Critical logging and access control procedures need to be followed: Exploiting this vulnerability allows an attacker to run arbitrary code in the context of the Hyper-V host, giving them potentially unrestricted access to the underlying hardware. As noted, the impact of this vulnerability could be significant. Once an attacker gains unrestricted access to the Hyper-V host, they can manipulate the resources allocated to the guest operating systems, exfiltrate sensitive information from the guest machines, and potentially compromise or delete entire guest operating systems.I would want to see anyone accessing sensitive data of this magnitude use services and tools in an isolated configuration and ensure that logging and zero-trust processes are put in place. It’s necessary to have certain licensing in place to implement proper logging. External storage should be kept of this logging to document the access, cloud logging is all too often lost as the steps to capture were not performed ahead of time.When retrieving data from various data centers, logging must be performed in Coordinated Universal Time (UTC) as it is difficult to align timestamps without standardizing on one time zone. Ensure that any extra admin instances or permissions created to facilitate the review are removed once the project is over, enterprises often add access for a consultant and then fail to monitor or expire access and permissions in a timely manner.It helps to ensure that all such access for consulting projects has an expiration date. Review Entra ID or Azure AD permissions with PowerShell and make sure that only the access you intended to have granted to an app is allowed for that application.Finally, you should ensure that whatever modifications you have made to a database leave it in a condition to be relied upon going forward. Is there a hash value process or checksum to ensure that the data you had in place before has not been tampered with?Databases typically have some sort of process to ensure the integrity of the data has not been impacted. Whenever you bring in outside tools or consultants, this process needs to be performed to ensure integrity has not been compromised.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3847089/cybersecurity-professionals-can-learn-from-what-we-know-about-doges-cost-cutting-spree.html
