Ask the Experts

Ask the Experts

• What are the root causes of the cybersecurity skills shortage?

  SearchSecurity talks with David Shearer, CEO of (ISC)2, about what is -- and isn't -- contributing to the cybersecurity skills shortage in the U.S., as well as how to fix the problem.  Continue Reading

• NotPetya malware: How does it detect security products?

  Bitdefender discovered that the NotPetya malware changes its behavior when Kaspersky security products are detected. Nick Lewis explains how the malware's tricks work.  Continue Reading

• Katyusha Scanner: How does it work via a Telegram account?

  The Katyusha Scanner is based on the open source penetration test scanner Arachni. However, it has been modified to work through Telegram accounts. Nick Lewis explains how it works.  Continue Reading

• RSA-1024 keys: How does a Libgcrypt vulnerability expose them?

  A Libgcrypt vulnerability could allow attackers to recover private RSA-1024 keys, as it allows a left-to-right sliding window that shows how specific parts of the algorithm work.  Continue Reading

• CopyCat malware: How does this Android threat operate?

  Check Point researchers discovered new Android malware named CopyCat, which has infected 14 million devices. Learn how this malware works and how it spread from expert Nick Lewis.  Continue Reading

• Devil's Ivy vulnerability: How does it put IoT devices at risk?

  A gSOAP flaw was found in an Axis Communications security camera and branded the Devil's Ivy vulnerability. Learn how it threatens IoT devices with expert Nick Lewis.  Continue Reading

• How does credential stuffing enable account takeover attacks?

  Credential stuffing activity is outpacing the growth of other cyberattacks and enabling account takeover attacks. Akamai Technologies' Patrick Sullivan explains the threat.  Continue Reading

• What do Dnsmasq vulnerabilities mean for Android users?

  Researchers found several Dnsmasq vulnerabilities that affect Google's Android operating system. Matt Pascucci explains how these flaws can be exploited by threat actors.  Continue Reading

• Public key pinning: Why is Google switching to a new approach?

  After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch.  Continue Reading

• Confused deputy: How did the vulnerability affect Slack?

  A major SAML vulnerability was found in Slack that granted expired login credentials permission into the system. Matt Pascucci explains how this 'confused deputy' problem was handled.  Continue Reading

• Advanced Protection Program: How has Google improved security?

  Google added a layer to its account security system with Advanced Protection Program. Matt Pascucci explains how individuals can better defend themselves from malicious actors.  Continue Reading

• Canvas fingerprinting: How does it compromise security?

  Mozilla recently decided to pull the HTML canvas element from the Firefox browser. Learn from expert Matt Pascucci what this means for the security and privacy of users.  Continue Reading

• What went wrong with the Dirty COW vulnerability patch?

  A patch was issued for the Dirty COW vulnerability, but researchers later discovered problems with the patch. Expert Judith Myerson explains what went wrong.  Continue Reading

• How should enterprise firewall settings be reviewed?

  Getting firewall settings right is one of the most basic ways to protect enterprise data from accidental exposures. Expert Judith Myerson discusses how to review firewall policies.  Continue Reading

• How is IP theft possible despite cryptographic protections?

  Expert Judith Myerson explains how IP theft can happen despite the cryptographic protections in IEEE standard P1735, as well as what can be done to protect intellectual property.  Continue Reading

• How can a BGP vulnerability in Cisco products be fixed?

  A BGP vulnerability in some Cisco products enabled denial-of-service attacks. Expert Judith Myerson explains the vulnerability and how Cisco fixed the problem.  Continue Reading

• Unknown apps: How does Android Oreo control installation?

  Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver explains what this change means.  Continue Reading

• Vulnerability scans: How effective are they for web apps?

  Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can be missed by security teams.  Continue Reading

• Android bootloader: How does it work and what is the risk?

  Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk these vulnerabilities present.  Continue Reading

• How should undocumented features in software be addressed?

  Kaspersky Lab recently discovered an undocumented feature in Microsoft Word. Expert Kevin Beaver explains the risks and what to do if you come across one of these software flaws.  Continue Reading

• Broadpwn flaw: How does the new iOS exploit compare?

  An iOS exploit similar to the Broadpwn flaw was recently developed by a researcher at Google's Project Zero. Expert Kevin Beaver explains what the exploit is and how it works.  Continue Reading

• Can a decentralized open source community properly address security?

  SearchSecurity talks with UC Berkeley Professor Steven Weber about the open source community, the security challenges facing it and the prospect of software liability.  Continue Reading

• What is emotional data and what are the related privacy risks?

  SearchSecurity talks with UC Berkeley professor Steven Weber about the concept of emotional data, where it comes from and how it can potentially be used -- and abused.  Continue Reading

• Brutal Kangaroo: How does it hop to air-gapped computers?

  The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is possible with expert Nick Lewis.  Continue Reading

• Antimalware software: How can Windows 10 disable it?

  Kaspersky Lab recently accused Windows 10 of acting as an antivirus block to third-party antimalware software. Discover how your software is being blocked and how this can be fixed.  Continue Reading

• QakBot malware: How did it trigger Microsoft AD lockouts?

  QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks are being carried out.  Continue Reading

• OneLogin data breach: What does the attack mean for SSOs?

  A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies.  Continue Reading

• Zusy malware: Are your PowerPoint files at risk?

  Several spam campaigns were discovered after a malicious PowerPoint file was exposed. Learn how Zusy malware is delivered upon hovering over hypertext and how files can be saved.  Continue Reading

• How can a vulnerability in Ruggedcom switches be mitigated?

  Vulnerabilities in Ruggedcom switches could open the industrial switches and other communication devices up to attacks. Expert Judith Myerson explains how to mitigate the risks.  Continue Reading

• Which 4G vulnerabilities should BYOD users be aware of?

  Enterprises should consider pressing 4G vulnerabilities when developing a BYOD strategy for their employees. Expert Judith Myerson explains the flaws and what to do about them.  Continue Reading

• How can a local file inclusion attack be stopped?

  A botnet-based local file inclusion attack targeted IBM X-Force customers. Expert Judith Myerson explains how these attacks work and how enterprises can defend against them.  Continue Reading

• How can platform firmware be protected from attacks?

  The NIST published guidance on building up platform firmware resiliency. Expert Judith Myerson looks at the NIST guidelines and the major takeaways for enterprises.  Continue Reading

• How does port swapping work to bypass two-factor authentication?

  With a port swapping attack, hackers can bypass two-factor authentication and control a victim's mobile device. Judith Myerson explains how the attacks work and how to stop them.  Continue Reading

• LDAP injection: How was it exploited in a Joomla attack?

  After eight years, Joomla discovered an LDAP vulnerability that could be exploited by threat actors. Learn how the attack works from expert Matt Pascucci.  Continue Reading

• BlueBorne vulnerabilities: Are your Bluetooth devices safe?

  Armis Labs discovered a series of vulnerabilities that enables remote connection to Bluetooth devices. Learn more about the BlueBorne vulnerabilities with expert Matt Pascucci.  Continue Reading

• How can Windows digital signature check be defeated?

  A security researcher discovered that editing two registry keys can alter a Windows digital signature check. Matt Pascucci explains what that means for digital signatures.  Continue Reading

• iOS updates: Why are some Apple products behind on updates?

  A study by Zimperium found that more than 23% of iOS devices aren't running the latest software. Matt Pascucci explains how this is possible, even though Apple controls iOS updates.  Continue Reading

• PGP keys: Can accidental exposures be mitigated?

  The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys.  Continue Reading

• How does the GhostHook attack bypass Microsoft PatchGuard?

  A technique known as the GhostHook attack can get around PatchGuard, but Microsoft hasn't patched the flaw. Expert Michael Cobb explains why, as well as how the attack works.  Continue Reading

• How can Intel AMT be used to bypass the Windows firewall?

  Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains how it works.  Continue Reading

• How do source code reviews of security products work?

  Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains what to know about these reviews.  Continue Reading

• How can attacks like the Cherry Blossom project be prevented?

  With the WikiLeaks Cherry Blossom project, attackers can potentially inject malicious firmware into wireless routers. Expert Michael Cobb explains how to stop it from happening.  Continue Reading

• How does the Stack Clash vulnerability target Unix-based OSes?

  A privilege escalation vulnerability known as Stack Clash affects Unix-based OSes. Expert Michael Cobb explains the flaw and how to protect systems from being exploited.  Continue Reading

• Ransomware recovery methods: What does the NIST suggest?

  Knowing what ransomware recovery methods are available is important as the threat continues to grow. Expert Judith Myerson outlines what the NIST recommends for enterprises.  Continue Reading

• What QNAP vulnerabilities affect NAS storage device security?

  QNAP vulnerabilities in NAS enabled attackers to control devices. Expert Judith Myerson explains each of the QNAP NAS vulnerabilities and their fixes.  Continue Reading

• HTTP Strict Transport Security: What are the security benefits?

  Google's use of HTTP Strict Transport Security aims to improve web browsing security. Expert Judith Myerson explains how HSTS can make the internet more secure.  Continue Reading

• VMware AppDefense: How will it address endpoint security?

  VMware announced AppDefense, its latest effort to help improve endpoint security. Matt Pascucci explains how AppDefense addresses applications in vSphere environments.  Continue Reading

• Killer discovery: What does a new Intel kill switch mean for users?

  Cybersecurity company Positive Technologies recently discovered an Intel kill switch in the vendor's Management Engine. Learn more about this kill switch with expert Matt Pascucci.  Continue Reading

• WireX botnet: How did it use infected Android apps?

  To avoid a mobile device catastrophe, several large tech organizations came together to stop the WireX botnet. Learn how this Android botnet with 300 infected apps was stopped.  Continue Reading

• How should security teams handle the Onliner spambot leak?

  A security researcher recently discovered a list of 711 million records used by the Onliner spambot. Expert Matt Pascucci explains what actions exposed individuals should take.  Continue Reading

• Monitoring employee communications: What do EU privacy laws say?

  The European Court of Human Rights recently placed strict regulations on monitoring employee communications. Matt Pascucci compares EU privacy laws to the U.S.'s standards.  Continue Reading

• EternalRocks malware: What exploits are in it?

  When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and explains what's lurking inside.  Continue Reading

• Google Docs phishing attack: How does it work?

  A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend against such an attack.  Continue Reading

• What's the best career path to get CISSP certified?

  The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP certified.  Continue Reading

• How did a Windows Defender antivirus bug enable remote exploits?

  A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it happened, and what to do about it.  Continue Reading

• Samsung S8 iris scanner: How was it bypassed?

  Hackers bypassed the Samsung S8 iris scanner, which could spell trouble for biometric authentication. Expert Nick Lewis explains how it happened and how to stay protected.  Continue Reading

• HP keylogger: How did it get there and how can it be removed?

  A keylogging flaw found its way into dozens of Hewlett Packard laptops. Nick Lewis explains how the HP keylogger works and what can be done about it.  Continue Reading

• What knowledge factors qualify for true two-factor authentication?

  Can two-factor authentication be applied to a mobile device that's used as a 2FA factor? Michael Cobb explores the different knowledge factors and uses for mobile devices.  Continue Reading

• Running a private certificate authority: What are the risks?

  Running a private certificate authority can pose significant risks and challenges to meet baseline requirements. Michael Cobb explores what enterprises should know.  Continue Reading

• How did an ImageMagick vulnerability endanger Yahoo servers?

  An ImageMagick vulnerability known as Yahoobleed could give hackers access to Yahoo servers. Expert Michael Cobb explains the flaw and how Yahoo handled the situation.  Continue Reading

• How does Google Play Protect aim to improve Android security?

  Google's new security platform, Google Play Protect, looks to decrease Android app security threats through machine learning. Michael Cobb explains how the new platform works.  Continue Reading

• Telerik web UI: Can the cryptographic weakness be mitigated?

  A cryptographic weakness was discovered in the Telerik web UI. Expert Judith Myerson alerts readers about this weakness and the alternative options for companies to explore.  Continue Reading

• How can hackers use subtitle files to control endpoint devices?

  New media player vulnerabilities have been exposed that enable hackers to use subtitle files to control devices. Expert Judith Myerson explains how this happens.  Continue Reading

• Foxit Reader vulnerabilities: What can be done to mitigate them?

  Two critical, zero-day Foxit Reader vulnerabilities haven't been patched and pose a threat to enterprises. Judith Myerson explains the vulnerabilities and how to mitigate them.  Continue Reading

• How are Windows shortcut files vulnerable to attacks?

  A Windows vulnerability targets shortcut files and enables hackers to automatically execute code. Expert Judith Myerson explains the flaw and how to stop it.  Continue Reading

• How does an Amazon Echo vulnerability enable attackers to eavesdrop?

  Hackers could take advantage of a physical Amazon Echo vulnerability to turn the Echo into a listening device. Judith Myerson explains how this works and what can be done about it.  Continue Reading

• How does the Ursnif Trojan variant exploit mouse movements?

  A new version of the Ursnif Trojan uses mouse movements to bypass security efforts by beating sandbox detection. Expert Matthew Pascucci explains how this technique works.  Continue Reading

• Flash's end of life: How should security teams prepare?

  Adobe Flash's end of life is coming, and it includes an incremental removal method, allotting security teams enough time to adjust. Matt Pascucci explains how changes can be made.  Continue Reading

• How does a private bug bounty program compare to a public program?

  Explore the differences of public versus private bug bounty programs, as well as the benefits of each one. Expert Mathew Pascucci explains the risk and return of both programs.  Continue Reading

• WoSign certificates: What happens when Google Chrome removes trust?

  Google Chrome has started removing trust in certificates issued by WoSign. Matthew Pascucci explains this decision and what it means for companies using WoSign certificates.  Continue Reading

• How can peer group analysis address malicious apps?

  Google is using machine learning and peer group analysis to protect against malicious Android apps in the Google Play Store. Matt Pascucci explains how this works.  Continue Reading

• Can the STIX security framework improve threat intelligence sharing?

  Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.  Continue Reading

• New WordPress malware: What to do about WP-Base-SEO

  A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to avoid it.  Continue Reading

• How can a DDoS reflection attack abuse CLDAP?

  A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against this new threat.  Continue Reading

• PINLogger: How does this exploit steal PINs?

  The proof-of-concept PINLogger attack exploits mobile device sensors to steal PINs. Nick Lewis explains how the attack works and offers advice on how to stop it.  Continue Reading

• Hajime IoT worm: Is it pure malware or vigilante malware?

  The Hajime IoT worm aims to help users tighten up security, whether they want to or not, but it's probably not a good security strategy. Expert Nick Lewis explains the risks.  Continue Reading

• How does a Magento Community Edition flaw allow remote attacks?

  As the Magento Community Edition suffers a new zero-day vulnerability, expert Nick Lewis explains how it's being exploited and how to mitigate the cross-site request forgery flaw.  Continue Reading

• Application containers: What are the major risks?

  NIST recently issued guidance on mitigating the security risks of application containers. Expert Judith Myerson outlines some of the risks and fixes highlighted in the guide.  Continue Reading

• How does BrickerBot threaten enterprise IoT devices?

  BrickerBot is similar to other IoT malware like Mirai, Hajime and others. Expert Judith Myerson explains what makes BrickerBot different, and what can be done to defend against it.  Continue Reading

• How can the Jenkins vulnerabilities in plug-ins be mitigated?

  A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should mitigate them.  Continue Reading

• Are long URLs better for security than short URLs?

  Shortened URLs are weak on security and easy for attackers to inject with malware. Expert Judith Myerson discusses how long URLs are more secure, despite the inconvenience.  Continue Reading

• How can users detect dangerous open ports in mobile apps?

  Some malicious apps can hijack smartphones and expose those devices with open ports. Expert Michael Cobb explains how this happens and how users can protect themselves.  Continue Reading

• How can memory corruption attacks threaten smartphones?

  Smartphone users could be at risk of memory corruption attacks because of a baseband vulnerability. Expert Michael Cobb explains the attack and how concerned users should be.  Continue Reading

• How do code-reuse attacks bypass Windows 10 security features?

  Certain Windows 10 security features can be bypassed with code-reuse attacks. Expert Michael Cobb explains how that works and what can be done to prevent it.  Continue Reading

• How is Pegasus malware different on Android than on iOS?

  Pegasus malware used to only target iOS devices, but a variant called Chrysaor now goes after Android devices, too. Expert Michael Cobb explains what users need to know about it.  Continue Reading

• How do network management systems simplify security?

  Network security teams can find themselves overwhelmed with protecting an enterprise network. Expert Matthew Pascucci explains how network management systems can help with that.  Continue Reading

• How can enterprises secure encrypted traffic from cloud applications?

  As enterprises use more cloud applications, they generate more encrypted traffic. Expert Matthew Pascucci discusses the challenges that presents for network security teams.  Continue Reading

• Should an enterprise BYOD strategy allow the use of Gmail?

  Using personal Gmail accounts for business purposes is not a secure enterprise BYOD strategy. Expert Matthew Pascucci discusses why companies should avoid implementing this tactic.  Continue Reading

• What should you do when third-party compliance is failing?

  Third-party compliance is a necessary part of securing your organization's data. Expert Matthew Pascucci discusses what to do if you suspect a business partner isn't compliant.  Continue Reading

• How is cross-platform malware carried in Word docs?

  Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks work and how to defend against them.  Continue Reading

• ATMitch malware: Can fileless ATM malware be stopped?

  How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it spreads.  Continue Reading

• DoubleAgent malware could turn antivirus tools into attack vector

  DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains how to contain the threat.  Continue Reading

• How does the MajikPOS malware evade detection?

  A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how to defend against it.  Continue Reading

• Why is the patched Apache Struts vulnerability still being exploited?

  An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform still carries risk for users.  Continue Reading

• Stopping EternalBlue: Can the next Windows 10 update help?

  The upcoming Windows update, Redstone 3, will patch the vulnerability that enables EternalBlue exploits. Expert Judith Myerson discusses protection methods to use until the update.  Continue Reading

• How does CrashOverride malware threaten industrial control systems?

  CrashOverride malware targets industrial control systems and can wreak havoc. Expert Judith Myerson explains the capabilities of the malware and what to do to stop it.  Continue Reading

• What is the best way to secure telematics information?

  SMS authentication is often used to secure telematics information, but it may not be strong enough. Expert Judith Myerson discusses why, and how to improve the protection of this data.  Continue Reading

• How can VMware vulnerabilities in vSphere expose credentials?

  Two VMware vulnerabilities in vSphere Data Protection were recently patched. Expert Judith Myerson explains how the flaws work and how to defend against them.  Continue Reading

• Libpurple flaw: How does it affect connected IM clients?

  The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains how the flaw works.  Continue Reading

• What tools can bypass Google's CAPTCHA challenges?

  The ReBreakCaptcha exploit can bypass Google's reCAPTCHA verification system using flaws in Google's own API. Expert Michael Cobb explains how the attack works.  Continue Reading