Ask the Experts

Ask the Experts

• How is Oracle Micros POS affected by CVE 2018-2636?

  A security researcher found a security flaw dubbed CVE-2018-2636 that enables the installation of malware on Oracle Micros POS systems. Learn more about the vulnerability.  Continue Reading

• What is missing from the NIST/DHS botnet security report?

  The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis.  Continue Reading

• Skygofree Trojan: What makes this spyware unique?

  Android malware was discovered by Kaspersky Labs and named Skygofree. This Trojan targets smartphones and tablets using spyware and gathers user information and app data.  Continue Reading

• Ransomware recovery: How can enterprises operate post-attack?

  A report detailed how Maersk recovered its infrastructure from a NotPetya ransomware attack along with its chosen recovery option. Expert Nick Lewis explains how it worked.  Continue Reading

• Okiru malware: How does this Mirai malware variant work?

  A Mirai variant has the ability to put billions of devices at risk of becoming part of a botnet. Discover how this works and what devices are at risk with expert Nick Lewis.  Continue Reading

• Facebook user data: How do malicious apps steal user data?

  Malicious apps collected Facebook user data through Facebook APIs. Expert Michael Cobb explains how social networking platforms can monitor third-party apps' access to data.  Continue Reading

• UPnP vulnerability: How is the UPnP protocol being misused?

  The UPnP protocol is being misused to distribute malware through home routers. Expert Michael Cobb explains the UPnP vulnerability and how to defend against it.  Continue Reading

• How do SDKs for ad networks cause data leaks?

  SDKs made user data susceptible to security vulnerabilities in mobile apps. Expert Michael Cobb explains how this security vulnerability put user data at risk.  Continue Reading

• What does the expansion of MANRS mean for BGP security?

  The Internet Society expanded MANRS to crack down on BGP security. Expert Michael Cobb explains what MANRS is and its implications for BGP server security.  Continue Reading

• Microsoft's NTFS flaw: What are the potential consequences?

  A security researcher exposed an NTFS flaw that Microsoft deliberately hasn't patched. Expert Michael Cobb explains how the bug works and why it isn't being treated as severe.  Continue Reading

• Powerhammering: Can a power cable be used in air-gapped attacks?

  Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power cables.  Continue Reading

• How does SirenJack put emergency warning systems at risk?

  Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. Judith Myerson explains how it works.  Continue Reading

• How is Apple iOS 11 affected by a QR code vulnerability?

  A QR code vulnerability was recently discovered in the Apple iOS 11 camera app. Learn how an attacker could exploit it and how to avoid the issue with Judith Myerson.  Continue Reading

• Bouncy Castle keystore: How are files vulnerable to brute force?

  BKS files are being exposed to hash collisions, enabling hackers to use brute force attacks against C# and Java applications. Learn how this occurs and possible solutions with Judith Myerson.  Continue Reading

• How did a Navarino Infinity flaw expose unauthenticated scripts?

  Navarino Infinity, a satellite communication system, found and fixed a flaw that exposed an unauthenticated script. Discover what threats this flaw enabled with Judith Myerson.  Continue Reading