search menu icon-carat-right cmu-wordmark

CERT/CC Blog

Vulnerability Insights

Latest Posts

Snake Ransomware Analysis Updates

Snake Ransomware Analysis Updates

• CERT/CC Blog
Kyle O'Meara

In January 2020, Sentinel Labs published two reports on Snake (also known as Ekans) ransomware.[1][2] The Snake ransomware gained attention due to its ability to terminate specific industrial control system (ICS) processes. After reading the reports, I wanted to expand the corpus of knowledge and provide OT and IT network defenders with increased defense capabilities against Snake. The key takeaways from the Sentinel Labs’ reports for additional analysis were the hash of the ransomware and...

Read More
Bridging the Gap Between Research and Practice

Bridging the Gap Between Research and Practice

• CERT/CC Blog
Leigh Metcalf

A fundamental goal for a federally funded research and development center (FFRDC) is to bridge the gap between research and practice for government customers. At the CERT Division of the Software Engineering Institute (SEI), we've taken a step beyond that and decided that, in cybersecurity, we should be bridging the gap for all researchers and practitioners. To help achieve this goal, I decided that a journal would be an important step. The Association for Computing...

Read More
Security Automation Begins at the Source Code

Security Automation Begins at the Source Code

• CERT/CC Blog
Vijay Sarvepalli

Hi, this is Vijay Sarvepalli, Information Security Architect in the CERT Division. On what seemed like a normal day at our vulnerability coordination center, one of my colleagues asked me to look into a vulnerability report for pppd, an open source protocol. At first glance, this vulnerability had the potential to affect multiple vendors throughout the world. These widespread coordination cases usually have a prolonged coordination timeline. They typically involve multiple vendors on the one...

Read More
Comments on NIST IR 8269: A Taxonomy and Terminology of Adversarial Machine Learning

Comments on NIST IR 8269: A Taxonomy and Terminology of Adversarial Machine Learning

• CERT/CC Blog
Jonathan Spring

The U.S. National Institute of Standards and Technology (NIST) recently held a public comment period on their draft report on proposed taxonomy and terminology of Adversarial Machine Learning (AML). AML sits at the intersection of many specialties of the SEI. Resilient engineering of Machine Learning (ML) systems requires good data science, good software engineering, and good cybersecurity. Our colleagues have suggested 11 foundational practices of AI engineering. In applications of ML to cybersecurity, we have...

Read More
Machine Learning in Cybersecurity

Machine Learning in Cybersecurity

• CERT/CC Blog
Jonathan Spring

We recently published a report that outlines relevant questions that decision makers who want to use artificial intelligence (AI) or machine learning (ML) tools as solutions in cybersecurity should ask of machine-learning practitioners to adequately prepare for implementing them. My coauthors are Joshua Fallon, April Galyardt, Angela Horneman, Leigh Metcalf, and Edward Stoner. Our goal with the report is chiefly educational, and we hope it can act like an ML-specific Heilmeier catechism and serve as...

Read More
VPN - A Gateway for Vulnerabilities

VPN - A Gateway for Vulnerabilities

• CERT/CC Blog
Vijay Sarvepalli

Virtual Private Networks (VPNs) are the backbone of today's businesses providing a wide range of entities from remote employees to business partners and sometimes even to customers, with the ability to connect to sensitive corporate information securely. Long gone are the days of buying a leased line or a dedicated physical network (or fiber) for these types of communications. VPNs provide a simple way to take advantage of the larger public internet by creating virtual...

Read More
It's Time to Retire Your Unsupported Things

It's Time to Retire Your Unsupported Things

• CERT/CC Blog
Will Dormann

"If it ain't broke, don't fix it." Why mess with something that already works? This is fair advice with many things in life. But when it comes to software security, it's important to realize that there can be severe consequences to using software or hardware after the vendor stops supporting it. In this blog post, I will discuss a number of examples of products, including Microsoft Windows and D-Link routers, whose continued use beyond their...

Read More