Ask the Experts

Ask the Experts

• How is the Samba vulnerability different from EternalBlue?

  A recently discovered Samba vulnerability bears a striking resemblance to the notorious Windows exploit EternalBlue. Expert Matthew Pascucci compares the two vulnerabilities.  Continue Reading

• Can a PCI Internal Security Assessor validate level 1 merchants?

  A PCI Internal Security Assessor might not be the best bet to validate the compliance of a level 1 service provider. Expert Matthew Pascucci explains why and the alternative.  Continue Reading

• How can OSS-Fuzz and other vulnerability scanners help developers?

  Google's OSS-Fuzz is an open source vulnerability scanner. Expert Matthew Pascucci looks at how developers can take advantage of this tool and others like it.  Continue Reading

• Did DDoS attacks cause the FCC net neutrality site to go down?

  The FCC net neutrality comment site crashed, and it was blamed on DDoS attacks. Expert Matthew Pascucci looks at the technical side of this incident and what was behind it.  Continue Reading

• Samsung Knox platform: Can it improve Android device security?

  Application security expert Michael Cobb discusses the Samsung Knox platform and its ability to improve Android device security in the enterprise.  Continue Reading

• What tools were used to hide fileless malware in server memory?

  Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the wider fileless malware trend.  Continue Reading

• How are FTP injection attacks carried out on Java and Python?

  Vulnerabilities in Java and Python have opened them up to possible FTP injections. Expert Nick Lewis explains how enterprises can mitigate these attacks.  Continue Reading

• ASLR side-channel attack: How is JavaScript used to bypass protection?

  Researchers have developed an ASLR Cache side-channel attack that enables them to eliminate ASLR protections. Expert Nick Lewis explains how JavaScript code is used in the attack.  Continue Reading

• SQL Slammer worm returns: How risky is it for enterprises?

  The SQL Slammer worm has re-emerged to attack a vulnerability in Microsoft SQL Server 2000. Expert Nick Lewis explains what enterprises can do to manage out-of-date systems.  Continue Reading

• How do the malware implants RedLeaves and PlugX work?

  Malware implants RedLeaves and PlugX infected networked systems in multiple industries and leveraged stolen administrator credentials. Expert Judith Myerson explains how it works.  Continue Reading

• How can users protect themselves from the DocuSign phishing email?

  A DocuSign phishing email with a link to a malicious Word document recently targeted the company's users. Expert Judith Myerson outlines six ways to avoid this type of attack.  Continue Reading

• Android sandboxing tools: How can work data separation be bypassed?

  Android for Work's sandboxing tools, which split work and personal profiles, can be bypassed with a proof-of-concept attack. Expert Michael Cobb explains how the attack works.  Continue Reading

• What made iOS apps handling sensitive data vulnerable to MitM attacks?

  A researcher discovered 76 iOS apps containing sensitive user data that were vulnerable to man-in-the-middle attacks. Expert Michael Cobb explains how developers can prevent this.  Continue Reading

• WordPress REST API flaw: How did it lead to widespread attacks?

  A REST API endpoint vulnerability enabled attacks on 1.5 million sites running WordPress. Expert Michael Cobb explains how this vulnerability works and how to prevent attacks.  Continue Reading

• How are hackers using Unicode domains for spoofing attacks?

  A proof of concept showed that hackers can use Unicode domains to make phishing sites look legitimate. Expert Matthew Pascucci explains how this spoofing attack works.  Continue Reading

• How does the Microsoft Authenticator application affect password use?

  The Microsoft Authenticator application enables smartphone-based, two-factor authentication and attempts to reduce the use of passwords. Expert Matthew Pascucci explains how.  Continue Reading

• How did Webroot's antivirus signature update create false positives?

  A Webroot antivirus signature update flagged Windows and Windows applications as dangerous. Expert Matthew Pascucci explains how it happened and what Webroot did about it.  Continue Reading

• How does the Antbleed backdoor vulnerability work?

  Antbleed, a backdoor vulnerability, was discovered in bitcoin mining equipment. Expert Matthew Pascucci explains how the Bitmain flaw works and how it can be prevented.  Continue Reading

• Fruitfly Mac malware: How does its decades-old code work?

  The Fruitfly Mac malware has decades-old code, but has been conducting surveillance attacks for over two years without detection. Expert Nick Lewis explains how it works.  Continue Reading

• What are HummingWhale malware's new ad fraud features?

  A HummingBad malware variant, HummingWhale, was discovered being spread through 20 apps on the Google Play Store. Expert Nick Lewis explains the malware's new features.  Continue Reading

• Heartbleed vulnerability: Why does it persist on so many services?

  The Heartbleed flaw still impacts almost 200,000 services connected to the internet. Expert Nick Lewis explains why these services remain unpatched and vulnerable.  Continue Reading

• How did thousands of MongoDB databases get hijacked?

  Thousands of MongoDB configurations were hijacked due to poor authentication practices. Expert Nick Lewis explains how organizations can properly configure their implementations.  Continue Reading

• Why do HTTPS interception tools weaken TLS security?

  HTTPS interception tools help protect websites, but they can also hurt TLS security. Expert Judith Myerson explains how this works and what enterprises can do about it.  Continue Reading

• How do Linksys router vulnerabilities expose user data?

  Router vulnerabilities in over 20 Linksys models expose user data to attackers. Expert Judith Myerson explains how the flaws work and how to protect against them.  Continue Reading

• How can DevOps application lifecycle management protect digital keys?

  Better DevOps application lifecycle management can help protect cryptographic and digital keys. Expert Judith Myerson explains the right approaches to secure DevOps.  Continue Reading

• How can Bosch's diagnostic dongle be leveraged by hackers?

  Hacks on a car's diagnostic dongle can completely take over the vehicle and even shut off the engine. Expert Judith Myerson explains how this works and how to prevent it from happening.  Continue Reading

• How do attackers use Microsoft Application Verifier for hijacking?

  Attackers found a way to use Microsoft Application Verifier to hijack security products, like antivirus tools. Expert Judith Myerson explains how it's done and what to do to stop it.  Continue Reading

• How can a NULL pointer dereference flaw create a DoS attack?

  A flaw in the open source graphics library libpng enabling denial-of-service attacks was discovered. Expert Michael Cobb explains how the vulnerability works.  Continue Reading

• The Apple Notify flaw: How does it allow malicious script injection?

  Flaws in the Apple Notify function and iTunes can enable attackers to inject malicious script into the application side. Expert Michael Cobb explains how these vulnerabilities work.  Continue Reading

• How does Facebook's Delegated Recovery enable account verification?

  Facebook's Delegated Recovery aims to replace knowledge-based authentication with third-party account verification. Expert Michael Cobb explains how this protocol works.  Continue Reading

• Adobe Acrobat Chrome extension: What are the risks?

  An Adobe Acrobat extension was automatically installed onto users' Chrome browsers during an update. Expert Michael Cobb explains the problems that existed with the extension.  Continue Reading

• Cisco WebEx extension flaw: How does the patch fall short?

  Cisco's WebEx extension flaw was patched to prevent remote code execution from all but WebEx sites. Expert Michael Cobb explains how this flaw could still introduce risk to users.  Continue Reading

• How can the latest LastPass vulnerabilities be mitigated?

  More LastPass vulnerabilities were recently discovered. Expert Matthew Pascucci explains the flaws, as well as what enterprises can do to mitigate the threat they pose.  Continue Reading

• How does a privacy impact assessment affect enterprise security?

  A privacy impact assessment can help enterprises determine where their data is at risk of exposure. Expert Matthew Pascucci explains how and when to conduct these assessments.  Continue Reading

• Why is patching telecom infrastructures such a challenge?

  Patching telecom infrastructures presents many challenges. Expert Matthew Pascucci explains those challenges and what can be done to make sure the systems get patched anyway.  Continue Reading

• Domain validation certificates: What are the security issues?

  Let's Encrypt domain validation certificates had some security issues. Expert Matthew Pascucci explains how DV certificates work and what the issues were.  Continue Reading

• What MongoDB security issues are still unresolved?

  There are some MongoDB security issues that have yet to be resolved. Expert Matthew Pascucci discusses the risks and how to protect your enterprise from them.  Continue Reading

• How can customer service staff spot social engineering email attacks?

  Social engineering emails targeted at customer service staff have led to the spread of the August malware. Expert Nick Lewis explains how to identify and mitigate these attacks.  Continue Reading

• How does the Stegano exploit kit use malvertising to spread?

  A malvertising campaign by the AdGholas group has been found spreading the Stegano exploit kit. Expert Nick Lewis explains how web advertisements are used in this attack.  Continue Reading

• How does Rakos malware attack embedded Linux systems?

  Rakos malware is attempting to build a botnet by attacking embedded Linux systems. Expert Nick Lewis explains how enterprises can prevent attacks on their systems.  Continue Reading

• Switcher Android Trojan: How does it attack wireless routers?

  The Switcher Trojan spreads to Android devices through the wireless router to which they are connected. Expert Nick Lewis explains how this attack is carried out.  Continue Reading

• Can BGP anycast addressing be used for DDoS attacks?

  The BGP anycast addressing technique could potentially be used for malicious purposes. Expert Judith Myerson explains how this might work and what types of attacks to look out for.  Continue Reading

• What is the SS7 protocol and what are its security implications?

  The SS7 protocol has been a source of controversy lately because of its security vulnerabilities. Expert Judith Myerson explains what the protocol is and what its issues are.  Continue Reading

• How can a smart TV security vulnerability be mitigated?

  A smart TV security vulnerability could potentially be exploited to steal the owner's data. Expert Judith Myerson explains how this works and offers tips on how to protect yourself.  Continue Reading

• What is NIST's guidance on lightweight cryptography?

  NIST released a report on lightweight cryptography. Expert Judith Myerson reviews what the report covers and what NIST recommends for standardization.  Continue Reading

• How did a Slack vulnerability expose user authentication tokens?

  A Slack vulnerability exposed user authentication tokens and enabled hackers to access private data. Expert Matthew Pascucci explains how and why this hack was successful.  Continue Reading

• Should the Vulnerabilities Equities Process be codified into law?

  The Vulnerabilities Equities Process is a controversial subject. Expert Matthew Pascucci looks at the arguments for and against codifying it into law.  Continue Reading

• Are separate administrator accounts a good idea for enterprises?

  Separate administrator accounts are becoming a normal part of access policies in enterprises. Expert Matthew Pascucci explains why this is a good idea and how to implement it.  Continue Reading

• How should companies prepare for EU GDPR compliance?

  Companies that don't meet GDPR compliance standards by May 2018 will be fined. Expert Matthew Pascucci looks at how Microsoft is preparing, and what other companies should do to comply with GDPR.  Continue Reading

• How effective is geofencing technology as a security method?

  Geofencing technology is increasingly being used as a security tactic, such as to control access to servers with DNS settings. Expert Michael Cobb explains how it works.  Continue Reading

• Why did the PHPMailer library vulnerability have to be patched twice?

  After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the critical vulnerability works.  Continue Reading

• Same-origin policy: How did Adobe Flash Player's implementation fail?

  The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb explains how this flaw occurred.  Continue Reading

• How can a distributed guessing attack obtain payment card data?

  Attackers can gather payment card data by carrying out distributed guessing with a minimal amount of existing information. Expert Michael Cobb explains how this attack works.  Continue Reading

• Panasonic Avionics IFE systems: How serious are the vulnerabilities?

  Panasonic Avionics' in-flight entertainment system vulnerabilities allow attackers to tamper with passenger seat displays. Expert Michael Cobb explains the impact of these flaws.  Continue Reading

• How does an active defense system benefit enterprise security?

  Active defense systems work as deception techniques on private networks, but are they good for enterprise use? Expert Judith Myerson discusses some options.  Continue Reading

• How does the boot mode vulnerability in Android work?

  A boot mode vulnerability allowed attackers to eavesdrop on calls made on certain Android devices. Expert Judith Myerson explains how the complex exploit works.  Continue Reading

• How can enterprises stop the Flip Feng Shui exploit from hijacking VMs?

  The Flip Feng Shui attack can target virtual machines. Expert Judith Myerson explains the exploit and describes how to prevent it from hijacking enterprise VMs.  Continue Reading

• How does Ticketbleed affect session ID security?

  The Ticketbleed bug in some F5 Networks products caused session IDs and uninitialized memory to leak. Expert Judith Myerson explains what a session ID is and how attackers use it.  Continue Reading

• How does USB Killer v3 damage devices through their USB connections?

  USB Killer devices, with the ability to destroy systems via a USB input, are available and inexpensive. Expert Nick Lewis explains how they work and how to defend against this threat.  Continue Reading

• How does Exaspy spyware disguise itself on Android devices?

  Exaspy spyware, which can access messages, video chats and more, was found on Android devices owned by executives. Expert Nick Lewis explains how Exaspy is able to avoid detection.  Continue Reading

• How does Nemucod malware get spread through Facebook Messenger?

  The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available protections against this attack.  Continue Reading

• How does the PoisonTap exploit bypass password locks on computers?

  The PoisonTap exploit can bypass password locks on computers, enabling an attacker to remotely control systems. Expert Nick Lewis explains how the attack works.  Continue Reading

• What should be included in a social media security policy?

  A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media policies.  Continue Reading

• How have ARM TrustZone flaws affected Android encryption?

  Android encryption on devices using Qualcomm chips can be broken due to two vulnerabilities. Expert Michael Cobb explains how these flaws affect encryption.  Continue Reading

• How serious is a malicious DLL file vulnerability for enterprises?

  A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability and its classification.  Continue Reading

• How does a WebKit framework flaw enable denial-of-service attacks?

  A vulnerability in Apple's WebKit framework allows attackers to initiate phone calls through mobile apps on victims' devices. Expert Michael Cobb explains how the attack works.  Continue Reading

• How did firmware create an Android backdoor in budget devices?

  An Android backdoor was discovered in the Ragentek firmware used in almost three million low-cost devices. Expert Michael Cobb explains how to prevent attacks on affected devices.  Continue Reading

• Google Cloud KMS: What are the security benefits?

  Google Cloud KMS is a new encryption key management service available for Google customers. Expert Matthew Pascucci discusses how this service works and its security benefits.  Continue Reading

• How did vulnerabilities in AirWatch Agent and Inbox work?

  Flaws in AirWatch Agent and AirWatch Inbox allowed rooted devices to bypass the software's security measures. Expert Matthew Pascucci explains how these vulnerabilities worked.  Continue Reading

• How does a U2F security key keep Facebook users safe?

  Universal second factor devices can be used to strengthen authentication on major websites such as Facebook. Expert Matthew Pascucci explains how U2F works.  Continue Reading

• How can users tell if Windows SMB v1 is on their systems?

  US-CERT encouraged users to use newer versions of Windows SMB, since version one is out of date. Expert Matthew Pascucci explains how to tell if SMB v1 is on your systems.  Continue Reading

• How do identity governance and access management systems differ?

  Identity governance and access management systems overlap naturally, but they are still distinct. Expert Matthew Pascucci explains the difference between these two aspects of IAM.  Continue Reading

• How does the Locky ransomware file type affect enterprise protection?

  Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust protections for this shift.  Continue Reading

• Hajime malware: How does it differ from the Mirai worm?

  Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime differs from Mirai.  Continue Reading

• How does the Drammer attack exploit ARM-based mobile devices?

  Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ARM processors.  Continue Reading

• How can attackers turn Instagram into C&C infrastructure?

  An Instagram application can be turned into C&C infrastructure with the help of image steganography malware attacks. Expert Nick Lewis explains how this works.  Continue Reading

• Pork Explosion Android flaw: How is it used to create a backdoor?

  The Pork Explosion vulnerability present in some Foxconn-created app bootloaders can be used to create an Android backdoor. Expert Nick Lewis explains how the flaw works.  Continue Reading

• Can CISOs facilitate peace between privacy and information security?

  Privacy and information security can often be at odds with each other in enterprises. Expert Mike O. Villegas explains how C-levels can help to get the two to work in harmony.  Continue Reading

• How can CISOs strengthen communications with cybersecurity staff?

  Effective CISO communications are key to fostering a healthy relationship with the cybersecurity staff. Expert Mike O. Villegas reviews some ways to build that relationship.  Continue Reading

• What effect does a federal CISO have on government cybersecurity?

  The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture.  Continue Reading

• Attack by TIFF images: What are the vulnerabilities in LibTIFF?

  Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how these vulnerabilities work.  Continue Reading

• CJIS Security Policy: How can companies ensure FIPS compliance?

  Companies and government agencies handling criminal justice information need to comply with CJIS Security Policy. Expert Michael Cobb explains the cryptographic modules to use.  Continue Reading

• How can attacks bypass ASLR protection on Intel chips?

  An Intel chip flaw lets attackers bypass ASLR protection on most operating systems. Expert Michael Cobb explains the vulnerability and how to prevent attacks.  Continue Reading

• How can the Dirty COW vulnerability be used to attack Android devices?

  A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack.  Continue Reading

• SHA-1 certificates: How will Mozilla's deprecation affect enterprises?

  Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do.  Continue Reading

• What's the best corporate email security policy for erroneous emails?

  If an employee receives invalidated emails, should the corporate email security policy handle it? Expert Matthew Pascucci discusses the rights of the enterprise.  Continue Reading

• What should enterprises know about how a stored XSS exploit works?

  A stored XSS exploit can be damaging to enterprises that aren't fully protected. Expert Matthew Pascucci explains what stored XSS attacks are and how to defend against them.  Continue Reading

• What basic steps can improve network device security in enterprises?

  Network device security is a big problem for enterprises, but there are some basic steps they can take to improve it. Expert Matthew Pascucci outlines the process.  Continue Reading

• How can enterprises leverage Google's Project Wycheproof?

  Google's Project Wycheproof tests crypto libraries for known vulnerabilities, but there are potential drawbacks to this tool. Expert Matthew Pascucci explains them.  Continue Reading

• IoT malware: How can internet-connected devices be secured?

  IoT botnet DDoS attacks have been growing in volume and impact. Expert Nick Lewis explains how you can ensure your internet-connected devices are secure from IoT malware.  Continue Reading

• How can obfuscated macro malware be located and removed?

  A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware.  Continue Reading

• How does BENIGNCERTAIN exploit Cisco PIX firewalls?

  The BENIGNCERTAIN exploit affects certain versions of Cisco systems using the IKEv1 protocol. Expert Nick Lewis explains what the protocol does and how the vulnerability works.  Continue Reading

• How can open FTP servers be protected from Miner-C malware?

  Enterprises with open FTP servers are being targeted by Miner-C malware for crypto coin mining activities. Expert Nick Lewis explains how enterprises can protect their servers.  Continue Reading

• How does a security portfolio help an enterprise security program?

  A security portfolio shouldn't be used as an alternative to a reporting structure, but it can still be beneficial to enterprises. Expert Mike O. Villegas explains how.  Continue Reading

• What are the pros and cons of hiring a virtual CISO?

  A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons.  Continue Reading

• Who should be on an enterprise cybersecurity advisory board?

  What qualifications does a cybersecurity advisory board member need to best serve enterprises? Expert Mike O. Villegas outlines the most helpful backgrounds for board members.  Continue Reading

• What caused the ClixSense privacy breach that exposed user data?

  A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held accountable for their security practices.  Continue Reading

• How did iOS 10 security checks open brute force risk on local backups?

  A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks led to this vulnerability.  Continue Reading

• HTTP public key pinning: Is the Firefox browser insecure without it?

  HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael Cobb explains how HPKP works.  Continue Reading

• How did a Signal app bug let attackers alter encrypted attachments?

  The Signal app, used for end-to-end encrypted mobile messaging, contained a bug that allowed data to be added to attachments. Expert Michael Cobb explains the flaw.  Continue Reading