287 matches found
Configure Audit Rules for Privilege-Escalated Commands
Users can call privilege-escalated commands that is, commands with SUID/SGID bits to obtain the super administrator permissions. This operation is risky and often exploited by attackers. You are advised to audit and monitor privilege-escalated commands for future tracing. By default, audit rules...
Avoid the .forward File in the Home Directory
An email address can be configured in the .forward file. When a user receives an email, the email is automatically forwarded to the email address. If there are no email forwarding scenarios, you are advised to delete the .forward file. If the .forward file exists, emails containing sensitive...
Correctly Configure the Log Records of Each Service
Logs should be configured so that important system behaviors and security-related information are recorded by rsyslog. The configuration files /etc/rsyslog.conf and /etc/rsyslog.d/.conf specify the rules for logging and the files for recording specific types of logs. If logging is not configured,...
Do Not Install Network Sniffing Tools
If network sniffing tools exist in the production environment, attackers may use them for network analysis and attacks. Therefore, in the production environment, do not install network sniffing, packet capturing, or analysis tools, such as tcpdump, Ethereal, and Wireshark. SPDX-FileCopyrightText:...
Ensure That Partitions without Executable Files Are Mounted Using noexec
A data drive only stores data generated during service running. No command is executed in the data drive. Therefore, you can mount the drive or partition using noexec to improve security and reduce the attack surface. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be...
Proactive threat hunting with Talos IR
At Cisco Talos, we understand that effective cybersecurity isn't just about responding to incidents -- it's about preventing them from happening in the first place. One of the most powerful ways we do this is through proactive threat hunting. Our Talos Incident Response Talos IR team works closel...
IBM Global Configuration Management Access Control Error Vulnerability
IBM Global Configuration Management is a Web-based tool from International Business Machines IBM. It can be used to assemble configurations from other IBM Engineering Lifecycle Management ELM applications into a global configuration. An Access Control Error vulnerability exists in IBM Global...
CVE-2024-41773
IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls...
CVE-2024-41773
IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls...
CVE-2024-41773
CVE-2024-41773 affects IBM Global Configuration Management (GCM) versions 7.0.2 and 7.0.3. The root cause is improper access controls that could allow an authenticated user to archive a global baseline. Public sources in the connected documents corroborate this description and assign a CVSS base ...
IBM Global Configuration Management 安全漏洞
IBM Global Configuration Management is a Web-based tool from International Business Machines IBM. It can be used to assemble configurations from other IBM Engineering Lifecycle Management ELM applications into a global configuration. An Access Control Error vulnerability exists in IBM Global...
PT-2024-29557 · Ibm · Ibm Global Configuration Management
Name of the Vulnerable Software and Affected Versions: IBM Global Configuration Management versions 7.0.2 through 7.0.3 Description: The issue is related to improper access controls, allowing an authenticated user to archive a global baseline. This could potentially lead to privilege escalation d...
PT-2024-26926 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.0.0 OpenHarmony version 4.0.0 Description: The issue allows a remote attacker to execute arbitrary code in pre-installed apps through out-of-bounds read and write. Recommendations: For OpenHarmony versions prio...
MAL-2024-1815 Malicious code in bc-baseline (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 004f716d6faa9713997578e5ad3b8a25eb483ce027b32e3a4ef6eb05179c430c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bc-baseline (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 004f716d6faa9713997578e5ad3b8a25eb483ce027b32e3a4ef6eb05179c430c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Online Privacy and Overfishing
Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions werent about how hackers were using the tools that was utterly predictable, but about how Microsoft figured it out. The natural conclusion wa...
PT-2024-19260 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.0.0 OpenHarmony version 4.0.0 Description: The issue allows a local attacker to cause a denial of service DOS through a use after free exploit. Recommendations: For OpenHarmony versions prior to 4.0.0, update t...
Automatic Conditional Access policies in Microsoft Entra streamline identity protection
Extending our commitment to help customers be secure by default, today were announcing the auto-rollout of Microsoft Entra Conditional Access policies that will automatically protect tenants based on risk signals, licensing, and usage. Weve designed these policies based on our deep knowledge of t...
Part I: Implementing Effective Cyber Security Metrics That Reduce Risk Realistically
As a CISO or business leader, some burning questions that often come to your mind are: How vulnerable is our cybersecurity posture? Are we better protected than we were three months or a year ago? Have our investments improved the cybersecurity posture and yielded any tangible benefits? Are my...
Exploit for Race Condition in Microsoft
This is a PoC exploit for CVE-2023-36884, a vulnerability in Mic...