Software Engineering Institute

Carnegie Mellon University

Computer Emergency Readiness Team

CERT Recently Published Vulnerability Notes

CERT publishes vulnerability advisories called "Vulnerability Notes." Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.

VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models
Posted: April 16, 2024, 8:16 pm
VU#123335: Multiple programming languages fail to escape arguments properly in Microsoft Windows
Posted: April 10, 2024, 3:13 pm
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks
Posted: April 9, 2024, 2:44 pm
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
Posted: April 3, 2024, 5:15 pm
VU#417980: Implementations of UDP-based application protocols are vulnerable to network loops
Posted: March 19, 2024, 7:49 pm
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions
Posted: March 14, 2024, 3:22 pm
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks
Posted: March 7, 2024, 2:49 pm
VU#446598: GPU kernel implementations susceptible to memory leak
Posted: January 16, 2024, 4:59 pm
VU#302671: SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies
Posted: January 16, 2024, 3:53 pm
VU#132380: Vulnerabilities in EDK2 NetworkPkg IP stack implementation.
Posted: January 16, 2024, 2:26 pm
VU#811862: Image files in UEFI can be abused to modify boot behavior
Posted: December 6, 2023, 6:59 pm
VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates
Posted: September 12, 2023, 4:36 pm
VU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router
Posted: September 6, 2023, 12:05 pm
VU#757109: Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account
Posted: August 28, 2023, 3:15 pm
VU#287122: Parsec Remote Desktop App is prone to a local elevation of privilege due to a logical flaw in its code integrity verification process
Posted: August 16, 2023, 4:18 pm

CERT Insider Threat Best Practices

SEI Blog | Insider Threat

Updates on changes and additions to the SEI Blog for posts matching Insider Threat

10 Lessons in Security Operations and Incident Management
Posted: March 4, 2024, 5:00 am
CERT Releases 2 Tools to Assess Insider Risk
Posted: February 26, 2024, 5:00 am
The 13 Key Elements of an Insider Threat Program
Posted: October 23, 2023, 4:00 am
How to Mitigate Insider Threats by Learning from Past Incidents
Posted: October 31, 2022, 4:00 am
Potential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programs
Posted: May 31, 2021, 4:00 am
Benford's Law: Potential Applications for Insider Threat Detection
Posted: December 17, 2020, 5:00 am
Insider Threat Incidents: Assets Targeted by Malicious Insiders
Posted: September 29, 2020, 4:00 am
Highlights from the 7th Annual National Insider Threat Center (NITC) Symposium, Day One
Posted: September 23, 2020, 4:00 am
Insider Threat Incidents: Communication Channels
Posted: September 17, 2020, 4:00 am
Insider Threat Incidents: Most Commonly Affected Devices
Posted: September 10, 2020, 4:00 am
Organizational Resilience to Insider Threats
Posted: September 3, 2020, 4:00 am
Functional Requirements for Insider Threat Tool Testing
Posted: March 19, 2020, 4:00 am
Maturing Your Insider Threat Program into an Insider Risk Management Program
Posted: January 27, 2020, 5:00 am
Anti-Phishing Training: Is It Working? Is It Worth It?
Posted: January 23, 2020, 5:00 am
Technology Trends in Data Exfiltration
Posted: January 9, 2020, 5:00 am
Mapping Cyber Hygiene to the NIST Cybersecurity Framework
Posted: October 30, 2019, 4:00 am
Insider Threat Incident Analysis: Court Outcome Observations
Posted: October 2, 2019, 4:00 am
Improving Insider Threat Detection Methods Through Software Engineering Principles
Posted: September 20, 2019, 4:00 am
7 Guidelines for Being a TRUSTED Penetration Tester
Posted: September 17, 2019, 4:00 am
September Is National Insider Threat Awareness Month
Posted: September 4, 2019, 4:00 am