An Automated Framework for Cybersecurity Policy Compliance Assessment against Security Control Standards

Organizational cybersecurity policies are often examined to determine whether they adequately comply standard security controls. This task is difficult because control statements are abstract, whereas policy documents describe governance practices in varied natural language. As a result,...

Ensure That auditd Is Enabled

The auditd component is a user-space component of the Linux audit framework, providing the auditctl, ausearch, and aureport programs to audit and view logs. Audit rules are configured using the auditctl program. When getting started, auditctl reads these rules from /etc/audit/audit.rules. The aud...

Remote Code Execution (RCE)

generator-jhipster-entity-audit is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe reflection caused by using Javers as the Entity Audit Framework, which allows malicious classes on the classpath to be exploited through exposed REST endpoints...

generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework

Summary CWE-470 Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' when having Javers selected as Entity Audit Framework Details In the following two occurences, user input directly leads to class loading without checking against e.g. a whitelist of allowed classes...

be.jidoka:jdk-keycloak-admin (=2.0.0), br.com.devires.framework.boot:devires-framework-boot-audit (=1.1.0) +1079 more potentially affected by CVE-2025-22228 via org.springframework.security:spring-security-crypto (>=6.0.0 <=6.0.1)

org.springframework.security:spring-security-crypto MAVEN version =6.0.0, =1.1.0, =1.1.0, =0.12.0, =0.12.0, =0.12.0, =0.13.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.2.3 and more Source cves: CVE-2025-22228 Source advisory:...

Galileo - Web Application Audit Framework

Galileo is an open source penetration testing tool for web application, which helps developers and penetration testers identify and exploit vulnerabilities in their web applications. Installation $ git clone https://github.com/m4ll0k/Galileo.git galileo $ cd galileo Install requirements $ pip...

SAS70 Needs to Die

By Andrew Storms Let’s be clear, SAS70 should be sentenced to a quick and painful death in the bottom of a giant pit protected by 20-foot thick concrete walls where it should be buried forever, along-side other IT criminals such as Windows ME and IE6. While SAS70 has its place in financial...

MDVA-2009:215 : fuse

Due to a bad interaction between fuse and audit framework, applications reading .gvfs would hang if audit is activated. This happens at least on first boot and every month due to readahead-collector. This was reported as bug 53208. These updated packages fix the issue. %NASLMINLEVEL 70300...