search menu icon-carat-right cmu-wordmark

Archive: 2019

VPN - A Gateway for Vulnerabilities

VPN - A Gateway for Vulnerabilities

• CERT/CC Blog
Vijay Sarvepalli

Virtual Private Networks (VPNs) are the backbone of today's businesses providing a wide range of entities from remote employees to business partners and sometimes even to customers, with the ability to connect to sensitive corporate information securely. Long gone are the days of buying a leased line or a dedicated physical network (or fiber) for these types of communications. VPNs provide a simple way to take advantage of the larger public internet by creating virtual...

Read More
It's Time to Retire Your Unsupported Things

It's Time to Retire Your Unsupported Things

• CERT/CC Blog
Will Dormann

"If it ain't broke, don't fix it." Why mess with something that already works? This is fair advice with many things in life. But when it comes to software security, it's important to realize that there can be severe consequences to using software or hardware after the vendor stops supporting it. In this blog post, I will discuss a number of examples of products, including Microsoft Windows and D-Link routers, whose continued use beyond their...

Read More
The Dangers of VHD and VHDX Files

The Dangers of VHD and VHDX Files

• CERT/CC Blog
Will Dormann

Recently, I gave a presentation at BSidesPGH 2019 called Death By Thumb Drive: File System Fuzzing with CERT BFF. (The slides from my presentation are available in the SEI Digital Library.) Although my primary goal was to find bugs in kernel file-system-parsing code, a notable part of my research was investigating attack vectors. In particular, I focused on VHD and VHDX files on Windows systems. In this post, I describe some of the risks associated...

Read More
Expectations of Windows RDP Session Locking Behavior

Expectations of Windows RDP Session Locking Behavior

• CERT/CC Blog
Will Dormann

This post was co-written by Will Dormann and Joe Tammariello. Recently, CERT researchers published a vulnerability note (VU#576688 - Microsoft Windows RDP can bypass the Windows lock screen). In this blog post, we provide a little more insight into how the vulnerability was discovered and what it may mean to people who use Microsoft Windows RDP. The following steps reproduce VU#576688: Use a Microsoft Windows RDP client to connect to Windows Server 2019 or Windows...

Read More
Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines

Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines

• CERT/CC Blog
Allen Householder

The U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines. At the CERT/CC, we focus our attention on sectors that are new to (or perhaps slow to adopt) common vendor security practices like Coordinated Vulnerability Disclosure (CVD). To that end, Deana Shick, Jonathan Spring, Art Manion, and I collaborated to provide our feedback to the EAC. The remainder of this post contains the comments...

Read More
API Hashing Tool, Imagine That

API Hashing Tool, Imagine That

• CERT/CC Blog
Kyle O'Meara

In the fall of 2018, the CERT Coordination Center (CERT/CC) Reverse Engineering (RE) Team received a tip from a trusted source about a YARA rule that triggered an alert in VirusTotal. This YARA rule was found in the Department of Homeland Security (DHS) Alert TA17-293A, which describes nation state threat activity associated with Russian activity. I believed this information warranted further analysis....

Read More