headlines
May 20, 2013
Technical Note on Foreign Involvement in Insider Intellectual Property Theft Released
This entry in the Spotlight On series summarizes such cases and insiders and provides recommendations for mitigating these incidents.
May 9, 2013
New Podcast Released
A common language is essential to develop a shared understanding to better analyze malicious code.
May 8, 2013
New Blog Entry: Keep Calm and Deploy EMET
This blog post provides information about an effective approach to blocking exploits of CVE-2013-1347, the Internet Explorer 8 CGeneric Element object use-after-free vulnerability.
May 6, 2013
New Blog Entry: Controlling the Malicious Use of USB Media
This blog post explains the importance of protecting your organization from the theft of sensitive information using USB media.
April 30, 2013
New Blog Entry: Don't Sign that Applet!
This blog post describes how Oracle's new guidance for Java applets may cause more harm than good.
April 24, 2013
New Blog Entry: Finding Patterns of Malicious Use in Bulk Registrations
This blog post describes how finding patterns in bulk registrations can help identify potentially malicious domains.
April 17, 2013
GeoIP in Your SOC (Security Operations Center)
This blog entry describes how to use geoIP to view data and help your network situational awareness.
April 12, 2013
Call for Participation: FloCon 2014
We are accepting abstracts for presentations, posters, and demonstrations for FloCon 2014, a network security conference that takes place in Charleston, South Carolina, on January 13-16, 2014.
April 4, 2013
New Blog Entry: Second Level Domain Usage in 2012 for Common Top Level Domains
This blog post looks at second level domain usage in 2012 for the most common generic Top Level Domains.
March 28, 2013
New Book Released: Secure Coding in C and C++, Second Edition
This book identifies the root causes of today's most widespread software vulnerabilities, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.
March 27, 2013
New Blog Entry: The Growth of IPv6 Announcements
This blog post presents a method for assessing how popular IPv6 is on the internet.
March 26, 2013
New Podcast Released
Ensuring the security of personal mobile devices that have access to enterprise networks requires action from employers and users.
March 21, 2013
New Blog Entry: An Alternate View of Announced IPv4 Space
This blog post describes an alternate way to view advertised IP address space on the internet using publicly available information.
March 19, 2013
Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders Released
This technical note describes an analysis of the pattern "Increased Review for Intellectual Property (IP) Theft by Departing Insiders," which helps organizations mitigate the risk of insider theft of IP.
March 13, 2013
New Blog Entry: The Growth Rate of IP Addresses That Are Advertised as Usable on the Internet
This blog post describes how you can calculate the growth rate of advertised IP address space on the internet using publicly available information.
March 12, 2013
New Blog Entry: How Ontologies Can Help Build a Science of Cybersecurity
This blog post introduces you to work done on an ontology for malware.
March 11, 2013
New Blog Entry: Watching Domains That Change DNS Servers Frequently
This blog entry describes the results of our three-month study of domains that change their name servers frequently.
February 28, 2013
New Podcast Released
371 cases of insider attacks lead to 4 new and 15 updated best practices for mitigating insider threat.
February 27, 2013
Malware Analysis Lexicon Released
This technical note presents the first common vocabulary for malware analysis.
February 19, 2013
New Blog Entry: CERT Insider Threat Events at the RSA Conference
This blog entry provides you with an opportunity to meet members of the CERT Insider Threat Center at the RSA Conference and describes events supported by these members at the conference.
February 13, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 19 (of 19)
This last of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 19: Close the doors to unauthorized data exfiltration.
February 11, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 18 (of 19)
This eighteenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 18: Be especially vigilant regarding social media.
February 8, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 17 (of 19)
This seventeenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 17: Establish a baseline of normal network device behavior.
February 6, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 16 (of 19)
This sixteenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 16: Develop a formalized insider threat program.
February 4, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 15 (of 19)
This fifteenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 15: Implement secure backup and recovery processes.
February 1, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 14 (of 19)
This fourteenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 14: Develop a comprehensive employee termination procedure.
January 31, 2013
New Podcast Released
Governments and markets are calling for the integration of plans for and responses to disruptive events.
January 30, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 13 (of 19)
This thirteenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 13: Monitor and control remote access from all end points, including mobile devices.
January 28, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 12 (of 19)
This twelfth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 12: Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions.
January 25, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 11 (of 19)
This eleventh of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 11: Institutionalize system change controls.
January 23, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 10 (of 19)
This tenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 10: Institute stringent access controls and monitoring policies on privileged users.
January 21, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 9 (of 19)
This ninth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 9: Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
January 18, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 8 (of 19)
This eighth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 8: Enforce separation of duties and least privilege.
January 16, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 7 (of 19)
This seventh of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 7: Implement strict password and account management policies and practices.
January 15, 2013
New CERT/CC Blog Post: Anatomy of Java Exploits
This blog post examines the vulnerabilities that permitted Java to be exploited in two recent cases.
January 14, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 6 (of 19)
This sixth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 6: Know your assets.
January 11, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 5 (of 19)
This fifth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 5: Anticipate and manage negative issues in the work environment.
January 10, 2013
New CERT/CC Blog Post: Java in Web Browser: Disable Now!
In light of a recent Java vulnerability, this blog post discusses why you should disable Java.
January 9, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 4 (of 19)
This fourth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 4: Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior.
January 8, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 3 (of 19)
This third of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 3: Incorporate insider threat awareness into periodic security training for all employees.
January 4, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 2 (of 19)
This second of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 2: Clearly document and consistently enforce policies and controls.
January 3, 2013
New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 1 (of 19)
This first of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 1: Consider threats from insiders and business partners in enterprise-wide risk assessments.
December 19, 2012
New Podcast Released
Today's high-risk, global, fast, and very public business environment demands a more integrated approach to not be surprised by disruptive events.
December 14, 2012
New Blog Entry: Common Sense Guide to Mitigating Insider Threats Expanded
The release of the Common Sense Guide to Mitigating Insider Threats, 4th Edition introduces four new best practices for preventing and detecting insider threats and a number of new features.
December 13, 2012
New Blog Entry: Fourth Edition of the Common Sense Guide Is Released
The newest edition of the Common Sense Guide to Mitigating Insider Threats is based on our significantly expanded database of more than 700 insider threat cases and continued research and analysis, and it covers new technologies and new threats.
December 12, 2012
Common Sense Guide to Mitigating Insider Threats, 4th Edition, Released
The CERT Insider Threat Center presents new and revised organizational practices for preventing and detecting insider threats.
December 11, 2012
Technical Note Released about Research Study on Resilience Success and Failure
This technical note describes the SEI research study designed to help organizations understand the business value of implementing resilience processes and practices, and determine which ones to implement.
December 5, 2012
Forking and Joining Python Coroutines to Collect Coverage Data
In this blog post, Jonathan Foote explains how to expand on David Beazley's cobroadcast pattern by adding a join capability that can bring multiple forked coroutine paths back together.
November 15, 2012
Helping Developers Address Security with the CERT C Secure Coding Standard
This blog post describes our latest set of rules and recommendations, which aims to help developers avoid undefined and/or unexpected behavior in deployed code.
November 15, 2012
Writing Effective YARA Signatures to Identify Malware
This blog post provides guidelines for using YARA effectively, focusing on selection of objective criteria derived from malware, the type of criteria most useful in identifying related malware (including strings, resources, and functions), and guidelines for creating YARA signatures using these criteria.
November 14, 2012
Insider Threats in State and Local Government
This blog post describes insider threats in state and local government sectors, including who the insiders are, why they attack, and how they attack.
November 5, 2012
New CERT/CC Blog Post: A Look Inside CERT Fuzzing Tools
This blog post introduces recent reports that describe some heuristics and algorithms implemented in CERT fuzzing tools.
November 2, 2012
Spotlight On: Insider Threat from Trusted Business Partners Article Revised and Released
In this blog post, the Insider Threat team announces the release of the revised Spotlight On: Insider Threat from Trusted Business Partners article.
October 25, 2012
Updates to CERT Fuzzing Tools (BFF 2.6 & FOE 2.0.1)
In this blog post, the CERT Vulnerability Analysis team announces the release of updates to the CERT Basic Fuzzing Framework (BFF) version 2.6 and the CERT Failure Observation Engine (FOE) version 2.0.1.
October 23, 2012
New Podcast Released
A network profile can help identify unintended points of entry, misconfigurations, and other weaknesses that may be visible to attackers.
October 16, 2012
Technical Note Released on Communication Among Incident Responders
This technical note describes three factors that are likely to help or hinder the cooperation of incident responders.
October 5, 2012
External Threat Analysis
This blog post discusses extending the methodologies used in insider threat research to external threats.
October 1, 2012
Insider Threats Related to Cloud Computing--Installment 10: Conclusion
The last installment of a 10-part series on cloud-related insider threats summarizes the blog series and provides advice for organizations.
September 25, 2012
New Podcast Released
Deploy vulnerability exploit prevention and mitigation techniques to thwart attacks and manage the arms race.
September 25, 2012
The Insider Threat Awareness Virtual Roundtable Webinar
Dawn Cappelli discusses the Insider Threat Awareness Virtual Roundtable webinar that took place on September 18, 2012.
September 24, 2012
Insider Threats Related to Cloud Computing--Installment 9: Two More Proposed Directions for Future Research
Installment 9 of a 10-part series on cloud-related insider threats discusses in detail two final areas of future research for cloud-related insider threats: normal user behavior analysis and policy integration.
September 17, 2012
Insider Threats Related to Cloud Computing--Installment 8: Three More Proposed Directions for Future Research in Detail
Installment 8 of a 10-part series on cloud-related insider threats discusses three more areas of future research for cloud-related insider threats.
September 12, 2012
Insider Threats Related to Cloud Computing--Installment 7: Seven Proposed Directions for Research and Two in Detail
Installment 7 of a 10-part series on cloud-related insider threats introduces seven proposed directions for cloud-related insider threat research.
September 11, 2012
Competency Lifecycle Roadmap Technical Note Released
This technical note describes a preliminary roadmap for understanding and building workforce readiness.
September 11, 2012
Digital Investigation Workforce Development
This paper identifies the digital investigation capabilities that law-enforcement agencies, businesses, and other organizations must develop in order to combat criminal acts being perpetrated in cyberspace.
September 10, 2012
CERT Insider Threat Center in the News
This blog post summarizes recent news articles that highlight the Insider Threat Center.
September 7, 2012
Insider Threats Evident in All Industry Sectors
This blog post explains that no industry sector is free from the actions of malicious insiders.
September 6, 2012
Study on Insider Cyber Fraud in Financial Services Released
This blog post describes a study of cyber fraud in the financial services sector, including the new report that documents the results.
September 5, 2012
New CERT/CC Blog Post: Java 7 Attack Vectors, Oh My!
In this post, we discuss how and why to disable Java support in web browsers.
September 5, 2012
New CERT/CC Blog Post: The Report "Network Profiling Using Flow" Released
This blog post discusses a report that describes how to inventory assets on a network using network flow data.
September 4, 2012
Insider Threats Related to Cloud Computing--Installment 6: Securing Against Other Cloud-Related Insiders
Installment 6 of a 10-part series on cloud-related insider threats presents how to secure against other cloud-related insiders.
August 30, 2012
Upcoming Appearances by CERT Insider Threat Experts
This blog post lets you know about where some members of the Insider Threat Team will be appearing in the coming weeks.
August 29, 2012
New CERT/CC Blog Post: Java Security Manager Bypass Vulnerability
We describe a recently reported, major Java vulnerability.
August 27, 2012
Insider Threats Related to Cloud Computing--Installment 5: Securing Against Cloud-Related Insiders
Installment 5 of a 10-part series on cloud-related insider threats presents how to secure against rogue administrators.
August 24, 2012
Report on Network Profiling Using Flow Published
This report provides a step-by-step guide for creating a profile to see a potential attacker's view of an external network.
August 21, 2012
New Podcast Released
CERT-RMM can be used to establish and meet resilience requirements for a wide range and diverse set of business objectives.
August 20, 2012
Insider Threats Related to Cloud Computing--Installment 4: Using the Cloud to Conduct Nefarious Activity
Installment 4 of a 10-part series on cloud-related insider threats presents a third type of cloud-related insider threat: those who use cloud services to carry out an attack on their own employer.
August 15, 2012
New Tutorial Released - Cloud Computing Security
This tutorial was presented at IEEE COMPSAC 2012.
August 13, 2012
Insider Threats Related to Cloud Computing--Installment 3: Insiders Who Exploit Cloud Vulnerabilities
Installment 3 of a 10-part series on cloud-related insider threats presents a second type of cloud-related insider threat: those that exploit weaknesses introduced by use of the cloud.
August 6, 2012
Insider Threats Related to Cloud Computing--Installment 2: The Rogue Administrator
Installment 2 of a 10-part series on cloud-related insider threats presents three types of cloud-related insiders and discusses one in detail - the rogue administrator.
July 31, 2012
Insider Threats Related to Cloud Computing--Installment 1: Introduction
First in a series of blog posts that discuss problems related to insiders in the cloud, defending against them, and researching approaches that could help solve some of these problems.
July 30, 2012
Insider Threat Report on Fraud in Financial Services Published
This report describes insights and risk indicators of malicious insider activity within the banking and finance sector.
July 23, 2012
New CERT/CC Blog Post: CERT Failure Observation Engine 2.0 Released
We describe version 2.0 of the CERT Failure Observation Engine (FOE).
July 17, 2012
New Podcast Released
Implementing CERT-RMM requires well-defined improvement objectives, sponsorship, proper scoping and diagnosis, and defined processes and measures.
July 11, 2012
New CERT/CC Blog Post: Vulnerability Data Archive
We have published an archive of much of the non-sensitive vulnerability information in our vulnerability reports database.
July 2, 2012
New Insider Threat Blog Post
Pay attention: Are your company secrets at risk from insiders?
June 15, 2012
FloCon 2013 Call for Papers
FloCon 2013 takes place in Albuquerque, New Mexico, on January 7-10, 2013. Visit the FloCon website for information about the Call for Papers.
June 6, 2012
New CERT/CC Blog Post
AMD video drivers prevent the use of the most secure setting for Microsoft's Exploit Mitigation Experience Toolkit (EMET)
June 4, 2012
Report from the First CERT-RMM Users Group Workshop Series
This report describes the first CERT RMM Users Group (RUG) Workshop Series and relays the experiences of participating members and CERT staff.
May 31, 2012
New Insider Threat Blog Entry
The CERT Insider Threat Center has been busy this Spring.
May 25, 2012
New CERT PGP Key
CERT has updated its PGP key. We strongly urge you to encrypt sensitive information.
May 3, 2012
Report on Monitoring for Insider Theft of Intellectual Property Released
This report presents a way organizations can mitigate the risk of theft of intellectual property by departing insiders.
May 2, 2012
Source Code Analysis Laboratory (SCALe) Technical Note Released
This technical note describes SCALe, a demonstration process for testing software for conformance against secure coding standards.
May 1, 2012
Insider Threat Security Reference Architecture Technical Report Released
This report describes the Insider Threat Security Reference Architecture (ITSRA), an enterprise-wide solution to the threat organizations face from their own insiders.
April 30, 2012
New CERT/CC Blog Entry
CERT Basic Fuzzing Framework 2.5 Released
April 25, 2012
New CERT/CC Blog Entry
CERT Linux Triage Tools 1.0 Released
April 24, 2012
New Podcast Released
Security controls, including those for insider threat, are the safeguards necessary to protect information and information systems.
April 23, 2012
New CERT/CC Blog Entry
CERT Failure Observation Engine 1.0 Released
April 11, 2012
New CERT/CC Blog Entry
Vulnerability Severity Using CVSS
March 28, 2012
The CERT Top 10 List for Winning the Battle Against Insider Threats Released
Organizations can use these tips, drawn from the CERT Insider Threat Center's case files, to combat insider threat.
March 27, 2012
New Insider Threat Blog Post
The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes
March 27, 2012
CERT-RMM V1.1: NIST Special Publication Crosswalk Version 1 Released
This technical note maps CERT-RMM process areas to 800-series NIST special publications.
March 7, 2012
Principles of Trust for Embedded Systems Technical Note Published
This paper gives substance and explicit meaning to the terms trust and trustworthy as they relate to automated systems and to embedded systems in particular.
March 1, 2012
CERT Staff Guide New Information Networking Institute Master’s Program
Newly offered, the Executive Master of Science in Information Assurance (ExecMSIA) offers concentrations in Cyber Forensics and Incident Response and Resilience Management for current and aspiring executives seeking to propel their careers. The CERT Program’s Rich Caralli and Rich Nolan bring deep knowledge and hands-on experiences to launch this program. Apply online.
February 28, 2012
New Podcast Released
Implementing secure coding standards to reduce the number of vulnerabilities that can escape into operational systems is a sound business decision.
February 27, 2012
Mission Risk Diagnostic (MRD) Method Description Technical Note Released
This technical note overviews the MRD method developed by the SEI to assess system risk across the lifecycle and supply chain.
February 23, 2012
CERT-RMM Capability Appraisal Method (CAM) Version 1.1 Technical Report Released
This report demonstrates that SCAMPI V1.2 can be applied to CERT-RMM V1.1 as the reference model for a process appraisal.
February 23, 2012
CERT-RMM V1.1: Code of Practice Crosswalk Commercial Version 1.1 Technical Note Released
This tech note shows how CERT-RMM process areas, industry standards, and codes of practices are connected.
February 16, 2012
New Insider Threat Blog Entry
The entry "Insiders and Organized Crime" has been posted.
February 14, 2012
The CERT Guide to Insider Threats Book Published
This book describes the CERT Insider Threat Center's practical findings on insider cyber crimes, as well as guidance and countermeasures for organizations.
February 14, 2012
Risk-Based Measurement and Analysis: Application to Software Security Technical Note Released
This technical note presents the foundations of a risk-based software security measurement and analysis method.
January 31, 2012
New Podcast Released
Protecting the internet and its users against cyber attacks requires a significant increase in the number of skilled cyber warriors.
January 26, 2012
New Insider Threat Blog Entry
The Entry "Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage" has been posted.
January 20, 2012
Spotlight On: Malicious Insiders and Organized Crime Activity
This TN is the fifth article in the Spotlight On series published by the CERT Insider Threat Center.
January 16, 2012
CERT Program Improves Security in C Programming Language Standard
The CERT Secure Coding team made key contributions to the newest ISO/IEC C language standard.
January 5, 2012
New CERT/CC Blog Entry
The entry "CNAME flux" has been posted.
December 22, 2011
Using Defined Processes as a Context for Resilience Measures Technical Note Released
This technical note describes how implementation-level processes can help organizations define measures of operational resilience.
December 20, 2011
New Podcast Released
Electronic health records bring many benefits along with security and privacy challenges.
December 19, 2011
Standards-Based Automated Remediation 2011 Update Released
This report updates the development of standards for remediation of vulnerabilities and compliance issues on Department of Defense networked systems for 2011.
December 15, 2011
Insider Threat Control Released
Insider Threat Control: Using a SIEM Signature to Detect Potential Precursors to IT Sabotage presents a technique for detecting potential insider sabotage over an organization's network.
December 15, 2011
New Insider Threat Blog Entry
The entry "Preparing for Negative Workplace Events - Managing Employee Expectations" has been posted.
November 16, 2011
New Insider Threat Blog Entry
The entry "Insider Threat Controls" has been posted.
October 17, 2011
New Insider Threat Blog Entry
The entry "Data Exfiltration and Output Devices - An Overlooked Threat" has been posted.
October 14, 2011
CERT Oracle Secure Coding Standard for Java Book Published
The CERT Oracle Secure Coding Standard for Java has been published by Addison-Wesley Professional.
October 12, 2011
New Insider Threat Demonstration Series Launched
The CERT Insider Threat Center has released the first video in a series of insider threat demonstrations.
October 12, 2011
Insider Threat Control Technical Note Released
This technical note describes how organizations can use Splunk to detect insider theft of intellectual property.
October 6, 2011
Agenda Now Available for Upcoming Workshop
The Institute for Information Infrastructure Protection (I3P) and the CERT Program will present the workshop "Cyber Security CPR: Coordinated Private Response to Computer Security Incidents" in Arlington, VA on October 12-13. See the web page for a link to the agenda.
October 4, 2011
New Podcast Released
Measures of operational resilience should answer key questions, inform decisions, and affect behavior.
September 29, 2011
Community College Education Report Published
The fourth volume in the Software Assurance Curriculum Project focuses on community college courses for software assurance.
September 23, 2011
2010 CERT Research Report Published
The CERT Program is internationally known for developing practices and technologies to protect, detect, and respond to attacks, accidents, and failures on networked systems. This report describes progress in our innovative research projects and activities.
September 23, 2011
New CERT/CC Blog Entry
The entry "Challenges in Network Monitoring above the Enterprise" has been published.
September 6, 2011
New Podcast Released
Use of Domain Name System security extensions can help prevent website hijacking attacks.
September 6, 2011
Registration Open for Webinar and Workshop
The Institute for Information Infrastructure Protection (I3P) and the CERT Program will present the workshop "Cyber Security CPR: Coordinated Private Response to Computer Security Incidents" in Arlington, VA on October 12-13. There is a pre-event webinar on September 8. See the workshop web page for links to online registration forms.
August 15, 2011
New Insider Threat Blog Entry
The entry "The CERT Insider Threat Database" has been posted.
August 15, 2011
New Insider Threat Blog Entry
The entry "The CERT Insider Threat Database" has been posted.
August 11, 2011
Keeping Your Family Safe in a Highly Connected World
As our world becomes highly connected where endless data is just a click away and using networked devices has become almost a necessity, protecting your personal information and family privacy is of great concern.
August 5, 2011
Measures for Managing Operational Resilience Technical Report Published
In this technical report Resilient Enterprise Management (REM) team members suggest a set of top ten strategic measures for managing operational resilience.
August 2, 2011
New Podcast Released
Depending on the service model, cloud providers and customers can monitor and implement controls to better protect their sensitive information.
July 21, 2011
Standards-Based Automated Remediation Special Report Released
This report describes the development of standards for remediation of vulnerabilities and compliance issues on Department of Defense networked systems.
July 21, 2011
New Insider Threat Blog Entry
The entry "Theft of Intellectual Property and Tips for Prevention" has been published.
July 13, 2011
Request for Proposal - SEI Code Review Process
The SEI is issuing a Request for Proposal seeking interested organizations with experience performing web penetration and source code audits in systems developed in C#, Java, Ruby, Perl, Python, JavaScript, and PHP.
July 12, 2011
New Podcast Released
Analyzing malware is essential to assess the damage and reduce the impact associated with ongoing infection.
July 8, 2011
New CERT PGP Key
CERT has updated its PGP key. We strongly urge you to encrypt sensitive information.
June 27, 2011
New Insider Threat Blog Entry
The entry "Insider Threat Deep Dive: Theft of Intellectual Property" has been posted.
June 9, 2011
New CERT/CC Blog Entry
The entry "Signed Java and Cisco AnyConnect" has been posted.
June 3, 2011
A Preliminary Model of Insider Theft of Intellectual Property Technical Note Published
This technical note presents research findings on insider theft of intellectual property.
June 2, 2011
CERT Used XNET for Forensics Challenge
This article describes the role that XNET played in the CERT Forensics Challenge, designed for the 2011 National Security Agency Cyber Defense Exercise.
May 19, 2011
New CERT/CC Blog Entry
The entry "Effectiveness of Microsoft Office File Validation" has been published.
May 10, 2011
New Insider Threat Blog Entry
The entry "Insider Threat and Physical Security of Organizations" has been published.
May 5, 2011
New Podcast Released
Over 100 electric power utilities are accelerating their transformation to the smart grid by using the Smart Grid Maturity Model.
May 3, 2011
New CERT Blogs Index
This main index page displays the ten most recent entries across all of our blogs. You can reach this page through the blogs link in the bottom navigation.
April 29, 2011
Trusted Computing in Embedded Systems Workshop Released
This SEI Special Report describes the November 2010 Trusted Computing in Embedded Systems Workshop held at Carnegie Mellon University.
April 28, 2011
Software Security Measurement and Analysis Presentation Released
Cyber Security Engineering researchers at CERT have released a presentation describing their Security Measurement and Analysis (SMA) Project.
April 26, 2011
SPREE Workshop
SPREE Workshop registration is now open. You can register by using this form (pdf).
April 13, 2011
New CERT/CC Blog Entry
The entry "A Security Comparison: Microsoft Office vs. Oracle Openoffice" has been published.
April 7, 2011
CERT Staff Presenting at SEPG Europe 2011
To reinforce the "Global Excellence in Software and Security" theme, CERT staff members are presenting tutorials on a variety of security topics.
April 6, 2011
New Insider Threat Blog Entry
The entry "Insider Threat Best Practices from Industry" has been published.
March 29, 2011
New Podcast Released
Business leaders must address risk at the enterprise, business process, and system levels to effectively protect against today's and tomorrow's threats.
March 4, 2011
2011 CyberSecurity Watch Survey Released
The 2011 CyberSecurity Watch Survey press release and data sample have been released.
February 28, 2011
New CERT/CC Blog Entry
The entry "Announcing the CERT Basic Fuzzing Framework 2.0" has been published.
February 28, 2011
Function Extraction (FX) Research for Computation of Software Behavior Technical Report Released
This technical report discusses use of algorithms to compute overall malware behavior.
February 23, 2011
Risk and Resilience: Considerations for Information Security Risk Assessment and Management
Julia Allen and Jim Cebula gave this presentation at RSA Conference 2011 in San Francisco, California.
February 23, 2011
New Insider Threat Blog Entry
The entry "Insider Threats in the Software Development Lifecycle" has been published.
February 22, 2011
New Podcast Released
Scenario-based exercises help organizations, governments, and nations prepare for, identify, and mitigate cyber risks.
February 21, 2011
New Insider Threat Presentation Published
"Combat IT Sabotage: Technical Solutions From The CERT Insider Threat Lab," presentated at RSA Conference 2011 in San Francisco, California, is now available.
February 21, 2011
An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases Technical Note Published
This technical note provides an overview of techniques employed by malicious insiders to steal intellectual property.
February 16, 2011
Integrating the MSwA Reference Curriculum into the MSIS Model Curriculum Technical Note Published
This technical note examines how the MSwA Reference Curriculum recommendations might be integrated into the model curriculum recommendations for a MSIS degree.
February 14, 2011
New CERT/CC Blog Entry
The entry "'Network Monitoring for Web-Based Threats' released" has been published.
February 11, 2011
Changes to Vulnerability Analysis Blog
To allow for expansion into other technical areas, the Vulnerability Analysis Blog has been converted to the CERT/CC Blog.
February 10, 2011
Network Monitoring for Web-Based Threats Report Published
This report models the approach a focused attacker would take in order to breach an organization through web-based protocols and provides detection or prevention methods to counter that approach.
January 31, 2011
Security and Privacy Engineering (SPREE) Workshop Scheduled for June
The SPREE Workshop will be held at Carnegie Mellon University on June 15-16, 2011. Discussions will focus on security and privacy challenges associated with developing and maintaining software as data-driven technology continues to advance.
January 26, 2011
New Insider Threat Blog Entry
The entry "Insider Threat Case Trends of Technical and Non-Technical Employees" has been published.
January 25, 2011
New Podcast Released
Technical controls may be effective in helping prevent, detect, and respond to insider crimes.
January 21, 2011
Trust and Trusted Computing Platforms Technical Note Published
This technical note examines the capabilities and limitations of hardware-based trusted platforms in general, and the Trusted Platform Module (TPM) from the perspective of trusted applications in particular.
January 17, 2011
Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data Technical Note Published
This paper demonstrates how to extract and map technical information from previous insider crimes.
January 4, 2011
Software Supply Chain Risk Management Technical Note Published
This technical note considers current practices in software supply chain analysis and suggests foundational practices.
January 3, 2011
CERT Resilience Management Model Book Published
The CERT Resilience Management Model (CERT®-RMM) Version 1.1 has been published by Addison-Wesley Professional.
![[Valid RSS]](/images/valid-rss.png "Validate my RSS feed")
