Blog Posts
Exfiltration with IPv6 tunnels on Windows
Will Dormann just posted a CERT/CC blog post about using outbound SMB connections to harvest Windows credentials via OLE objects. While most enterprises probably block outbound SMB over IPv4, they …
• By Dan J. Klinedinst, Will Dormann
In CERT/CC Vulnerabilities
8 At-Risk Emerging Technologies
by Dan KlinedinstVulnerability AnalystCERT DivisionAs the world becomes increasingly interconnected through technology, information security vulnerabilities emerge from the deepening complexity. Unexpected interactions between hardware and software components can magnify the …
• By Dan J. Klinedinst
In CERT/CC Vulnerabilities
Secure Software Updates
The CERT Coordination Center recommends automated software updates, at least for security updates. With the emergence of IoT, we see more and more devices running out-of-date software even when they …
• By Dan J. Klinedinst, CERT Insider Threat Center
In CERT/CC Vulnerabilities
On Board Diagnostics: Risks and Vulnerabilities of the Connected Vehicle
We worked with DHS US-CERT and the Department of Transportations' Volpe Center to study aftermarket on-board diagnostic (OBD-II) devices....
• By Dan J. Klinedinst
In CERT/CC Vulnerabilities
Vehicle Cybersecurity: The Jeep Hack and Beyond
Automobiles are often referred to as "computers on wheels" with newer models containing more than 100 million lines of code. This blog post highlights the first phase of our research …
• By Christopher King, Dan J. Klinedinst
In CERT/CC Vulnerabilities
Coordinating Vulnerabilities in IoT Devices
The CERT Coordination Center (CERT/CC) has been receiving an increasing number of vulnerability reports regarding Internet of Things devices and other embedded systems....
• By Dan J. Klinedinst
In CERT/CC Vulnerabilities
CVSS and the Internet of Things
There has been a lot of press recently about security in Internet of Things (IoT) devices and other non-traditional computing environments....
• By Dan J. Klinedinst
In CERT/CC Vulnerabilities
External Threat Analysis
Hi, this is Dan Klinedinst of the CERT Enterprise Threat and Vulnerability Management team. Recently we've been looking to extend the methodologies from our insider threat research to other sorts …