Articles about cert

Wizard, photo via Shutterstock

Samsung's 'Magician' for SSDs can let crims run evil code

The CERT Coordination Centre at Carnegie Mellon University has just popped two items onto storage admins to-do lists. Item one: Go get version 5.1 of Samsung Magician, stat. The application lets users manage the Korean company's solid state disk drives by doing things like updating firmware, performing secure erasure or …
Simon Sharwood, 20 Jun 2017

Carnegie-Mellon Uni emits 'don't be stupid' list for C++ developers

Carnegie-Mellon University's Software Engineering Institute has followed-up its secure C programming rules from last year with a similar set of standards for C++. In the institute's announcement on Wednesday, it says it has put ten years into researching secure coding. The resulting SEI CERT C++ Coding Standard has 83 rules …

Are you undermining your web security by checking on it with the wrong tools?

Your antivirus and network protection efforts may actually be undermining network security, a new paper and subsequent US-CERT advisory have warned. The issue comes with the use of HTTPS interception middleboxes and network monitoring products. They are extremely common and are used to check that nothing untoward is going on …
Kieren McCarthy, 17 Mar 2017

Cisco stre...tches vulnerability disclosure timeline out to 90 days

Cisco's decided it's going to give 90 days' grace on vulnerability disclosures, to let (mostly) commercial vendors catch up with their bug-fixes. While the best commercial vendors – especially those with bug bounties and a public pro-security stance – are getting better at responding to notifications, they're held back by …

CERT tells Microsoft to keep EMET alive because it's better than Win 10's own security

Microsoft should reverse its planned axing of the lauded Enhanced Mitigation Toolkit (EMET) as Windows 10 cannot yet match its level of security, according to Carnegie Mellon University CERT furniture Will Dormann. The vulnerability analyst, who has pushed out security alerts and advice from the world's first CERT for around a …
Darren Pauli, 24 Nov 2016
Declan Ingram. Image: Darren Pauli / The Register

Free 'cyber hugs' for all is the plan at New Zealand's first CERT

Kiwicon Kiwi security incident responders are gearing up to go live with New Zealand's first computer emergency response team (CERT) next March. And in a change of tack for CERTs, New Zealand's will help all businesses, not just the top end of town. Declan Ingram, a heavy lifter with CERT NZ says it will help small businesses all the …
Darren Pauli, 22 Nov 2016

NHS hospitals told to swallow stronger anti-ransomware medication

NHS Digital is set to start expanding the range of cybersecurity services available to UK hospitals and clinics. CareCERT (Care Computer Emergency Response Team) launched in November 2015, offering a national service that helps health and care organisations to improve their cybersecurity defences by providing proactive advice …
John Leyden, 9 Sep 2016

The million-dollar hole in the FBI 'paying CMU to crack Tor' story

Analysis It's something every journalist learns: if you hit on an important story, make sure every part of it is accurate. One small error is all that is needed to undermine the entire piece. Roger Dingledine is not a journalist, but as interim chief executive of the Tor project, he should have known to be more careful when he wrote in …
Kieren McCarthy, 17 Nov 2015

ProtonMail 'mitigates' DDoS attacks, says security not breached

ProtonMail has announced that it has successfully mitigated the DDoS attacks which had hobbled it since last week, while also confirming security systems had not been breached. The encrypted email service was still being hit as of yesterday, after paying a Bitcoin ransom to one of the two DDoS attackers (the smaller, seemingly …

Pop-up Kiwi CERT a shepherd for helpless hacked SMB flock

New Zealand will get its first national computer security incident response team (CSIRT) helping to assist underserved hacked small businesses, should a funding effort be successful. If the money rains, at least two professional security consultants and possibly some graduate students will work over a year to assess what is …
Darren Pauli, 29 Oct 2015

BlackEnergy crimeware coursing through US control systems

Industrial control systems in the United States have been compromised by the BlackEnergy malware toolkit for at least three years in a campaign the US Computer Emergency Response Team has dubbed "ongoing" and sophisticated. Attackers had compromised unnamed industrial control system operators and implanted BlackEnergy on …
Darren Pauli, 29 Oct 2014

FIRST standards to clean up messy CERTs

The global gathering of incident responders FIRST is spearheading a global standards effort to reform and unify the operations of government and large enterprise computer emergency response teams (CERTs). The Forum of Incident Response and Security Teams (FIRST) has tipped US$500,000 into the effort and has received backing …
Darren Pauli, 20 Oct 2014

Microsoft, eBay apps open to man-in-the-middle diddle

At least 350 Android apps are open to man-in-the-middle MITM attacks, thanks to code that fails to validate certificates over secure sockets layer (SSL), says US Computer Emergency Response (CERT) security pro Will Dormann. The apps can be found in the Google Play and Amazon stores and have been included in a continually …
Darren Pauli, 5 Sep 2014
Auscert logo

AusCERT chief Ingram steps down

Graham Ingram, the head of Australia's first Computer Emergency Response Team (AusCERT), has stepped down after 12 years in the role. Ingram joined the University of Queensland's AusCERT in 1993 and was on Friday replaced by the university's current incident response chief Thomas King. The incoming director said he wanted to …
Darren Pauli, 28 Jul 2014
Sharing image

ENISA, Europol, strike info-sharing deal

Europe's peak information security body will join forces with the continent's criminal intelligence sharing outift in order to beat down on carders and crackers plaguing Europe. Heads of the European Union Agency for Network and Information Security (ENISA) signed a deal with Europol at the Hague last Thursday to give a …
Darren Pauli, 30 Jun 2014
Patching celebration

Sysadmins rejoice! Patch rampage killing off nasty DDoS attack vector

Sysadmins rejoice! NSFOCUS researchers say hundreds of thousands of Network Time Protocol (NTP) servers have been patched, reducing the threat from some devastating and cheap distributed denial of service (DDoS) attacks. The patching rampage saw the number of vulnerable NTP servers drop from 432,120 at the start of the year to …
Darren Pauli, 25 Jun 2014
Great Wall of China

China's CERT blames US for a THIRD of all attacks on Middle Kingdom PCs

China’s Computer Emergency Response Team (CNCERT) has claimed in a new report that backdoor attacks on systems jumped by over 50 per cent over the past year, and once again fingered the US as the main culprit in 2013. The CERT announced the findings of its latest annual report on its website. It claimed that 15,000 "hosts" …
Phil Muncaster, 31 Mar 2014

Nasty holes found in Belkin's home automation kit

Insecure firmware handling, poor communications practises and API vulnerabilities are among a range of vulnerabilities security company IOActive has identified in Belkin's WeMo home automation systems. In its advisory, here, IOActive says it's discovered that the systems leak a hard-coded key and password that Belkin uses to …

Create a news alert about cert, or find more stories about cert.

Biting the hand that feeds IT © 1998–2017