How Easy Is It to Make and Detect a Deepfake?

The technology underlying the creation and detection of deepfakes and assessment of current and future threat levels

Read More

March 14, 2022 • By Catherine Bernaciak, Dominic Ross

In Artificial Intelligence Engineering

10 Types of Application Security Testing Tools: When and How to Use Them

Bugs and weaknesses in software are common: 84 percent of software breaches exploit vulnerabilities at the application layer....

Read More

July 8, 2018 • By Thomas Scanlon

In CERT/CC Vulnerabilities

How to Get the Most Out of Penetration Testing

There are many reasons for an organization to perform a penetration test of its information systems: to meet compliance standards, test a security team's capabilities....

Read More

January 22, 2018 • By Michael Cook

In CERT/CC Vulnerabilities

8 At-Risk Emerging Technologies

by Dan KlinedinstVulnerability AnalystCERT DivisionAs the world becomes increasingly interconnected through technology, information security vulnerabilities emerge from the deepening complexity. Unexpected interactions between hardware and software components can magnify the …

Read More

October 22, 2017 • By Dan J. Klinedinst

In CERT/CC Vulnerabilities

The Consequences of Insecure Software Updates

In this blog post, I discuss the impact of insecure software updates as well as several related topics, including mistakes made by software vendors in their update mechanisms, how to …

Read More

June 29, 2017 • By Will Dormann

In CERT/CC Vulnerabilities

The Twisty Maze of Getting Microsoft Office Updates

While investigating the fixes for the recent Microsoft Office OLE vulnerability, I encountered a situation that led me to believe that Office 2016 was not properly patched. However, after further …

Read More

April 12, 2017 • By Will Dormann

In CERT/CC Vulnerabilities

Windows 10 Cannot Protect Insecure Applications Like EMET Can

Recently, Microsoft published a blog post called Moving Beyond EMET that appears to make two main points....

Read More

November 20, 2016 • By Will Dormann

In CERT/CC Vulnerabilities

CVD Series: Principles of Coordinated Vulnerability Disclosure (Part 2 of 9)

This is the second post in a series about Coordinated Vulnerability Disclosure (CVD).The material in this series represents a collective effort within the CERT/CC Vulnerability Analysis team. As such, it's …

Read More

October 3, 2016 • By Garret Wassermann

In CERT/CC Vulnerabilities

CVD Series: What is Coordinated Vulnerability Disclosure? (Part 1 of 9)

This is the first post in a series about Coordinated Vulnerability Disclosure (CVD). In this series, we will discuss why CVD is an important part of the modern software development …

Read More

September 26, 2016 • By Garret Wassermann

In CERT/CC Vulnerabilities

Bypassing Application Whitelisting

Application whitelisting is a useful defense against users running unapproved applications....

Read More

June 29, 2016 • By Will Dormann

In CERT/CC Vulnerabilities