Security Archives

Common Platform Enumeration (CPE)

May 15, 2022SecurityAudit, Configuration Management, CPE, NIST, Security

Common Platform Enumeration (CPE) is a structured naming scheme for information technology (IT) systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a…

Common Vulnerabilities and Exposures (CVE)

May 15, 2022Securitycurl, CVE, Security, Terminal

json feed of all apple related things. https://services.nvd.nist.gov/rest/json/cves/1.0?cpeMatchString=cpe:2.3:*:apple curl -s "https://services.nvd.nist.gov/rest/json/cves/1.0?cpeMatchString=cpe:2.3:*:apple" curl -s "https://services.nvd.nist.gov/rest/json/cves/1.0?cpeMatchString=cpe:2.3:*:apple:macOS:catalina" https://csrc.nist.gov/CSRC/media/Projects/National-Vulnerability-Database/documents/web%20service%20documentation/Automation%20Support%20for%20CVE%20Retrieval.pdf this is the documentation. of how to use their CVE feed hope this link works…

Change Management

May 8, 2022SecurityChange Management, CRQ, ITIL

Change Management seeks to minimize the risk associated with Changes, where ITIL defines a Change as "the addition, modification of removal of anything that could have an effect on IT…

Log4j

April 4, 2022Security

Log4j lsof - list open files for log4j lsof | grep log4j https://github.com/isaacatmann/log4j-search/blob/main/log4j-search.sh https://community.jamf.com/t5/jamf-pro/log4j-vulnerability/m-p/254027 https://medium.com/@anchorbuoy_sftw/log4shell-log4j-zero-day-exploit-and-filemaker-server-e20ebe806e8a

Common Configuration Enumaration (CCE)

April 2, 2022SecurityCCE, MITRE

The Common Configuration Enumaration (CCE) List provides unique identifiers to security-related system configuration issues in order to improve workflow by facilitating fast and accurate correlation of configuration data across multiple…

End of Life (EOL) Software

February 23, 2022Links, Securitylink

End of Life (EOL) Software https://www.upcomingeol.com/home

NIST SP 800-219 macOS Security Compliance Project (mSCP) Guidance

February 22, 2022Apple, macOS Security Compliance Project (mSCP)automation, macOS 12, Security, STIG

Apple; baseline; configuration management; endpoint device security; macOS; macOS Security Compliance Project (mSCP); operating system security; security compliance. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-219-draft.pdf This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-219-draft Jamf Pro…

Retrieve List of Root DoD CAs

January 4, 2022SecurityPKI, Root Certificates, Scripts

https://public.cyber.mil/pki-pke/ For help configuring your computer to read your Common Access Card (CAC), visit Getting Started page. For instructions on configuring desktop applications, visit End Users page. Admins can find…

The macOS Security Compliance Project : macOS Security Compliance tool(s)

December 31, 2021Apple, macOS Security Compliance Project (mSCP)NIST, Security

The macOS Security Compliance Project (mSCP) provides a programmatic approach to generating security guidance. The project uses a set of tested and validated controls that map(s) these controls against any security guide supported by the project.