search menu icon-carat-right cmu-wordmark

CERT/CC Blog

Vulnerability Insights

Latest Posts

Update on the CERT Guide to Coordinated Vulnerability Disclosure

Update on the CERT Guide to Coordinated Vulnerability Disclosure

• CERT/CC Blog
Allen Householder

It's been two years since we originally published the CERT Guide to Coordinated Vulnerability Disclosure. In that time, it's influenced both the US Congress and EU Parliament in their approaches to vulnerability disclosure. I wanted to provide an update on how the Guide is evolving in response to all the feedback we received....

Read More
The Dangers of VHD and VHDX Files

The Dangers of VHD and VHDX Files

• CERT/CC Blog
Will Dormann

Recently, I gave a presentation at BSidesPGH 2019 called Death By Thumb Drive: File System Fuzzing with CERT BFF. (The slides from my presentation are available in the SEI Digital Library.) Although my primary goal was to find bugs in kernel file-system-parsing code, a notable part of my research was investigating attack vectors. In particular, I focused on VHD and VHDX files on Windows systems. In this post, I describe some of the risks associated...

Read More
Expectations of Windows RDP Session Locking Behavior

Expectations of Windows RDP Session Locking Behavior

• CERT/CC Blog
Will Dormann

This post was co-written by Will Dormann and Joe Tammariello. Recently, CERT researchers published a vulnerability note (VU#576688 - Microsoft Windows RDP can bypass the Windows lock screen). In this blog post, we provide a little more insight into how the vulnerability was discovered and what it may mean to people who use Microsoft Windows RDP. The following steps reproduce VU#576688: Use a Microsoft Windows RDP client to connect to Windows Server 2019 or Windows...

Read More
Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines

Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines

• CERT/CC Blog
Allen Householder

The U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines. At the CERT/CC, we focus our attention on sectors that are new to (or perhaps slow to adopt) common vendor security practices like Coordinated Vulnerability Disclosure (CVD). To that end, Deana Shick, Jonathan Spring, Art Manion, and I collaborated to provide our feedback to the EAC. The remainder of this post contains the comments...

Read More
API Hashing Tool, Imagine That

API Hashing Tool, Imagine That

• CERT/CC Blog
Kyle O'Meara

In the fall of 2018, the CERT Coordination Center (CERT/CC) Reverse Engineering (RE) Team received a tip from a trusted source about a YARA rule that triggered an alert in VirusTotal. This YARA rule was found in the Department of Homeland Security (DHS) Alert TA17-293A, which describes nation state threat activity associated with Russian activity. I believed this information warranted further analysis....

Read More
DGA Domains with SSL Certificates?  Why?

DGA Domains with SSL Certificates? Why?

• CERT/CC Blog
Leigh Metcalf

CertStream is a free service for getting information from the Certificate Transparency Log Network. I decided to investigate the presence of domains generated by Domain Generation Algorithms (DGA) in this stream and I found some intersting phenomena....

Read More
Towards Improving CVSS

Towards Improving CVSS

• CERT/CC Blog
Deana Shick

If you are a software vendor, IT administrator, or CSIRT team, you are probably using the Common Vulnerability Scoring System (CVSS) in one way or another. The CERT/CC recently published a white paper entitled Towards Improving CVSS that outlines what we consider to be major challenges with the standard and discusses some ways forward. This post is a summary of that paper; if you are interested, please review the full paper for an elaboration of...

Read More
New SEI CERT Tool Extracts Artifacts from Free Text for Incident Report Analysis

New SEI CERT Tool Extracts Artifacts from Free Text for Incident Report Analysis

• CERT/CC Blog
Matthew Sisk

This post is co-authored with Sam Perl. The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University recently released the Cyobstract Python library as an open source tool. You can use it to quickly and efficiently extract artifacts from free text in a single report, from a collection of incident reports, from threat assessment summaries, or any other textual source....

Read More