search menu icon-carat-right cmu-wordmark

Archive: 2016

Windows 10 Cannot Protect Insecure Applications Like EMET Can

Windows 10 Cannot Protect Insecure Applications Like EMET Can

• CERT/CC Blog
Will Dormann

Recently, Microsoft published a blog post called Moving Beyond EMET that appears to make two main points: (1) Microsoft EMET will no longer support EMET after July 31, 2018, and (2) Windows 10 provides protections that make EMET unnecessary. In this blog post, I explain why Windows 10 does not provide the additional protections that EMET does and why EMET is still an important tool to help prevent exploitation of vulnerabilities....

Read More
The Risks of Google Sign-In on iOS Devices

The Risks of Google Sign-In on iOS Devices

• CERT/CC Blog
Will Dormann

The Google Identity Platform is a system that allows you to sign in to applications and other services by using your Google account. Google Sign-In is one such method for providing your identity to the Google Identity Platform. Google Sign-In is available for Android applications and iOS applications, as well as for websites and other devices. Users of Google Sign-In find that it integrates well with the Android platform, but iOS users (iPhone, iPad, etc.)...

Read More
Bypassing Application Whitelisting

Bypassing Application Whitelisting

• CERT/CC Blog
Will Dormann

Application whitelisting is a useful defense against users running unapproved applications. Whether you're dealing with a malicious executable file that slips through email defenses, or you have a user that is attempting to run an application that your organization has not approved for use, application whitelisting can help prevent those activities from succeeding. Some enterprises may deploy application whitelisting with the idea that it prevents malicious code from executing. But not all malicious code arrives...

Read More
Who Needs to Exploit Vulnerabilities When You Have Macros?

Who Needs to Exploit Vulnerabilities When You Have Macros?

• CERT/CC Blog
Will Dormann

Recently, there has been a resurgence of malware that is spread via Microsoft Word macro capabilities. In 1999, CERT actually published an advisory about the Melissa virus, which leveraged macros to spread. We even published an FAQ about the Melissa virus that suggests to disable macros in Microsoft Office products. Why is everything old new again? Reliability of the exploit is one reason, but the user interface of Microsoft Office is also to blame....

Read More
Visualizing CERT BFF String Minimization

Visualizing CERT BFF String Minimization

• CERT/CC Blog
Will Dormann

I've been working on a presentation called CERT BFF - From Start to PoC. In the process of preparing my material, I realized that a visualization could help people understand what happens during the BFF string minimization process....

Read More
Persistent Little IP, Aren't You?

Persistent Little IP, Aren't You?

• CERT/CC Blog
Donald McKeon

What does it mean to say that an indicator is exhibiting persistent behavior? This is a question that Timur, Angela, and I have been asking each other for the past couple of months. In this blog post, we show you the analytics that we believe identify persistent behavior and how that identification can be used to identify potential threats as well as help with network profiling....

Read More
When Is a Vulnerability a Safety Issue?

When Is a Vulnerability a Safety Issue?

• CERT/CC Blog
Christopher King

As you may have read in a previous post, the CERT/CC has been actively researching vulnerabilities in the connected vehicles. When we began our research, it became clear that in the realm of cyber-physical systems, safety is king. For regulators, manufacturers, and the consumer, we all want (and expect!) the same thing: a safe vehicle to drive. But what does safety mean in the context of security? This is the precisely the question that the...

Read More
Choosing the History for a Profile in Simple Network Flow Anomaly Detection

Choosing the History for a Profile in Simple Network Flow Anomaly Detection

• CERT/CC Blog
Angela Horneman

One of my responsibilities on the Situational Awareness Analysis team is to create analytics for various purposes. For the past few weeks, I've been working on some anomaly detection analytics for hunting in the network flow traffic of common network services. I decided to start with a very simple approach using mean and standard deviation for a historical period to create a profile that I could compare against current volumes. To do this, I planned...

Read More
Vulnerability IDs, Fast and Slow

Vulnerability IDs, Fast and Slow

• CERT/CC Blog
Allen Householder

The CERT/CC Vulnerability Analysis team has been engaged in a number of community-based efforts surrounding Coordinated Vulnerability Disclosure lately. I've written previously about our involvement in the NTIA Multistakeholder Process for Cybersecurity Vulnerabilities. Today I'll highlight our ongoing work in the Forum for Incident Response and Security Teams (FIRST). We are currently active in two vulnerability-related working groups within the FIRST organization: the Vulnerability Coordination SIG (recently merged with the NTIA Multiparty Disclosure working group),...

Read More
How to Win Friends and Coordinate a Vulnerability

How to Win Friends and Coordinate a Vulnerability

• CERT/CC Blog
Garret Wassermann

The CERT/CC Vulnerability Analysis team for nearly 30 years now has provided assistance for coordinated vulnerability disclosure (CVD). In a nutshell, we help security researchers communicate with software vendors to resolve security issues, and we get that information in the hands of anyone affected by the vulnerability. The CVD process can be confusing. To help researchers and vendors who are new to CVD, we're announcing a couple of simple but important additions to our CVD...

Read More
Coordinating Vulnerabilities in IoT Devices

Coordinating Vulnerabilities in IoT Devices

• CERT/CC Blog
Dan J. Klinedinst

The CERT Coordination Center (CERT/CC) has been receiving an increasing number of vulnerability reports regarding Internet of Things devices and other embedded systems. We've also been focusing more of our own vulnerability discovery work in that space. We've discovered that while many of the vulnerabilities are technically the same as in traditional IT software, the coordination process has some substantial differences that will need to be addressed as the Internet of Things grows....

Read More