Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/5/2018
05:00 PM
50%
50%

CERT.org Goes Away, Panic Ensues

Turns out the Carnegie Mellon CERT just moved to a newly revamped CMU Software Engineering Institute website.

When a major security-based website goes away, people notice and often assume the worst. So while the Carnegie Mellon Computer Emergency Response Team (CERT)'s stand-alone website recently was removed, it caused some confusion. It turns out the CERT remains in operation.

A blog post by Risk Based Security reflected the uncertainty that ensued in the wake of the recent disappearance of the cert.org site. The confusion began after a tweet by a CERT employee that the website had been removed. Risk Based Security then found that the content of cert.org had folded into the Software Engineering Institute website at Carnegie Mellon. It seemed ominous that typing in the former CERT URL took visitors not to the CERT site, but to the site of the SEI.

"The important thing is that this [website change] doesn't portend anything about CERT itself," a CERT spoksperson said, adding that the work of CERT is more important than ever.

All of the information formerly found at cert.org - from blog posts to podcasts to research reports - is available at www.sei.cmu.edu, and CERT's knowledge base of security issues remains accessible under its traditional URL, https://kb.cert.org.

CERT announced the changes in late January, he said. "We put banners on most of the main websites, and on the blog and resource library and other sites, we put splashes up about a month in advice. We gave a link to preview the new site well ahead of the launch," the spokesperson said. "We were managing a large number of external Web properties. These were two of the largest and for a variety of organizational reasons we decided to combine them," he said.

Read more here and here.

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Related Content:

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17552
PUBLISHED: 2019-10-14
An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.
CVE-2019-17553
PUBLISHED: 2019-10-14
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI.
CVE-2019-17408
PUBLISHED: 2019-10-14
parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.
CVE-2019-17545
PUBLISHED: 2019-10-14
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVE-2019-17546
PUBLISHED: 2019-10-14
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.