Cyber Security Expert, Paulius Petretis Talks About Security Holes in Intel Platforms

Paulius Petretis, leading cyber security expert and CEO of VORAS Consulting reveals that all Intel platforms for the past decade are vulnerable due to remotely and locally exploitable security holes.

 Vilnius, Lithuania – May 15, 2017 – Paulius Petretis, CEO of VORAS Consulting posted a new blog on the company website entitled “If You Use Intel Platforms Your Data Is Vulnerable.” Cyber security threats are not surprising to Mr. Petretis, however when an OEM is made aware of a threat and does nothing to fix it, he is surprised.

Petretis writes, “In the world of cyber security new threats are discovered literally on a daily basis. Typically, though, in the digital world issues are addressed quickly once they are discovered. Well, some of the time.” He continues adding, “Apparently that is not the case with Intel platforms produced over the past decade.” He elaborates, “I came across an article at SemiAccurate.com, a technology news site I subscribe to that took me somewhat by surprise.”

“According to the article,” says Petretis, “Every Intel platform from Nehalem to Kaby Lake has a remotely exploitable security hole. There is literally no Intel box made in the last 9+ years that isn’t at risk.” HE adds, “I agree with the author’s next statement that, “This is somewhere between nightmarish and apocalyptic.” (https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/)

Petretis states, “It’s likely you have vulnerable Intel platforms with exploitable security holes that need to be secured if your system is 10 years old or newer.” He advises, “The best course of action is to check for patches daily and install all patches immediately. If there is no patch, back up data and replace.”

The entire blog can be read at http://pauliuspetretis.freeua.agency/if-you-use-intel-platforms-your-data-is-vulnerable/

 

Paulius Petretis

Paulius Petretis is an Information security expert, Certified Information Systems Security Professional (CISSP®), Certified Information Security Manager (CISM®), Certified Information Systems Auditor (CISA®), Certified in the Governance of Enterprise IT(CGEIT®) and Certified in Risk and Information Systems Control (CRISC®), Guest speaker at various conferences and seminars, Trainer at information security related training courses.

According to the annual survey initiated by the Info Security Europe, a whopping 93% of large organizations and 76% of small businesses had at least a single information security breach in 2011. Only 18% of the organizations affected by the infringements related to data protection laws had a consistent and effective contingency plan in place. According to Paulius, information is not something static – it evolves and mutates every day. It is the ecosystem of every business and if a single cell fails, it can bring down the entire business.

Therefore ensuring a consistent and up-to-date information protection policy must be the priority for all businesses – no matter how big or small they are. As it might be unrealistic to believe that any young or experienced entrepreneur can be the jack of all trades, the really smart decision is to rely on specialists who dedicate their professional lives to getting to know everything there is to know about protecting important business information.

With more than 16 years of experience in helping people, small businesses, and government organizations to protect their business secrets, Paulius believes that information security must help businesses achieve goals but not vice versa.

 

###

 

 

 

 

 

 

 

If You Use Intel Platforms Your Data Is Vulnerable

In the world of cyber security new threats are discovered literally on a daily basis. Typically, though, in the digital world issues are addressed quickly once they are discovered. Well, some of the time.

Apparently that is not the case with Intel platforms produced over the past decade. I came across an article at SemiAccurate.com, a technology news site I subscribe to that took me somewhat by surprise.

According to the article, “Every Intel platform from Nehalem to Kaby Lake has a remotely exploitable security hole. There is literally no Intel box made in the last 9+ years that isn’t at risk.” I agree with the author’s next statement that, “This is somewhere between nightmarish and apocalyptic.” (https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/)

As a cyber security expert, I look for exploitable security holes and have come to expect to find them. Hackers manage to do a great job of revealing them shortly after product delivery. Once discovered, the OEMs tend to address the issues immediately. I’m a little surprised that it has taken Intel so long to address their security hole issues and seemingly with great reluctance.

Finally, according to SemiAccurate.com, “The hole is being fixed and Intel is issuing a patch.” They also say that, “Intel has some mitigation options for the affected users, that is you, whether you know it or not. They have two fixes for provisioned AMT and non-provisioned boxes, both prevent the issue from happening until the firmware update has been distributed by OEMs. Unfortunately since this issue is not disclosed officially yet, they won’t tell you what it is. Due to the severity of the issue, we highly recommend you make these changes immediately, don’t wait for the official disclosure.”(https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/)

It’s likely you have vulnerable Intel platforms with exploitable security holes that need to be secured if your system is 10 years old or newer. The best course of action is to check for patches daily and install all patches immediately. If there is no patch, back up data and replace.

 

Director of VORAS Consulting, Paulius Petretis Talks About Recent Randomware Outbreak

Paulius Petretis, leading cyber security expert discusses the fact that those hit by the recent WannaCry/WannaCrypt randomware attack had older MS operating systems or simply did not keep up with the most recent patches.

 Vilnius, Lithuania – May 05, 2017 – Paulius Petretis, CEO of VORAS Consulting posted a new article on the company website entitled “Getting Hit By WannaCry and WannaCrypt Makes You Wanna Kick Yourself.” Mr. Petretis suggests that there’s no time for remorse.

Petretis asks, “Is your company’s computer data being held for ransom?” He adds, “If so, as you certainly must know by now, you’re not alone. Last week companies and individuals in more than 100 countries around the world became victims of the biggest Ransomware outbreak ever. However, those who got hit were using older operating systems or simply had not applied the latest MS patch.” He adds, “Kind of makes you want to kick yourself for not taking cyber security seriously, doesn’t it?”

According to Petretis, “If you were one of the companies that had applied critical Microsoft Windows patches released in March, you were protected against this attack.” “If not,” he adds, “there are still many Windows servers and workstations that are potentially vulnerable. The WannaCry (Wcry)/WannaCrypt ransomware threat may still be working its way through other companies using older Microsoft OS systems at this very moment.”

As Petretis indicates there this is not the time to “slack of cyber security.” As Petretis points out, “ Those of us in the cyber security field have known this type of attack was imminent.” He continues adding, “And unfortunately we will be seeing more copycats, since ransomware threats are not new. This type of malicious software has been traced to threats all the way back to 1989. Those were the days of floppy disks when the ransomware was sent to unsuspecting computer owners.”

The entire article can be read at http://pauliuspetretis.freeua.agency/getting-hit-by-wannacry-and-wannacrypt-makes-you-wanna-kick-yourself/

 

Paulius Petretis

Paulius Petretis is an Information security expert, Certified Information Systems Security Professional (CISSP®), Certified Information Security Manager (CISM®), Certified Information System Auditor (CISA®), Certified in the Governance of Enterprise IT(CGEIT®) and Certified in Risk and Information Systems Control (CRISC®), Guest speaker at various conferences and seminars, Trainer at information security related training courses.

According to the annual survey initiated by the Info Security Europe, a whopping 93% of large organizations and 76% of small businesses had at least a single information security breach in 2011. Only 18% of the organizations affected by the infringements related to data protection laws had a consistent and effective contingency plan in place. According to Paulius, information is not something static – it evolves and mutates every day. It is the ecosystem of every business and if a single cell fails, it can bring down the entire business.

Therefore ensuring a consistent and up-to-date information protection policy must be the priority for all businesses – no matter how big or small they are. As it might be unrealistic to believe that any young or experienced entrepreneur can be the jack of all trades, the really smart decision is to rely on specialists who dedicate their professional lives to getting to know everything there is to know about protecting important business information.

With more than 16 years of experience in helping people, small businesses, and government organizations to protect their business secrets, Paulius believes that information security must help businesses achieve goals but not vice versa.

 

###