Ask the Experts

Ask the Experts

• How does UBoatRAT use Google services and GitHub to spread?

  A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can protect enterprises with Nick Lewis.  Continue Reading

• Golden SAML: How can it abuse SAML authentication protocol?

  CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about the attack with Nick Lewis.  Continue Reading

• Scarab ransomware: How do botnets alter ransomware threats?

  The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect data with Nick Lewis.  Continue Reading

• Fake WhatsApp app: How can counterfeit apps be avoided?

  After a fake WhatsApp app was discovered in the Google Play Store, users are questioning what can be done to avoid counterfeit apps. Learn several techniques with Nick Lewis.  Continue Reading

• AVGater vulnerability: How are antivirus products impacted?

  A security researcher recently discovered a new vulnerability -- the AVGater vulnerability -- that puts antivirus products at risk. Discover how this vulnerability works with Nick Lewis.  Continue Reading

• How can domain generation algorithms be used to bypass ad blockers?

  An ad network used domain generation algorithms to bypass ad blockers and launch cryptomining malware. Expert Michael Cobb explains how and the best way to prevent these attacks.  Continue Reading

• How does a SAML vulnerability affect single sign-on systems?

  Researchers at Duo Security discovered a SAML vulnerability that enabled attackers to dupe single sign-on systems. Expert Michael Cobb explains how the exploit works.  Continue Reading

• How did cryptomining malware exploit a Telegram vulnerability?

  Hackers were able to exploit a Telegram vulnerability to launch cryptomining malware. Expert Michael Cobb explains how they were able to do so and how to prevent similar attacks.  Continue Reading

• What risks do untrusted certificates pose to enterprises?

  Researchers found that untrusted certificates are still used on many major websites. Expert Michael Cobb discusses the security risks of sticking with these certificates.  Continue Reading

• How bad is the iBoot source code leak for Apple security?

  The iBoot source code on Apple devices was leaked to the public on GitHub. Expert Michael Cobb explains how it happened and what the implications are for iOS security.  Continue Reading

• How do BGP flaws affect Quagga routing software?

  Multiple Border Gateway Protocol vulnerabilities were found impacting security in the Quagga routing software. Expert Judith Myerson explains how these flaws impact systems.  Continue Reading

• How has a Broadcom flaw affected the Lenovo ThinkPad?

  A previously disclosed flaw found in Broadcom's Wi-Fi controller chips is now believed to affect the Lenovo ThinkPad. Learn how this vulnerability works with expert Judith Myerson.  Continue Reading

• How are Linear eMerge E3 systems vulnerable to attacks?

  ICS-CERT issued a warning about a new vulnerability in Nortek Linear eMerge E3 products. Discover what this vulnerability is and how it affects access control for enterprises.  Continue Reading

• How was a Cisco firewall vulnerability exploited by threat actors?

  Threat actors exploited a critical Cisco firewall vulnerability that received a CVSS score of 10. Discover how this flaw works and how it was exploited with Judith Myerson.  Continue Reading

• How did Strava's Global Heatmap disclose sensitive U.S. info?

  Fitness tracking app Strava released its Global Heatmap that unknowingly disclosed routes of U.S. soldiers. Discover how this happened and how geolocation data can be blocked.  Continue Reading