Ask the Experts

Ask the Experts

• Why is preloading HTTP Strict Transport Security risky?

  Despite being designed to improve security, infosec experts have warned against preloading the HSTS protocol. Learn about the risks of preloaded HSTS with Judith Myerson.  Continue Reading

• Faxploit: How can sending a fax compromise a network?

  Check Point researchers found a fax machine attack allowing attackers to access scanned documents. Discover how this is possible and how users can avoid falling victim.  Continue Reading

• FragmentSmack: How is this denial-of-service exploited?

  FragmentSmack, a DDoS vulnerability first discovered in Linux, affects Windows as well as nearly 90 Cisco products. Discover how it can be exploited with Judith Myerson.  Continue Reading

• L1TF: How do new vulnerabilities affect Intel processors?

  New speculative execution vulnerabilities have been found affecting Intel processors. Learn how these flaws can lead to side-channel attacks with Judith Myerson.  Continue Reading

• How did WhatsApp vulnerabilities get around encryption?

  WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work and how to prevent them.  Continue Reading

• How can users remove Google location tracking completely?

  Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking entirely with expert Michael Cobb.  Continue Reading

• How does TLS 1.3 differ from TLS 1.2?

  Compared to TLS 1.2, TLS 1.3 saw improvements in security, performance and privacy. Learn how TLS 1.3 eliminated vulnerabilities using cryptographic algorithms.  Continue Reading

• How do L1TF vulnerabilities compare to Spectre?

  Foreshadow, a set of newly discovered L1TF vulnerabilities, exploits Intel processors via side-channel attacks. Learn about L1TF and its variations from expert Michael Cobb.  Continue Reading

• What are the security risks of third-party app stores?

  Unlike most apps developed in app stores, users can download Fortnite from Epic Games' website. Expert Michael Cobb explains the security risks of third-party app stores.  Continue Reading

• How did the Emotet banking Trojan lead to a rise in attacks?

  A report on cybercrime shows a rise in banking Trojans, such as Emotet, targeting businesses over consumers. Malwarebytes' Adam Kujawa shares his thoughts on what's behind this shift.  Continue Reading

• How was a MikroTik router hack used to hijack traffic?

  Qihoo 360 Netlab researchers found that TZSP traffic was being redirected from vulnerable routers. Learn what this type of traffic is and how this attack is possible.  Continue Reading

• How was a black box attack used to exploit ATM vulnerabilities?

  Researchers from Positive Technologies found flaws affecting NCR ATMs. Discover how these ATM vulnerabilities work and how a patch can mitigate this attack.  Continue Reading

• How were attackers able to bypass 2FA in a Reddit breach?

  Reddit announced a breach after users were socially engineered and attackers bypassed 2FA protocols. Discover how this attack was possible and how sites can avoid falling victim.  Continue Reading

• How container security tools affect overall system security

  Container security continues to be a pressing issue as containers and hosts are being used more frequently. Learn how to keep your enterprise safe with Matt Pascucci.  Continue Reading

• Can a D-Link router vulnerability threaten bank customers?

  A D-Link router vulnerability was used to send banking users to a fake site in order to steal their information. Learn more about this vulnerability with expert Judith Myerson.  Continue Reading