Security News

Many computer systems, network devices and other technological hardware used in the enterprise can audit and log various activities. These activities include network traffic, internet access, creating or deleting users, adding users to groups, changing file permissions, transferring files, opening the case, powering off, deleting system logs, and anything else a user, administrator or the system itself might do.

All modern enterprises must accept the fact that at some point their systems or networks will very likely experience an unauthorized intrusion of some kind. A clear and concise plan of action will help counteract any intrusion into an enterprise network and mitigate potential damage.

Learn how a malicious driver exploits a loophole in the Windows operating system to run at kernel level. Cisco Talos discovered a new Microsoft Windows policy loophole that allows a threat actor to sign malicious kernel-mode drivers executed by the operating system.

Microsoft blocked code signing certificates predominantly used by Chinese hackers and developers to sign and load malicious kernel mode drivers on breached systems by exploiting a Windows policy loophole. With Windows Vista, Microsoft introduced policy changes restricting how Windows kernel-mode drivers could be loaded into the operating system, requiring developers to submit their drivers for review and sign them through Microsoft's developer portal.

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. "Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates," Cisco Talos said in an exhaustive two-part report shared with The Hacker News.

This policy from TechRepublic Premium provides guidelines for the consistent and secure management of passwords for employees and system and service accounts. These guidelines include mandates on how passwords should be generated, used, stored and changed as well as instructions for handling password compromises.

This policy from TechRepublic Premium provides guidelines to safeguard company information, reduce business and legal risks and protect company investments and reputation. Its adjunct policy, the Network security policy, covers the systems and devices that transport and store data.

PHYSICAL SECURITY GUIDELINES AND REQUIREMENTS. The following guidelines should be followed in designing and enforcing access to IT assets. Access to server rooms and IT equipment rooms should be restricted to only those whose job responsibilities require that they maintain the equipment or infrastructure of the room.

TechRepublic Premium Hiring kit: GDPR data protection compliance officer The European Union's General Data Protection Regulation requires every business enterprise and public authority that collects personal data from EU customers and clients to protect that data from unauthorized access. Finding ideal candidates for the GDPR data protection compliance officer position will require thorough vetting, and potential candidates may be difficult to find.

This policy from TechRepublic Premium will help you create security guidelines for devices that transport and store data. The IT department will be responsible for implementing, adhering to and maintaining these controls.