What if hackers could time travel? That’s the eyebrow-raising reality of this latest attack, and the FBI wants you to act today.
What if hackers could time travel? That’s the eyebrow-raising reality of this latest attack, and the FBI wants you to act today.
I can understand (meaning have heard of) not enforcing certificate expirations, but who let’s just anybody set their system date?
Typically the same level of permissions needed to load drivers - which if they’re attacking the system using custom out of date drivers is relevant.
Having users and services at least privileges is one step of attack surface area reduction, but the “better” solution is to make sure that revocation check is enabled and that the compromised cert is revoked by its issuer. Or if it’s an old, unused root, you can ban that root at the machine level.