How Easy Is It to Make and Detect a Deepfake?

The technology underlying the creation and detection of deepfakes and assessment of current and future threat levels

Read More

March 14, 2022 • By Catherine Bernaciak, Dominic Ross

In Artificial Intelligence Engineering

Adversarial ML Threat Matrix: Adversarial Tactics, Techniques, and Common Knowledge of Machine Learning

My colleagues, Nathan VanHoudnos, April Galyardt, Allen Householder, and I would like you to know that today Microsoft and MITRE are releasing their Adversarial Machine Learning Threat Matrix. This is …

Read More

October 22, 2020 • By Jonathan Spring

In CERT/CC Vulnerabilities

Security Automation Begins at the Source Code

Hi, this is Vijay Sarvepalli, Information Security Architect in the CERT Division. On what seemed like a normal day at our vulnerability coordination center, one of my colleagues asked me....

Read More

March 11, 2020 • By Vijay Sarvepalli

In CERT/CC Vulnerabilities

Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization

We've just released a follow-up paper in our research agenda about prioritizing actions during vulnerability management, Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization....

Read More

December 5, 2019 • By Allen Householder

In CERT/CC Vulnerabilities

VPN - A Gateway for Vulnerabilities

Virtual Private Networks (VPNs) are the backbone of today's businesses providing a wide range of entities from remote employees to business partners and...

Read More

November 13, 2019 • By Vijay Sarvepalli

In CERT/CC Vulnerabilities

It's Time to Retire Your Unsupported Things

"If it ain't broke, don't fix it." Why mess with something that already works? This is fair advice with many things in life. But when it comes to software security, …

Read More

October 23, 2019 • By Will Dormann

In CERT/CC Vulnerabilities

Update on the CERT Guide to Coordinated Vulnerability Disclosure

It's been two years since we originally published the CERT Guide to Coordinated Vulnerability Disclosure. In that time, it's influenced both the US Congress and EU Parliament....

Read More

September 16, 2019 • By Allen Householder

In CERT/CC Vulnerabilities

The Dangers of VHD and VHDX Files

Recently, I gave a presentation at BSidesPGH 2019 called Death By Thumb Drive: File System Fuzzing with CERT BFF....

Read More

September 4, 2019 • By Will Dormann

In CERT/CC Vulnerabilities

Life Beyond Microsoft EMET

Approximately eight years ago (September 2010), Microsoft released EMET (Enhanced Mitigation Experience Toolkit) 2.0. In the world of software defenders, there was much rejoicing....

Read More

August 28, 2018 • By Will Dormann

In CERT/CC Vulnerabilities

When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults

As a vulnerability analyst at the CERT Coordination Center, I am interested not only in software vulnerabilities themselves, but also exploits and exploit mitigations....

Read More

August 2, 2018 • By Will Dormann

In CERT/CC Vulnerabilities