Blog Posts

Exfiltration with IPv6 tunnels on Windows

Will Dormann just posted a CERT/CC blog post about using outbound SMB connections to harvest Windows credentials via OLE objects. While most enterprises probably block outbound SMB over IPv4, they …

Read More

April 5, 2018 • By Dan J. Klinedinst, Will Dormann

In CERT/CC Vulnerabilities

8 At-Risk Emerging Technologies

by Dan KlinedinstVulnerability AnalystCERT DivisionAs the world becomes increasingly interconnected through technology, information security vulnerabilities emerge from the deepening complexity. Unexpected interactions between hardware and software components can magnify the …

Read More

October 22, 2017 • By Dan J. Klinedinst

In CERT/CC Vulnerabilities

Secure Software Updates

The CERT Coordination Center recommends automated software updates, at least for security updates. With the emergence of IoT, we see more and more devices running out-of-date software even when they …

Read More

September 6, 2017 • By Dan J. Klinedinst, CERT Insider Threat Center

In CERT/CC Vulnerabilities

On Board Diagnostics: Risks and Vulnerabilities of the Connected Vehicle

We worked with DHS US-CERT and the Department of Transportations' Volpe Center to study aftermarket on-board diagnostic (OBD-II) devices....

Read More

August 20, 2016 • By Dan J. Klinedinst

In CERT/CC Vulnerabilities

Vehicle Cybersecurity: The Jeep Hack and Beyond

Automobiles are often referred to as "computers on wheels" with newer models containing more than 100 million lines of code. This blog post highlights the first phase of our research …

Read More

May 23, 2016 • By Christopher King, Dan J. Klinedinst

In CERT/CC Vulnerabilities

Coordinating Vulnerabilities in IoT Devices

The CERT Coordination Center (CERT/CC) has been receiving an increasing number of vulnerability reports regarding Internet of Things devices and other embedded systems....

Read More

January 27, 2016 • By Dan J. Klinedinst

In CERT/CC Vulnerabilities

CVSS and the Internet of Things

There has been a lot of press recently about security in Internet of Things (IoT) devices and other non-traditional computing environments....

Read More

September 1, 2015 • By Dan J. Klinedinst

In CERT/CC Vulnerabilities

External Threat Analysis

Hi, this is Dan Klinedinst of the CERT Enterprise Threat and Vulnerability Management team. Recently we've been looking to extend the methodologies from our insider threat research to other sorts …

Read More

October 4, 2012 • By Dan J. Klinedinst, CERT Insider Threat Center

In Insider Threat