, particularly if the backup copy is recent and productivity losses are minimal following the failure.

Avoiding Logical Data Issues

Offsite backups also protect against logical data disasters in RAID-dependent or networked systems. For example, if your business keeps a primary copy of data on a RAID array and an automatic onsite backup, logical file damage could potentially affect both copies of the file. By keeping a separate offsite backup, your business could avoid data loss in this type of scenario.

Logical file issues account for a large percentage of commercial data loss events, and a good backup plan uses an offsite copy to prevent viruses, user errors and software errors from causing data loss.

Setting Up Offsite Backups

Choosing an appropriate backup program or service can provide you with peace of mind. A good offsite backup is automatic, consistent and reliable.

Depending on whether you need to store a small or large amount of data, you may be able to use a cloud-based service to maintain an accessible offsite backup. Cloud services are a reliable option for personal computer users, and many services offer automatic software that uploads changed files from the user’s computer once per day. Most cloud services also offer state-of-the-art data encryption to ensure secure file transfers.

Businesses with large storage systems often prefer physical offsite backups. This can include data tape cartridge libraries, NAS and SAN devices, and other large-scale archival systems. Ideally, these offsite backups should not be in the same regional area as the original copy of the data. Otherwise, major natural events such as floods, hurricanes and earthquakes may prevent you from accessing critically important files in both locations.

We all know that offsite data backup is something we should be doing. But, it’s not something that we all do. Cloud backup services are an insurance policy to protect your data from any number of data loss threats. It gives you peace of mind.
Consider the following data loss situations. They are all too common and could send your business down the drain if an offsite backup solution is not in place.

Deleting files: Updating files or deleting them are common activities. We often lose data simply because we don’t have proper workflow procedures and backup strategies. More efficient procedures for saving work and making backups regularly will definitely save time.

Viruses & malware: New viruses attack computers every day. Damages greatly differ, but most viruses affect operational systems and damage stored data. Making regular backups of your data and storing the data safely offsite allows you to access it after severe virus attacks.

Mechanical damages: Computer hardware is a fragile part of business networks. There are ways to recover data, but this service can be costly. There’s no guarantee you can totally recover your important data. Regular offsite backups help in case of hardware troubles and keeps the latest version of your data in safe storage.

Power failures: Power failures affect operation systems and computer hardware. Suddenly shutting your computer or business systems down without proper procedures causes problems. This leads to a chain reaction, and your data is gone. Offsite data backups makes you feel better and more secure, keeping data in a safe place where you can recover it.

Computer theft: It’s a tragedy to lose both your computer and data at the same time. While traveling, you may leave your laptop unattended, lose it in an airport, conference center, coffee shop or any other crowded place. New computers cost money, but the data lost is even more expensive. If you use a proper offsite data backup strategy, you can recover your data even after your computer is long gone.

Fire & explosions: Explosions rarely happen, but fire mostly likely destroys both your computer and data. Fire is also dangerous when backups are stored in the same location. The safest practice against fire is to make regular backups and keep them in the cloud.
In all these cases, another factor to consider is the cost of data recovery. The cost of professional recovery can be considerably more than maintaining an offsite backup. The best data recovery case is one that uses a reliable, offsite backup solution.

Businesses suffer not only the financial devastations caused by data loss, but they can suffer the loss of client confidence. Both are equally devastating and determine whether a business can survive.

More than one-third of Ransomware attacks are on businesses with fewer than 250 employees.
There’s a lot at risk when a business fails to implement a successful and thorough offsite data backup plan. Some companies never recover from the blow.
After a major data loss, only 6% of those businesses will survive, studies show. A whopping 51% go out of business within two years, while a sober 40% are gone immediately.

Natural disasters happen, and they can take down your entire office.

40% of businesses never reopen after being destroyed by a natural disaster. — FEMA

Data loss has a big effect on that stat. Mother nature is unpredictable, at best. Natural disasters happen fairly often. Should a natural disaster destroy your entire office when you don’t have offsite backups, well…

That’s why it makes sense to for that offsite copy to be cloud-based, so that it stays up-to-date and can be restored easier in the event that disaster strikes.

Offsite data backup is more secure. Much more.

What’s the security like in your office? Maybe you work in a shared building, or maybe it’s just you and your co-workers. But even if you have a fairly extensive alarm system, it likely doesn’t compare to the military-grade security in a data center managed by a 3rd-party provider.

That security includes multiple layers of security to prevent data loss from all types of threats — from disasters to unauthorized access. Some of these facilities are even underground.

Not only that, but data centers have additional layers of protection that stop problems like malware and ransomware before they get into the network.

What’s more, with the right offsite backup solution, you should get multiple layers of backup redundancy, meaning even if your data could be compromised or lost in one data center, it would still be safe and sound at another site.

It’s the last stop to preventing complete business failure.

We provide Cloud Based Secure AES 256 Encryption backup solutions. Hosted on Amazon’s S3 AWS server, Amazon S3 provides a highly durable storage infrastructure designed for mission-critical and primary data storage. Objects are redundantly stored on multiple devices across multiple facilities in an Amazon S3 region. To help better ensure data durability, Amazon S3 PUT and PUT Object copy operations synchronously store your data across multiple facilities before returning SUCCESS. Once the objects are stored, Amazon S3 maintains their durability by quickly detecting and repairing any lost redundancy.

Amazon S3 also regularly verifies the integrity of data stored using checksums. If Amazon S3 detects data corruption, it is repaired using redundant data. In addition, Amazon S3 calculates checksums on all network traffic to detect corruption of data packets when storing or retrieving data.

Amazon S3’s standard storage is:

  • Backed with the Amazon S3 Service Level Agreement
  • Designed to provide 99.999999999% durability and 99.99% availability of objects over a given year
  • Designed to sustain the concurrent loss of data in two facilities

Fore more information see https://rslcomputers.com/services/secure-backup/

 

Microsoft Releases Emergency Updates to Fix Meltdown and Spectre CPU Flaws

by

By

  • January 4, 2018
  • 06:17 AM
  • 10

Meltdown and Spectre logos

Late last night, Microsoft issued out-of-band updates that address Meltdown and Spectre, two security flaws said to be affecting almost all CPUs released since 1995.

The Redmond-based OS maker was not planning on releasing the updates until next week, on Patch Tuesday, but was forced to roll out fixes after Google went public with details about the two vulnerabilities.

According to a Microsoft security advisories [12], these are the Windows security updates that address the Meltdown and Spectre flaws for various Windows distributions.

Operating System Version

Update KB

Windows Server, version 1709 (Server Core Installation)

4056892

Windows Server 2016

4056890

Windows Server 2012 R2

4056898

Windows Server 2012

Not available

Windows Server 2008 R2

4056897

Windows Server 2008

Not available

Windows 10 (RTM, 1511, 1607, 1703, 1709), Windows 8.1, Windows 7 SP1

ADV180002  (Multiple KBs, it’s  complicated)

The Microsoft updates are not all-out fixes. Some Windows PCs may require additional CPU firmware updates to mitigate Spectre attacks, but the Microsoft updates appear to fully-address the Meltdown flaw.

Problems with some anti-virus software may lead to BSODs

But Microsoft also warns that the Meltdown and Spectre security fixes are incompatible with some anti-virus products.

“During our testing process, we uncovered that some third-party applications have been making unsupported calls into Windows kernel memory that cause stop errors (also known as bluescreen errors) to occur,” Microsoft said in a compatibility note for yesterday’s security fixes.

“These calls may cause stop errors […] that make the device unable to boot. To help prevent stop errors caused by incompatible anti-virus applications, Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update.”

“If you have not been offered the security update, you may be running incompatible anti-virus software and you should follow up with your software vendor,” Microsoft said.

In other words, if users are employing a third-party anti-virus product, they should first check if the AV has updated its anti-virus product to support the Microsoft patches.

There have been no reports of malicious groups using neither Meltdown or Spectre in real-world attacks, so Microsoft is also recommending that users give anti-virus vendors more time to update their products.

Microsoft says that when anti-virus vendors update their product to support the Meltdown and Spectre patches, they’ve been instructed to create a custom registry key on the OS, which will allow Windows to download and receive the proper security fixes (if the user also agrees to it).

If users aren’t willing to search their antivirus product’s homepage for such info, if they find the following registry key on their systems, the antivirus product has already been updated to support the Meltdown and Spectre patches.

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWAREMicrosoftWindowsCurrentVersionQualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD”

A security researcher is currently keeping a Google Docs spreadsheet with the status of Meltdown and Spectre patches on various anti-virus engines. At the time of writing, only Microsoft, ESET, and Kaspersky AV engines support the patches, with others set to receive updates starting tomorrow.

Other vendors have also issued patches. You can find a full list here.

Meltdown and Spectre Vulnerability Advisories, Patches, Updates

by

List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates

By

  • January 3, 2018
  • 09:52 PM
  • 6

Two new vulnerabilities called Meltdown and Spectre, or speculative execution side-channel vulnerabilities, have been discovered in modern processors that allow malicious programs to steal information from the memory of other programs. This means that the malicious program can steal passwords, account information, encryption keys, or theoretically anything stored in the memory of a process.

Vendors have started to release information on how customers can protect themselves from Spectre or Meltdown and the status of their services. To make it easier to find this information, I will be adding links to various advisories as they are released. The related CVEs are CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.

It is important to note, though, that a software update will not be able to completely resolve these vulnerabilities. It is also important to make sure you have the latest bios/firmware updates for your laptop or computer installed as well.

For those who want to monitor these updates, I suggest you check this page throughout the coming days to see if new information is available.

For more detailed information about the Spectre and Meltdown vulnerabilities, you can read our coverage in the articles below:

It is also strongly recommended that you read the security advisory by Google as it contains a very detailed description of these vulnerabilities.

If you are a vendor with a advisory or notice, please contact us to have your information added.

Last Updated: 01/05/18 16:52 EST

Official Advisories, Notices, Patches, or Updates:

Amazon

Amazon has released a security bulletin that provides information on how Amazon AWS services are affected by Meltdown and Spectre. In summary, this bulletin states:

This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices. All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours, with associated instance maintenance notifications.

While the updates AWS performs protect underlying infrastructure, in order to be fully protected against these issues, customers must also patch their instance operating systems. Updates for Amazon Linux have been made available, and instructions for updating existing instances are provided further below along with any other AWS-related guidance relevant to this bulletin.

You can read the full security bulletin here: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/

AMD

AMD has not released an official advisory where they essentially say that their CPUs are not vulnerable to the speculative execution vulnerabilities.  Below is the table from this press release:

Google Project Zero (GPZ) Research Title Details
Variant One Bounds Check Bypass Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.
Variant Two Branch Target Injection Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.
Variant Three Rogue Data Cache Load Zero AMD vulnerability due to AMD architecture differences.

The full advisory can be found here: https://www.amd.com/en/corporate/speculative-execution

As the security landscape continues to evolve, a collaborative effort of information sharing in the industry represents the strongest defe

Furthermroe, Tom Lendacky, a software engineer at AMD, had posted a email to the Linux Kernel Mailing List stating:

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against.  The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

Disable page table isolation by default on AMD processors by not setting the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI is set.

You can read the full post here: https://lkml.org/lkml/2017/12/27/2

Windows internals expert, Alex Ionescu also had this to say:

Alex Ionescu@aionescu

Official AMD response shows that they _are_ susceptible to at least some of these variants, so again, Intel’s response was *not* dishonest, just cleverly crafted. This is a design-level issue affecting many, many chip vendors. https://twitter.com/rhhackett/status/948676213505232897 

5:14 PM – Jan 3, 2018
Twitter Ads info and privacy

Android

The Android team has updated their January 2018 bulletin with the following note:

CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754, a set of vulnerabilities related to speculative execution in processors, have been publicly disclosed. Android is unaware of any successful reproduction of these vulnerabilities that would allow unauthorized information disclosure on any ARM-based Android device.

To provide additional protection, the update for CVE-2017-13218 included in this bulletin reduces access to high-precision timers, which helps limits side channel attacks (such as CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) of all known variants of ARM processors.

We encourage Android users to accept available security updates to their devices. See the Google security blog for more details.

The full bulletin can be found here: https://source.android.com/security/bulletin/2018-01-01

Antivirus Vendors

Microsoft will only distribute the emergency update to users if a particular registry key has been made by an installed antivirus vendor. Kevin Beaumont has created a spreadsheet that keeps tracks of antivirus vendors and whether they make this key: https://docs.google.com/spreadsheets/u/2/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview

Below are links to various antivirus vendors who have released advisories:

Apple

Apple has released an official advisory that states:

Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store. Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by either Meltdown or Spectre. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, and tvOS.

The full advisor can be read here: https://support.apple.com/en-us/HT208394

Windows internals expert, Alex Ionescu had this to say:

View image on TwitterView image on TwitterView image on TwitterView image on Twitter
Alex Ionescu@aionescu

The question on everyone’s minds: Does MacOS fix the Intel  Issue? Why yes, yes it does. Say hello to the “Double Map” since 10.13.2 — and with some surprises in 10.13.3 (under Developer NDA so can’t talk/show you). cc @i0n1c @s1guza@patrickwardle

12:39 PM – Jan 3, 2018
Twitter Ads info and privacy

ARM

ARM has released a security bulletin that lists the ARM processors that are susceptible to the Meltdown and Spectre attacks.

Based on the recent research findings from Google on the potential new cache timing side-channels exploiting processor speculation, here is the latest information on possible Arm processors impacted and their potential mitigations. We will post any new research findings here as needed.

The full ARM security bulletin can be found here: https://developer.arm.com/support/security-update

Chromium Project

The Chromium Project has issued an advisory where they provide best practices for web developers and recommend that Chromium users enable Site Isolation.

The full advisory is here: https://www.chromium.org/Home/chromium-security/ssca

Computer Emergency Response Team (CERT)

CERT has issued an advisory regarding thee Meltdown and Spectre CPU vulnerabilities. This advisory can be found here: http://www.kb.cert.org/vuls/id/584653

Google

As Google was one of three teams that discovered this bug, they have some of the most detailed information regarding Spectre and Meltdown. A detailed bulletin regarding what Google products are affected by these vulnerabilities and how they are being mitigated can be found here: https://support.google.com/faqs/answer/7622138

I strongly suggest that everyone read the following articles for detailed technical information:

Google has also issued a bulletin for users of Google Cloud, G Suite, and Chrome. To summarize, this bulletin states that Google Cloud & G Suite have been updated to mitigate these vulnerabilities. If a customer uses their own operating system then they will need to install any related OS updates. Finally, Chrome & ChromeOS users can turn on Site Isolation to provide further protection.

The full bulletin can be found here: https://blog.google/topics/google-cloud/what-google-cloud-g-suite-and-chrome-customers-need-know-about-industry-wide-cpu-vulnerability/

Intel

Intel has released a press release regarding these vulnerabilities. A portion of this press release states:

Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

The full press release can be found here: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

Linux Foundation

Thomas Gleixner, a Linux kernel developer, posted in December to the Linux Kernel Mailing List about new KAISER isolation patches. These are suspected to have been introduced to resolve the Meltdown and Spectre bugs in Linux. If anyone has more information, I would appreciate you letting me know.

The mailing list post can be found here: https://lkml.org/lkml/2017/12/4/709

Microsoft

Windows Information:

On January 3rd 2018, Microsoft released emergency out-of-band updates for Windows 7 SP1, Windows 8.1, Windows 10, and various Windows Server versions. Though these updates help to mitigate the Spectre and Meltdown speculative execution side-channel vulnerabilities, but to be fully protected you will also need to install the latest firmware & bios updates for your computer.

Advisories for these updates can be found here:

Microsoft Edge Information:

Microsoft has released an advisory specifically related to Microsoft Edge. This advisory states:

Initially, we are removing support for SharedArrayBuffer from Microsoft Edge (originally introduced in the Windows 10 Fall Creators Update), and reducing the resolution of performance.now() in Microsoft Edge and Internet Explorer from 5 microseconds to 20 microseconds, with variable jitter of up to an additional 20 microseconds. These two changes substantially increase the difficulty of successfully inferring the content of the CPU cache from a browser process.

We will continue to evaluate the impact of the CPU vulnerabilities published today, and introduce additional mitigations accordingly in future servicing releases.  We will re-evaluate SharedArrayBuffer for a future release once we are confident it cannot be used as part of a successful attack.

The full advisory can be found here: https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/

Azure Information:

Microsoft also released a compatibility note that you should read in order to understand why you may not see these updates being offered: https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released

For Azure users, Microsoft has released an advisory that states:

The majority of Azure infrastructure has already been updated to address this vulnerability. Some aspects of Azure are still being updated and require a reboot of customer VMs for the security update to take effect. Many of you have received notification in recent weeks of a planned maintenance on Azure and have already rebooted your VMs to apply the fix, and no further action by you is required.

The full Azure advisory can be found here: https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/

Mozilla

Mozilla has released an advisory stating that older versions of Firefox are susceptible to these attacks. To mitigate these attacks, starting in Firefox 57, Mozilla has reduced the precision of Firefox’s internal timer functions. Therefore, all Firefox users should upgrade to Firefox 57 for the extra protection.

The advisory can be found here: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

Nvidia

Nvidia has released an advisory that states they currently believe their GPUs are not affected by this bug, but will continue investigating:

NVIDIA’s core business is GPU computing. We believe our GPU hardware is immune to the reported security issue and are updating our GPU drivers to help mitigate the CPU security issue. As for our SoCs with ARM CPUs, we have analyzed them to determine which are affected and are preparing appropriate mitigations.

The full bulletin can be found here: https://forums.geforce.com/default/topic/1033210/nvidias-response-to-speculative-side-channels-cve-2017-5753-cve-2017-5715-and-cve-2017-5754/

Redhat

Redhat has released an advisory that provides a list of affected products and their status. This advisory states:

Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately.  All impacted products should apply fixes to mitigate CVE-2017-5753 (variant 1) and CVE-2017-5754 (variant 3).  CVE-2017-5715 (variant 2) can be exploited both locally and through the virtualization guest boundary.

The full advisory can be found here: https://access.redhat.com/security/vulnerabilities/speculativeexecution?sc_cid=701f2000000tsLNAAY&

SUSE

SUSE has posted an advisory related to these attacks that states:

SUSE engineers have been collaborating with our partners and the Linux community on upstream Linux kernel patches. As a result of that collaboration, we are now able to release patches for most recent SUSE Linux Enterprise (SLE) versions. Additional patches for other SLE versions and environments will follow shortly.

The full advisory can be found here: https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/

Ubuntu

Ubuntu has released an advisory that states new kernels will be available on the original disclosure date of January 9th. The full advisory can be read here: https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/

VMware

VMware has released an advisory that contains information about what products are affected and available patches. This advisory can be found here: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

Xen

The Xen Project has released an highly detailed advisory regarding how the Spectre and Meltdown vulnerabilities affect Xen hypervisors:

Xen guests may be able to infer the contents of arbitrary host memory, including memory assigned to other guests.

An attacker’s choice of code to speculatively execute (and thus the ease of extracting useful information) goes up with the numbers.  For SP1, or SP2 on systems where SMEP (supervisor mode execute protection) is enabled: an attacker is limited to windows of code after bound checks of user-supplied indexes.  For SP2 without SMEP, or SP3, an attacker can write arbitrary code to speculatively execute.

The full post can be found here: https://xenbits.xen.org/xsa/advisory-254.html 

Microsoft Working on Two Windows 10 Features Named Timeline and Sets

by

Microsoft Working on Two Windows 10 Features Named Timeline and Sets

By

  • November 30, 2017
  • 08:52 AM

In an email sent to all Windows Insiders Program (WIP) participants, Terry Myerson, Executive Vice President of the Windows and Devices Group, gave a preview of two new features Microsoft will be testing in the next iteration of the Insiders Program (Windows 10 Redstone 4).

Known as Timeline and Sets, these two features bring major changes to the Windows interface and how users interact with the OS and their files.

Windows Timeline

The first of the two, Windows Timeline, is a modification of the Windows Task View, a feature introduced with Windows 10.

Microsoft introduced Task View as an alternative to the classic ALT+TAB interface, as a better view for opened windows. Windows Timeline expands Task View on a vertical timeline, showing both current and past windows.

In theory, this should allow users to quickly go back and open a file, site, or application they interacted in the past. Details are scant, but Myerson did share a low-resolution screenshot of what users can expect to see.

Windows Timeline

Windows Sets

The second feature is just as intriguing as the first. Called Sets, this feature expands the concept of an app’s “window” with the addition of tabs, a UI concept found in modern browsers.

Adding tabs to Windows Explorer has been the #1 most requested Windows feature in the past years.

Nonetheless, from the video Myerson published online, Sets is not the tabbed interface users have been requesting, but more of a centralization of all Windows-related apps and services under one window, with tabs capable of opening Edge, Office apps, OneNote, and other Microsoft-made apps.

It is unclear if Sets will allow other apps access to the “shared window space” Microsoft is creating, but common sense dictates that UWP-compatible apps will be likely to support it.

Myerson said both features would roll out to WIP users “in the coming weeks,” and that not all WIP users will get it, as Microsoft wants to compare how users who get and those who don’t get the features interact with Windows.

Change your DNS server address to help protect your PC and Network from malicious attacks

by

As Part of RSL Computer Solutions on going customer service I would like to share with you a Security and Privacy setting that can be made to your individual PC or added to your Network Routing to help safe guard your systems. In some cases this may also slightly increase your browsing speed as well.

Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy.

Security: Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against the IBM X-Force threat intelligence database of over 40 billion analyzed web pages and images. Quad9 also taps feeds from 18 additional threat intelligence partners to block a large portion of the threats that present risk to end users and businesses alike.

IBM has long advocated for strong and innovative means to enhance privacy and data protection, and we are pleased to announce our latest investment in privacy-enhancing technology with the new Quad9Domain Name System (DNS) offering. Created in collaboration with Packet Clearing House (PCH) and the Global Cyber Alliance (GCA), Quad9 goes far beyond standard DNS name resolution, with four key areas of focus.

  • Privacy: Unlike many other DNS services, Quad9 makes use of aggregated data, but by design does not store, correlate or otherwise employ any personally identifiable information (PII). Quad9 does not and never will share any of its data with marketers, nor will it use this data for demographic analysis.
  • Security: Quad9 makes security a chief priority to deliver superior protection against cybercrime networks and malware, integrating security analysis from individual machines’ DNS queries to global trends.
  • Scalability: Quad9 leverages PCH’s long history of providing highly robust DNS back-end infrastructure, including over 160 points of presence around the world.
  • Ease of use: Administrators can easily configure endpoint devices to point to the Quad9 DNS server at address 9.9.9.9

Make the Change to Quad9DNS servers are typically assigned by your internet provider or IT department, and both consumers and businesses can make a simple change to the Dynamic Host Configuration Protocol (DHCP) to route DNS traffic through Quad9 without requiring end users to make any changes. Quad9 is and will remain freely available to anyone who wants to use it.

Adding the Clould9 DNS service across your entire network would be of a greater benefit as then it will protect any webpage connection from any computer device on your network. If you would like help in settings this service to function across your network or a single PC, but are not sure how to do so, we can set this up for a nominal fee. Contact RSL Computer Solutions to add Quad9 DNS routing to your network environment.

Remote Monitoring and Management (RMM)

by

Proactive Remote Monitoring and Management Services help ensure availability and performance of your IT infrastructure

Business environments come with challenges and opportunities. To respond effectively to these, it is vital for a company to have a reliable and agile IT infrastructure in place. This means that the 24/7 availability of IT infrastructure is critical to a business’ operations.  If Computer and network systems are left unattended for periods of time, without monitoring and without proactive maintenance, patches and security updates, failure rates increase.  This may cause sudden breakdowns which can lead to client data and or financial losses as well as loss of sales and customers.

Developing the capacity to monitor and manage IT infrastructure in-house is a daunting task.  Even more—it’s expensive and time consuming.  For small to mid-size companies, it is difficult to hire, train and retain personnel with these needed and specific skill sets.  Therefore, partnering with an MSP/RMM solutions provider for proactive monitoring and management of your Computer and Network systems is the key to cost-effective and fully supported, highly available IT infrastructure.

RSL Computer Solutions, LLC is an (MSP) Managed Service Provider offering RMM (Remote Monitoring and Management services) or Remote IT Infrastructure Monitoring and Management services.  The service follows a proactive approach to remotely manage and monitor your IT assets following a unique model of onsite and offsite monitoring and management of (Servers, Desktops, Laptops, Network Devices, Printers etc.) while also providing add-on solutions for remote antivirus, web protection, backup and even Risk Intelligence reports.

RSL Computer Solutions, LLC remotely monitors devices by installing a software agent on the device(s) at the customer premises that feed updates from these devices, at regular intervals of time, to our monitoring dashboard.  These updates are then analyzed to handle critical issues and necessary steps are performed to resolve many issues remotely in most cases.  Priority support via an SLA agreement is available for those issues that require onsite assistance.

Remote Monitoring and Management Features:

  • Offers Comprehensive solutions to manage devices, networks, users, desktops and data backup.Various functions performed are:
  • Inventory & Asset Management
  • Policy Management, Application & License compliance
  • Antivirus & Patch Management (Both Windows and many 3rd Party applications) *** See more
  • Backup Management (add-on)
  • Monitoring & Alerting of device component issues with, hard drives, CPU, operating systems
  • Remote Support
  • Detailed Reports can be sent to clients on a weekly or monthly basis
  • Structured response and maintenance agreement (SLA) (faster onsite and on call services and special discounts)
  • Managed Antivirus and Web Protection Services (optional)
  • Fixed Monthly fee per device (no hidden surprises, no contracts- just an agreement)
  • Critical issues are identified, reported, and resolved in real time in most cases
  • Detailed analysis of your current environment, reporting on issues and actionable items
  • Scheduled maintenance activities and remediation’s required to stabilize your environment
  • Ongoing delivery monitoring and maintenance designed to keep your business optimized and running smoothly

Benefits:

  • Efficient, highly available and completely supported IT infrastructure
  • Reduced hassles of IT complexities and proactive maintenance and monitoring
  • Reduced expenses on maintaining IT infrastructure
  • Focus on your business rather than on maintaining your computers and network system.

***  Kiss goodbye to Windows updates and quit worrying about security on devices setup with our Remote Monitoring and Management Services. Our patch management scans the computers automatically – and allows us the functionality to effectively install and manage patches across all your RMM devices even across different operating systems and products of Windows, Linux and Apple/Mac. Providing Daily, Scheduled or On -Demand patching!

  • Supports automatic updating (including non-security updates) for Microsoft Windows and other Microsoft products including Office and Exchange
  • Covers all 5 major browsers – Explorer, Chrome, Firefox, Safari and Opera
  • Supported patching including the most commonly exploited 3rd party applications such as Adobe and Oracle Java
  • Other vendor support including Apple, Mozilla, Zip tools and a host more, as well as Instant Messaging Clients such as Skype and Yahoo Messenger
  • Helps you maintain a secure, compliant network
  • Upgrades to the latest versions, automatically
  • Easily deploy patches network-wide, individually, on demand or scheduled!

Pricing: Monthly Per Device:

Monitoring and Patch management of workstations starting from $12.99  (*Multi Workstation Discounts available contact us for details)

Windows Server Monitoring and Patch Management starting from $19.99

Home Users – Monitoring and Patch Management starting from $12.99

For more information or to signup for our RMM services please contact us.

RSL Computer Solutions, LLC

(513) 816-1344
10 Douglas Ln
 Hamilton, Ohio 45011

FOLLOW US

Testimonials

  • Excellent technical and customer service. Rick is always ready to respond to a request and resolves them within a timely manner. He is a pleasure to have as part of our extended team. He is always prompt on follow ups as well. Thank you for your commitment to Class-A service! Read More
    Jill Kohrs
    Prolocity
  • 5 Star service. Off the charts computer knowledge. Would highly recommend Rick & RSL Computer Solutions! Read More
    Jeff Driver
    Consumers Mortgage Source
  • I highly recommend RSL for any computer / network issues you may be having. RSL recently revamped our network here at Mehas Music in downtown Hamilton - Rick took care of multiple complex issues, and was able to get us back up and running in much less time than we were expecting (AND at a... Read More
    James Mehas
    Mehas Music
  • I would highly recommend RSL for all of your networking, computer or technology support needs. The company completely set up a new office complex for my company and did a great job. The remote monitoring service is a lifesaver! Read More
    Sid Vance
    MAJ Companies
  • I called Rick a year ago (02-2017) to rid my computer of a virus. Rick took care of that situation and installed new protection software. No problem since then. Recently Rick transferred files/programs from several of my old computers to a new computer. Now I've got one new "family" computer with all the files/programs I... Read More
    John S. Comella N8AA
  • Rick is the best. If you want fast and quality service, he is definitely the one to call. I am so impressed with the service I received. I would recommend him to everyone. Read More
    Terry Singer Huffman
  • First and foremost, Rick is very smart about computers and networks. On top of that, he really cares about his clients. Your problem is his problem until he has it solved. My computers and network have never worked better. Read More
    Thomas J. Ruwe, Attorney at Law
  • I would like to take a minute to thank you for all your help with setting me up with a new laptop, transferring all my info and files and such, and supporting me with questions and all the help. Your prompt attention to my needs is always helpful and fast. I recommend you and your... Read More
    Gary B. KC9PTD
    Somonauk, IL
  • We have been using Rick with RSL Computer Solutions, LLC for almost a year now. So glad that we switch because we were not happy with who we were using before and since switching to Rick we have had a lot less issues. Makes things so much smoother when you have your trust in somebody... Read More
    Reffitt’s Garage & Towing Service, Auto Body Repair, LLC
    Reffitt's Garage & Towing Service, Auto Body Repair, LLC
  • All of the Hamilton Amateur Radio Club (HAMARC) desktop computers at the station were built by Rick and have working great for several years without any problems! Read More
    Bob KD8RLA
    HAMARC