http://sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching Vulnerability Discoveryen-usMon, 19 Sep 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/using-alternate-data-streams-in-the-collection-and-exfiltration-of-data/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn this blog post, we describe how attackers obscure their activity via alternate data streams (ADSs) and how to defend against malware attacks that employ ADSs.Dustin Updyke, Molly JaconskiMon, 19 Sep 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/using-alternate-data-streams-in-the-collection-and-exfiltration-of-data/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisVulnerability DiscoveryVulnerability MitigationMalware AnalysisMalwarehttps://www.sei.cmu.edu/blog/six-dimensions-of-trust-in-autonomous-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.Paul NielsenWed, 20 Apr 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/six-dimensions-of-trust-in-autonomous-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSoftware AssuranceVulnerability DiscoveryDevopsArtificial Intelligence EngineeringMachine LearningCybersecurityAutonomy and Counter-AutonomySoftware and Information AssuranceHuman-Machine InteractionsArtificial IntelligenceDigital EngineeringCyber-Physical Systemshttps://www.sei.cmu.edu/blog/how-easy-is-it-to-make-and-detect-a-deepfake/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe technology underlying the creation and detection of deepfakes and assessment of current and future threat levelsCatherine Bernaciak, Dominic RossMon, 14 Mar 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/how-easy-is-it-to-make-and-detect-a-deepfake/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationSecurity-Related RequirementsArtificial Intelligence EngineeringAdvanced Computinghttps://www.sei.cmu.edu/blog/security-automation-begins-at-the-source-code/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesHi, this is Vijay Sarvepalli, Information Security Architect in the CERT Division. On what seemed like a normal day at our vulnerability coordination center, one of my colleagues asked me....Vijay SarvepalliWed, 11 Mar 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/security-automation-begins-at-the-source-code/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CChttps://www.sei.cmu.edu/blog/vpn-a-gateway-for-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVirtual Private Networks (VPNs) are the backbone of today's businesses providing a wide range of entities from remote employees to business partners and...Vijay SarvepalliWed, 13 Nov 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/vpn-a-gateway-for-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CChttps://www.sei.cmu.edu/blog/update-on-the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIt's been two years since we originally published the CERT Guide to Coordinated Vulnerability Disclosure. In that time, it's influenced both the US Congress and EU Parliament....Allen HouseholderMon, 16 Sep 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/update-on-the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CCBest Practiceshttps://www.sei.cmu.edu/blog/the-dangers-of-vhd-and-vhdx-files/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRecently, I gave a presentation at BSidesPGH 2019 called Death By Thumb Drive: File System Fuzzing with CERT BFF....William DormannWed, 04 Sep 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/the-dangers-of-vhd-and-vhdx-files/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CChttps://www.sei.cmu.edu/blog/announcing-cert-tapioca-20-for-network-traffic-analysis/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesA few years ago, I announced the release of CERT Tapioca for MITM Analysis. This virtual machine was created for the purpose of analyzing Android applications to find apps....William DormannWed, 23 May 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/announcing-cert-tapioca-20-for-network-traffic-analysis/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity VulnerabilitiesVulnerability DiscoveryCERT/CChttps://www.sei.cmu.edu/blog/automatically-stealing-password-hashes-with-microsoft-outlook-and-ole/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesBack in 2016, a coworker of mine was using CERT BFF, and he asked how he could turn a seemingly exploitable crash in Microsoft Office into a proof-of-concept exploit that runs calc.exe....William DormannTue, 10 Apr 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/automatically-stealing-password-hashes-with-microsoft-outlook-and-ole/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity VulnerabilitiesVulnerability DiscoveryCERT/CCBest Practiceshttps://www.sei.cmu.edu/blog/the-curious-case-of-the-bouncy-castle-bks-passwords/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWhile investigating BKS files, the path I went down led me to an interesting discovery: BKS-V1 files will accept any number of passwords to reveal information....William DormannMon, 19 Mar 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/the-curious-case-of-the-bouncy-castle-bks-passwords/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity VulnerabilitiesVulnerability DiscoveryCERT/CChttps://www.sei.cmu.edu/blog/how-to-get-the-most-out-of-penetration-testing/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThere are many reasons for an organization to perform a penetration test of its information systems: to meet compliance standards, test a security team's capabilities....Michael CookTue, 23 Jan 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/how-to-get-the-most-out-of-penetration-testing/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity VulnerabilitiesVulnerability DiscoveryInsider ThreatCERT/CChttps://www.sei.cmu.edu/blog/the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDiscover the recently released CERT Guide to Coordinated Vulnerability Disclosure in this SEI Blog post.Allen HouseholderTue, 15 Aug 2017 00:00:00 -0400https://www.sei.cmu.edu/blog/the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CCCyber MissionsBest Practiceshttps://www.sei.cmu.edu/blog/announcing-cert-basic-fuzzing-framework-version-28/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesToday we are announcing the release of the CERT Basic Fuzzing Framework Version 2.8 (BFF 2.8). It's been about three years since we released BFF 2.7....Allen HouseholderWed, 05 Oct 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/announcing-cert-basic-fuzzing-framework-version-28/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryCERT/CChttps://www.sei.cmu.edu/blog/board-diagnostics-risks-and-vulnerabilities-connected-vehicle/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWe worked with DHS US-CERT and the Department of Transportations' Volpe Center to study aftermarket on-board diagnostic (OBD-II) devices....Dan KlinedinstSat, 20 Aug 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/board-diagnostics-risks-and-vulnerabilities-connected-vehicle/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity VulnerabilitiesVulnerability DiscoveryCERT/CChttps://www.sei.cmu.edu/blog/visualizing-cert-bff-string-minimization/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesI've been working on a presentation called CERT BFF - From Start to PoC. In the process of preparing my material, I realized that a visualization could help people understand what happens during the BFF string minimization process.William DormannMon, 06 Jun 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/visualizing-cert-bff-string-minimization/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryCERT/CChttps://www.sei.cmu.edu/blog/vulnerability-ids-fast-and-slow/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe CERT/CC Vulnerability Analysis team has been engaged in a number of community-based efforts surrounding Coordinated Vulnerability Disclosure lately....Allen HouseholderFri, 11 Mar 2016 00:00:00 -0500https://www.sei.cmu.edu/blog/vulnerability-ids-fast-and-slow/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryCERT/CChttps://www.sei.cmu.edu/blog/coordinating-vulnerabilities-iot-devices/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe CERT Coordination Center (CERT/CC) has been receiving an increasing number of vulnerability reports regarding Internet of Things devices and other embedded systems....Dan KlinedinstWed, 27 Jan 2016 00:00:00 -0500https://www.sei.cmu.edu/blog/coordinating-vulnerabilities-iot-devices/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesInternet of ThingsSecurity VulnerabilitiesVulnerability DiscoveryCERT/CChttps://www.sei.cmu.edu/blog/e-pluribus-que-identifying-vulnerability-disclosure-stakeholders/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesOn September 29, Art Manion and I attended the first meeting of the Multistakeholder Process for Cybersecurity Vulnerabilities....Allen HouseholderThu, 05 Nov 2015 00:00:00 -0500https://www.sei.cmu.edu/blog/e-pluribus-que-identifying-vulnerability-disclosure-stakeholders/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryCERT/CChttps://www.sei.cmu.edu/blog/recent-conference-presentations-by-the-vulnerability-analysis-team/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesA number of us on the Vulnerability Analysis team have been out and about giving talks at various conferences recently....Allen HouseholderThu, 20 Aug 2015 00:00:00 -0400https://www.sei.cmu.edu/blog/recent-conference-presentations-by-the-vulnerability-analysis-team/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryCERT/CChttps://www.sei.cmu.edu/blog/reach-out-and-mail-someone/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post discusses the importance of secure email communication, highlighting common risks and suggesting best practices for enhancing email security.Garret WassermannThu, 06 Aug 2015 00:00:00 -0400https://www.sei.cmu.edu/blog/reach-out-and-mail-someone/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity VulnerabilitiesVulnerability DiscoveryCERT/CC