Security News

Hackers exploit Windows policy to load malicious kernel drivers
2023-07-11 17:00

Microsoft blocked code signing certificates predominantly used by Chinese hackers and developers to sign and load malicious kernel mode drivers on breached systems by exploiting a Windows policy loophole. With Windows Vista, Microsoft introduced policy changes restricting how Windows kernel-mode drivers could be loaded into the operating system, requiring developers to submit their drivers for review and sign them through Microsoft's developer portal.

Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures
2023-07-11 16:59

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. "Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates," Cisco Talos said in an exhaustive two-part report shared with The Hacker News.

Password Management Policy
2023-07-04 16:00

This policy from TechRepublic Premium provides guidelines for the consistent and secure management of passwords for employees and system and service accounts. These guidelines include mandates on how passwords should be generated, used, stored and changed as well as instructions for handling password compromises.

Information Security Policy
2023-07-03 16:00

This policy from TechRepublic Premium provides guidelines to safeguard company information, reduce business and legal risks and protect company investments and reputation. Its adjunct policy, the Network security policy, covers the systems and devices that transport and store data.

IT Physical Security Policy
2023-07-02 16:00

PHYSICAL SECURITY GUIDELINES AND REQUIREMENTS. The following guidelines should be followed in designing and enforcing access to IT assets. Access to server rooms and IT equipment rooms should be restricted to only those whose job responsibilities require that they maintain the equipment or infrastructure of the room.

Safeguarding customer information policy
2023-06-21 16:00

TechRepublic Premium Hiring kit: GDPR data protection compliance officer The European Union's General Data Protection Regulation requires every business enterprise and public authority that collects personal data from EU customers and clients to protect that data from unauthorized access. Finding ideal candidates for the GDPR data protection compliance officer position will require thorough vetting, and potential candidates may be difficult to find.

Network security policy
2023-06-20 16:00

This policy from TechRepublic Premium will help you create security guidelines for devices that transport and store data. The IT department will be responsible for implementing, adhering to and maintaining these controls.

Introducing Permit.io: Simplifying access control and policy management for developers
2023-05-18 04:00

In this Help Net Security video interview, Or Weis, Co-Founder and CEO of Permit.io, discusses an innovative approach to managing permissions and access control within applications. We will explore policy as code and how it addresses organizations' challenges in managing access control effectively.

Information security incident reporting policy
2023-04-26 12:00

TechRepublic Premium Mobile device security policy PURPOSE This Mobile Device Security Policy from TechRepublic Premium provides guidelines for mobile device security needs in order to protect businesses and their employees. This policy can be customized as needed to fit the needs of your organization.

Mobile device security policy
2023-04-24 12:00

TechRepublic Premium Comparison guide: Top enterprise collaboration tools PURPOSE Some of the most important tools in business are used for collaboration. Without these types of solutions, your staff would struggle to remain as productive as needed.