Ask the Experts

Ask the Experts

• How can obfuscated macro malware be located and removed?

  A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware.  Continue Reading

• How does BENIGNCERTAIN exploit Cisco PIX firewalls?

  The BENIGNCERTAIN exploit affects certain versions of Cisco systems using the IKEv1 protocol. Expert Nick Lewis explains what the protocol does and how the vulnerability works.  Continue Reading

• How can open FTP servers be protected from Miner-C malware?

  Enterprises with open FTP servers are being targeted by Miner-C malware for crypto coin mining activities. Expert Nick Lewis explains how enterprises can protect their servers.  Continue Reading

• How does a security portfolio help an enterprise security program?

  A security portfolio shouldn't be used as an alternative to a reporting structure, but it can still be beneficial to enterprises. Expert Mike O. Villegas explains how.  Continue Reading

• What are the pros and cons of hiring a virtual CISO?

  A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons.  Continue Reading

• Who should be on an enterprise cybersecurity advisory board?

  What qualifications does a cybersecurity advisory board member need to best serve enterprises? Expert Mike O. Villegas outlines the most helpful backgrounds for board members.  Continue Reading

• What caused the ClixSense privacy breach that exposed user data?

  A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held accountable for their security practices.  Continue Reading

• How did iOS 10 security checks open brute force risk on local backups?

  A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks led to this vulnerability.  Continue Reading

• HTTP public key pinning: Is the Firefox browser insecure without it?

  HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael Cobb explains how HPKP works.  Continue Reading

• How did a Signal app bug let attackers alter encrypted attachments?

  The Signal app, used for end-to-end encrypted mobile messaging, contained a bug that allowed data to be added to attachments. Expert Michael Cobb explains the flaw.  Continue Reading

• How does Overseer spyware work on infected Android apps?

  Spyware was found on infected Android apps, which were meant to convey embassy information and news, in the Google Play Store. Expert Michael Cobb explains how the spyware works.  Continue Reading

• What are the best anti-network reconnaissance tools for Linux systems?

  Anti-network reconnaissance tools can prevent attackers from getting access to system information. Expert Judith Myerson goes over the best enterprise options.  Continue Reading

• How does DNSChanger take advantage of WebRTC protocols?

  WebRTC protocols are being targeted by a new version of the DNSChanger exploit kit. Judith Myerson explains how these attacks work and what enterprises should know.  Continue Reading

• Which encryption tools can secure data on IoT devices?

  Protecting the data that moves through the internet of things can be a challenge for enterprises. Expert Judith Myerson offers several encryption tools for the task.  Continue Reading

• How does a Netgear vulnerability enable command injection attacks?

  A Netgear vulnerability exposed a number of wireless router models to command injection attacks. Expert Judith Myerson explains how the attack works and how to stop it.  Continue Reading

• How does Stampado ransomware spread to external drives?

  The Stampado ransomware is a low-cost threat to networks and external drives. Expert Matthew Pascucci explains how Stampado works and how enterprises should handle it.  Continue Reading

• How serious are the flaws in St. Jude Medical's IoT medical devices?

  MedSec and Muddy Waters Capital revealed serious flaws in IoT medical devices manufactured by St. Jude Medical. Expert Nick Lewis explains the severity of these vulnerabilities.  Continue Reading

• How does RIPPER ATM malware use malicious EMV chips?

  RIPPER malware has been found responsible for the theft of $378,000 from ATMs in Thailand. Expert Nick Lewis explains how this ATM malware works.  Continue Reading

• How do facial recognition systems get bypassed by attackers?

  Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what can be done to prevent them.  Continue Reading

• How does USBee turn USB storage devices into covert channels?

  USB storage devices can be turned into covert channels with a software tool called USBee. Expert Nick Lewis explains how to protect your enterprise data from this attack.  Continue Reading

• How do man-in-the-middle attacks on PIN pads expose credit card data?

  Passive man-in-the-middle attacks on PIN pads can lead to attackers stealing credit card details. Expert Nick Lewis explains how companies can mitigate these attacks.  Continue Reading

• What effect does FITARA have on U.S. government cybersecurity?

  FITARA became a law in 2014, but government cybersecurity continues to struggle. Expert Mike O. Villegas discusses the effects of the law.  Continue Reading

• Are bug bounty programs secure enough for enterprise use?

  The use of bug bounty programs in enterprises is growing, but they aren't risk free. Expert Mike O. Villegas discusses some concerns related to bug bounties.  Continue Reading

• What are the potential pros and cons of a Cyber National Guard?

  A congressman proposed adding a Cyber National Guard to the military to protect the U.S. from cyber adversaries. Expert Mike O. Villegas examines the potential drawbacks of this branch.  Continue Reading

• Are investigations crucial to data breach protection?

  SWIFT banking has a team dedicated to data breach investigations. Expert Mike O. Villegas discusses why this is necessary and whether other organizations should follow suit.  Continue Reading

• How are hackers using Twitter as C&C servers for malware?

  C&C servers have been replaced with Twitter accounts, which spread the Android Trojan Twitoor to user devices. Expert Michael Cobb explains how to stop this attack.  Continue Reading

• How can two-factor authentication systems be used effectively?

  Two-factor authentication systems require more than using codes sent through SMS and smart cards. Expert Michael Cobb explains how to properly and effectively implement 2FA.  Continue Reading

• How does a Linux vulnerability allow attacks on TCP communications?

  A Linux vulnerability that affects 80% of Android devices allows for attacks on TCP communications and remote code execution. Expert Michael Cobb explains how to mitigate these risks.  Continue Reading

• What new NIST password recommendations should enterprises adopt?

  NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note.  Continue Reading

• Should one cybersecurity mistake mean the end of a CEO's career?

  In one case, a tenured CEO made one cybersecurity mistake and was fired. Expert Mike O. Villegas discusses whether this sets a precedence for enterprises going forward.  Continue Reading

• What should happen after an employee clicks on a malicious link?

  The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack.  Continue Reading

• How can users protect mobile devices from SandJacking attacks?

  Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack.  Continue Reading

• Can an HTML5 document with a digital signature be authenticated?

  A digital signature on an HTML5 document cannot be authenticated the same way a PDF can. Expert Michael Cobb explains how enterprises should address this issue.  Continue Reading

• How would a cyberattack information database affect companies?

  A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach information means for U.S. companies.  Continue Reading

• How can security automation tools keep organizations protected?

  Sometimes security teams fall into 'set and forget' habits with security automation. Expert Mike O. Villegas explains how to take advantage of automation while staying secure.  Continue Reading

• Is settling a data breach lawsuit the best option for enterprises?

  In the unfortunate event of a data breach lawsuit, it's often better to settle before the case reaches court. Expert Mike O. Villegas explains why and how CISOs can help.  Continue Reading

• Are new cybersecurity products the best investment for enterprises?

  Having the latest cybersecurity products isn't always the best way to approach security. Expert Mike O. Villegas explains why and how to deal with pressure to buy new.  Continue Reading

• How can the AirDroid app phone hijacking be prevented?

  A vulnerability in the AirDroid device manager app left users at risk of phone hijacking. Expert Michael Cobb explains how the exploit works, and what can be done to prevent it.  Continue Reading

• What new Asacub Trojan features should enterprises watch out for?

  The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching out for.  Continue Reading

• How can Kerberos protocol vulnerabilities be mitigated?

  Microsoft's Kerberos protocol implementation has long-standing issues with its secret keys. Expert Michael Cobb explains how to mitigate the authentication vulnerabilities.  Continue Reading

• How does the banking Trojan Dyreza exploit Windows 10?

  A variant of banking Trojan Dyreza has begun to target Windows 10. Expert Nick Lewis explains the new attack functionalities, and Windows 10 and user vulnerabilities.  Continue Reading

• How does the M-Pesa service work and what are the risks?

  How does mobile microfinancing service M-Pesa allow users to make transactions without a bank account? Expert Michael Cobb explains how it works and M-Pesa security measures.  Continue Reading

• What are the differences between active boards and passive boards?

  Both active and passive boards of directors have different approaches to handling cybersecurity within their organizations. Here's how to tell which type you have.  Continue Reading

• What's the difference between two-step verification and 2FA?

  The terms two-step verification and two-factor authentication are used interchangeably, but do they differ from one another? Expert Michael Cobb explains.  Continue Reading

• What are the latest SEC Risk Alert findings?

  The latest SEC Risk Alert from the OCIE has important updates for financial services firms. Expert Mike Chapple reviews the report.  Continue Reading

• Outdated apps: What are the best ways to address them?

  Dead and outdated apps can pose serious security risks for enterprises. Expert Nick Lewis explains how to find and remove dead apps before they become a problem.  Continue Reading

• What privacy regulations should enterprises follow?

  The U.S. government has been criticized for its lack of updated privacy regulations. Expert Mike Chapple advises enterprises that want to bolster their privacy policies.  Continue Reading

• How does the new voicemail phishing scam work?

  A new phishing scam uses voicemail notification emails to spread malware. Expert Nick Lewis explains how this attack works and how enterprises can prevent it.  Continue Reading

• Is the FedRAMP certification making a difference?

  There was speculation in the security world over whether the FedRAMP certification would be helpful or not. Now that it's in full use, Mike Chapple looks at the state of FedRAMP.  Continue Reading

• Should the RC4 cipher still be used in enterprises?

  A newly discovered attack can break the RC4 cipher and decrypt user cookies. Expert Michael Cobb explains the attack and the relevance of RC4 in enterprises today.  Continue Reading

• How can software transplants fix bad code?

  Copying and pasting bad code into an application is a big problem for developers, but software transplants can help. Expert Michael Cobb explains the technology.  Continue Reading

• Moose worm: How can enterprises stop social media fraud?

  A Linux-based Moose worm causes social media fraud through infected routers. Expert Nick Lewis explains how the Moose worm works and how to avoid it.  Continue Reading

• What data breach notification policy should enterprises follow?

  A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best practices.  Continue Reading

• Can Google's Chrome extension policy improve Web security?

  The updated Chrome extension policy allows users and developers to only install extensions from the Chrome Web Store. Learn how this affects security and enterprise apps.  Continue Reading

• Why did Anthem resist government vulnerability assessments?

  Vulnerability assessments are often a requirement for organizations that have suffered a data breach and the assessors' results can be invaluable to protect a business.  Continue Reading

• How should enterprises manage social media compliance incidents?

  Social media compliance incidents in financial institutions are on the rise. Here are the most common violations and how to avoid them in the future.  Continue Reading

• How can power consumption-tracking malware be avoided?

  Malware authors are using power consumption tracking-malware to eavesdrop on and attack mobile devices. Expert Nick Lewis explains the threat and how to defend against it.  Continue Reading

• Should security funds be dedicated to hiring or tools?

  Security funds can be tough to come by, so when managers get them should they focus on strengthening security through hiring or through purchasing tools?  Continue Reading

• Should the Netdump flaw deter enterprise ODL SDN use?

  The benefits of the ODL SDN platform are promising, but what about the recent Netdump flaw it experienced? Expert Kevin Beaver discusses why you may not want to pass on OpenDayligh just yet.  Continue Reading

• Can a new encryption trick prevent reverse engineering?

  Expert Michael Cobb explains how reverse engineering can be made more difficult with an approach called Hardened Anti-Reverse Engineering System or HARES.  Continue Reading

• Our AWS encryption keys were exposed accidentally -- now what?

  Exposing encryption keys is never a good thing, but knowing the steps to take after such an incident can help limit damage to an enterprise. Expert Dan Sullivan explains.  Continue Reading

• How can I mitigate the risks of alternative Android browsers?

  Expert Michael Cobb explains the security risks surrounding alternative Web browsers, as well as approaches enterprises can take to prevent BYOD employees from using them.  Continue Reading

• What do organizations need to know about privacy in a HIPAA audit?

  A HIPAA audit covers privacy compliance, and organizations need to be prepared. Expert Mike Chapple discusses privacy in the audits.  Continue Reading

• Can simple photography beat biometric systems?

  Simple photography cracking biometric systems highlights the need for two-factor authentication in enterprises according to expert Randall Gamby.  Continue Reading

• How should we hire for specialized information security roles?

  A rise in specialized roles puts extra pressure on security hiring. Expert Mike O. Villegas explains how to meet this demand and find talented security professionals.  Continue Reading

• The CEO refuses cybersecurity best practices: Now what?

  Some executives don't think cybersecurity best practices apply to them. Expert Mike O. Villegas explains how to handle that situation.  Continue Reading

• AWS security groups vs. traditional firewalls: What's the difference?

  AWS security groups provide network-based blocking mechanisms, much like traditional firewalls. Expert Dan Sullivan explains the differences between the two.  Continue Reading

• Do HIPAA compliance requirements change during health crises?

  Outbreaks of Ebola caused widespread fear, but should enterprises be worried about the effect on HIPAA compliance requirements? Compliance expert Mike Chapple explains.  Continue Reading

• What are the secrets to SIEM deployment success?

  Many organizations deploy security information and event management systems without the proper planning and therefore can't reap the proper rewards. Expert Kevin Beaver offers tips for a successful implementation.  Continue Reading

• How should agencies prepare for federal security scanning?

  What do agencies need to consider before going through the Department of Homeland Security's network security scanning? Expert Mike Chapple answers.  Continue Reading

• What's the best way to find enterprise compliance tools?

  Looking for compliance tools? Expert Mike Chapple explains why the best place to start the search is within your own information security infrastructure.  Continue Reading

• Can setting a cache-control header improve application data security?

  Application security expert Michael Cobb reviews the cache-control header codes that can help prevent a Web application from storing sensitive data.  Continue Reading

• Are LibreSSL and BoringSSL safe OpenSSL alternatives?

  Since the revelation of the Heartbleed flaw, OpenSSL security has been put into question. Expert Michael Cobb discusses whether LibreSSL and BoringSSL could serve as OpenSSL alternatives.  Continue Reading

• How can vishing attacks be prevented?

  Enterprise threats expert Nick Lewis explains what vishing attacks are and offers best practices for defending against them.  Continue Reading

• How vulnerable is Silverlight security?

  Microsoft Silverlight has been in the spotlight due to an increase in the number of exploit kits it is included in. Expert Nick Lewis explains the threat's severity and how to mitigate it.  Continue Reading

• SHA-2 algorithm: The how and why of the transition

  Is it time to make the move to the SHA-2 algorithm? Application security expert Michael Cobb discusses and offers tips to ease the transition.  Continue Reading

• When single sign-on fails, is a second SSO implementation worthwhile?

  After a failed SSO implementation, is there any benefit to an enterprise trying again? Expert Michele Chubirka discusses.  Continue Reading

• Authentication caching: How it reduces enterprise network congestion

  Michael Cobb explores the pros and cons of authentication caching and whether the practice can truly calm network strain.  Continue Reading

• Why TCP traffic spikes with source port zero should sound an alarm

  Are spikes in TCP traffic with source port zero warning signs that future attacks are imminent? Discover why enterprises should be concerned.  Continue Reading

• Preventing plaintext password problems in Google Chrome

  Plaintext passwords are risky business. Michael Cobb discusses what Google says about the Chrome password vulnerability and potential exploits.  Continue Reading

• Femtocell security: Defending against a femtocell hack

  The risk of a femtocell hack is a real enterprise concern. Nick Lewis explains why and explores how to defend against an attack.  Continue Reading

• Heap spray attacks: Details and mitigations for new techniques

  Expert Nick Lewis details a new heap spray attack technique and provides mitigations for both new and old heap spray attacks.  Continue Reading

• Use John the Ripper to test network devices against brute forcing

  Enterprise IT security organizations should test network devices using John the Ripper to ensure they are not susceptible to brute-force attacks.  Continue Reading

• The value of 2,048-bit encryption: Why encryption key length matters

  Leading browsers are required to use 2,048-bit length keys by the end of the year, but what effect does this have on security?  Continue Reading

• Can an unqualified domain name cause man-in-the-middle attacks?

  An unqualified domain name can make reaching internal resources easier, but expert Michael Cobb warns that man-in-the-middle attacks could result.  Continue Reading

• Fiber optic networking: Assessing security risks

  Matthew Pascucci discusses the potential security risks associated with fiber optic networking.  Continue Reading

• Bing security: Is search engine poisoning a problem for Bing users?

  Is Microsoft's Bing search engine more susceptible to search engine poisoning than Google? Expert Michael Cobb discusses Bing security.  Continue Reading

• What risk does the Apple UDID security leak pose to iOS users?

  Expert Michael Cobb details Apple's Unique Device Identifiers, plus why iOS users should be concerned about the Anonymous UDID security leak.  Continue Reading

• How to implement firewall policy management with a 5-tuple firewall

  Matt Pascucci explains how to implement firewall policy management for 5-tuple firewalls when ports must be kept open for business reasons.  Continue Reading

• Does .cc domain malware demand domain blocking?

  Learn how to deal with .cc domain malware threats found within DNS traffic. Is domain blocking at the perimeter the best defense strategy?  Continue Reading

• Is it possible to prevent DDoS attacks?

  A distributed denial-of-service (DDoS) attack can consume all your network bandwidth. Learn how to prevent a DDoS attack in this expert response.  Continue Reading

• OAuth 2.0: Pros and cons of using the federation protocol

  Learn the advantages and disadvantages of using Open Authorization for Web application authentication.  Continue Reading

• Comparing relational database security and NoSQL security

  In this introduction to database security, expert Michael Cobb explains the differences between relational database and NoSQL security.  Continue Reading

• Insufficient authorization: Hardening Web application authorization

  Insufficient authorization errors can lead to Web app compromises and data loss. Learn how to fix these authorization errors.  Continue Reading

• Comparing certifications: ISO 27001 vs. SAS 70, SSAE 16

  Learn about ISO 27001 vs. SAS 70, and why enterprises should pay attention to SSAE 16 over SAS 70.  Continue Reading

• How to mitigate the risk of a TOCTTOU attack

  Are TOCTTOU attacks, exploiting time-of-check-to-time-of-use race conditions, a threat to your enterprise file systems? Expert Michael Cobb discusses the dangers and how to mitigate them.  Continue Reading

• How MAC and HMAC use hash function encryption for authentication

  Hash function encryption is the key for MAC and HMAC message authentication. See how this differs from other message authentication tools from expert Michael Cobb.  Continue Reading

• Locate IP address location: How to confirm the origin of a cyberattack

  What's the best way to determine the origin of a cyberattack? Expert Nick Lewis weighs in.  Continue Reading

• IEEE 802.11: Handling the standard's wireless network vulnerabilities

  IEEE 802.11 has several known vulnerabilities, so what's the best way for enterprises to handle them? Expert Anand Sastry explains.  Continue Reading

• Why it's important to turn on DEP and ASLR Windows security features

  In the quest for application security, many developers are disabling or incorrectly implementing two important Windows security features. In this expert response, Michael Cobb explains why ASLR and DEP should always be turned on.  Continue Reading