@certcc profile picture
CERT/CC @certcc

CERT Coordination Center at the Carnegie Mellon University Software Engineering Institute.

Joined March 2009
  • Tweets 103
  • Following 0
  • Followers 3,487
4 Photos and videos
CERT/CC@certcc
15 Dec 2021
You all know by now about the #log4j CVE-2021-44228 that affects lots of Java applications, right? No? Well that extra sleep must be nice! We've published a vulnerability note with details: kb.cert.org/vuls/id/930724 We link to PowerShell and Python3 scanners to find jar files too.
1
28
76
CERT/CC@certcc
16 Jun 2021
It is important to realize that the Pulse Secure Integrity Checker Tool (ICT) and the PCS factory reset functionality can both be subverted by an attacker on a compromised PCS device. If we can do this, assume that attackers can do this as well. 🤔
2
21
43
CERT/CC@certcc
16 Jun 2021
Since the Pulse Connect Secure ICT has been public since March, it would be wise to assume that attackers have worked around it by now. Yes, run the ICT if you haven't already by now. No, a clean ICT report doesn't necessarily mean you're fine.
1
1
7
CERT/CC@certcc
16 Jun 2021
We have been communicating our findings to and collaborating with Pulse Secure. They have published more details about the Integrity Checker Tool (ICT) here: kb.pulsesecure.net/articles/…

1
3
CERT/CC@certcc
6 May 2021
If you have a Pulse Connect Secure system and did not immediately apply the instantaneous XML workaround published on April 20, assume compromise until you can prove otherwise. Run the PCS Integrity Assurance package as soon as possible (requires reboot). kb.pulsesecure.net/articles/…

This tweet is unavailable
12
12
CERT/CC retweeted
Christopher Glyer
@cglyer
2 Mar 2021
This is not a drill - patch your Exchange Servers ASAP We're seeing active exploitation by #HAFNIUM microsoft.com/security/blog/…

1
56
95
CERT/CC@certcc
16 Sep 2020
We've published vulnerability note VU#490028 about Zerologon / CVE-2020-1472. Windows Domain controllers without the August update from Microsoft are vulnerable to complete domain takeover by an unauthenticated attacker. Samba DCs < 4.8 affected by default kb.cert.org/vuls/id/490028

CERT/CC Vulnerability Note VU#490028

Microsoft Windows Netlogon Remote Protocol (MS-NRPC) uses insecure AES-CFB8 initialization vector

kb.cert.org
4
7
CERT/CC@certcc
7 Jul 2020
Citrix vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP. Impacts include system compromise by an unauthenticated user on the management network. support.citrix.com/article/C…
7
4
CERT/CC retweeted
USCYBERCOM Cybersecurity Alert@CNMF_CyberAlert
29 Jun 2020
Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. Foreign APTs will likely attempt exploit soon. We appreciate @PaloAltoNtwks’ proactive response to this vulnerability. security.paloaltonetworks.co…

CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS...

security.paloaltonetworks.com
12
387
491
CERT/CC@certcc
23 Mar 2020
Microsoft has released ADV200006 about an 0day vulnerability being exploited in the wild in Microsoft Windows Adobe Type Manager Type 1 font parsing. There are almost as many workarounds provided as there are attack vectors! kb.cert.org/vuls/id/354840/

CERT/CC Vulnerability Note VU#354840

Microsoft Windows Type 1 font parsing remote code execution vulnerabilities

kb.cert.org
12
17
CERT/CC@certcc
11 Mar 2020
Disable SMB compression and block SMB both inbound AND outbound to help prevent exploitation of an unpatched "wormable" vulnerability in Microsoft Windows SMBv3. kb.cert.org/vuls/id/872016/ ADV200005 CVE-2020-0796 VU#872016

CERT/CC Vulnerability Note VU#872016

Microsoft SMBv3 compression remote code execution vulnerability

kb.cert.org
2
56
57
CERT/CC@certcc
12 Mar 2020
Microsoft has released updates for this issue: portal.msrc.microsoft.com/en…
3
CERT/CC@certcc
17 Jan 2020
VU#338824 Microsoft Internet Explorer is being actively exploited in the wild using a new unpatched vulnerability in the Scripting Engine. Disable access to JScript.dll as a workaround. kb.cert.org/vuls/id/338824/

CERT/CC Vulnerability Note VU#338824

Microsoft Internet Explorer Scripting Engine memory corruption vulnerability

kb.cert.org
1
17
15
CERT/CC@certcc
3 Nov 2019
If you use "Disable all macros without notification" in Microsoft Office for Mac, you may be in for an unpleasant surprise. XLM macros in SYLK (.SLK) content will run without any prompting. This allows for arbitrary code execution without any clicks. kb.cert.org/vuls/id/125336/

CERT/CC Vulnerability Note VU#125336

Microsoft Office for Mac cannot properly disable XLM macros

kb.cert.org
This tweet is unavailable
6
5
CERT/CC@certcc
23 Oct 2019
Any device that has a software stack associated with it may become unsafe when it has outlived its support life span. It's Time to Retire Your Unsupported Things insights.sei.cmu.edu/cert/20…
4
4
CERT/CC retweeted
CVE Announcements@CVEannounce
16 Oct 2019
CVE Celebrates 20 Years! cve.mitre.org/news/archives/…! #cve #cveentries #cveids #cna #vulnerabilities #cybersecurity
14
20
CERT/CC@certcc
24 Sep 2019
It's important to note that these updates are NOT currently being deployed via Windows Update or Microsoft Update. Despite being actively exploited in the wild, manual actions must be taken to receive the fixes.
Microsoft Security Response Center
@msftsecresponse
23 Sep 2019
Out of band security vulnerability fixes CVE-2019-1367 and CVE-2019-1255 have been released today. For more information please see portal.msrc.microsoft.com/en… and portal.msrc.microsoft.com/en… .
1
10
14
CERT/CC@certcc
6 Sep 2019
Exim has released fixes for CVE-2019-15846, an issue where a local or remote attacker can execute programs with root privileges. This affects versions up to and including 4.92.1. The patches were released today in version 4.92.2 and can be found at ftp.exim.org/pub/exim/exim4/
4
4
CERT/CC@certcc
4 Apr 2019
A user with the ability to run code (php, cgi, etc.) in the context of Apache can escalate privileges to root. CVE-2019-0211 Apply updates to get the fix. cfreal.github.io/carpe-diem-… httpd.apache.org/security/vu…

CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation

Hacker. Maintainer of

cfreal.github.io
3
4
CERT/CC@certcc
27 Jan 2019
An attacker with just the credentials of a single lowly Exchange mailbox user can gain Domain Admin privileges by using a simple tool. @wdormann has confirmed on a default Exchange 2013 installation. It's very important to apply mitigations outlined here: dirkjanm.io/abusing-exchange…

Abusing Exchange: One API call away from Domain Admin

In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently...

dirkjanm.io
This tweet is unavailable
12
494
710
CERT/CC@certcc
28 Jan 2019
We've published a vulnerability note on the Exchange-mailbox-to-Domain-Admin privilege escalation vulnerability: kb.cert.org/vuls/id/465632/

CERT/CC Vulnerability Note VU#465632

Microsoft Exchange server 2013 and newer are vulnerable to NTLM relay attacks

kb.cert.org
2
35
39
CERT/CC@certcc
31 Jan 2019
And just to be clear, this new Exchange vulnerability is CVE-2019-0686. If you have read any guidance that this new exchange vulnerability is CVE-2018-8581, or have taken actions assuming that the mitigations for CVE-2018-8581 will protect you, you may get an unpleasant surprise.
3
9
Load more