Ask the Experts

Ask the Experts

• How do I stop the screaming channel wireless threat?

  A screaming channel attack is a new wireless threat making networks -- particularly those with IoT components -- vulnerable. Are there any safeguards to prevent these attacks?  Continue Reading

• Why do DDoS attack patterns rise in the autumn?

  DDoS attack patterns indicate a sharp escalation in the fall. Why does that occur and what can be done to guard against these attacks?  Continue Reading

• Should I worry about the Constrained Application Protocol?

  The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack.  Continue Reading

• How can I protect my self-encrypting drives?

  Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on vulnerable solid-state drives?  Continue Reading

• How does a WordPress SEO malware injection work and how can enterprises prevent it?

  Security expert Nick Lewis explains how to prevent WordPress SEO malware injection attacks that rank the attacker's search engine results higher than legitimate webpages.  Continue Reading

• Is a Mirai botnet variant targeting unpatched enterprises?

  New variants of popular botnets were found targeting IoT devices by Palo Alto Networks' Unit 42. Discover how these variants differ from their sources and what new risks they pose.  Continue Reading

• Why is the N-gram content search key for threat detection?

  Detected malware can now efficiently be tracked due to VirusTotal's enterprise version of its software. Discover what N-gram is and how it can be used with Nick Lewis.  Continue Reading

• What new technique does the Osiris banking Trojan use?

  A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it poses with Nick Lewis.  Continue Reading

• How did Signal Desktop expose plaintext passwords?

  The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords were put at risk.  Continue Reading

• How does the iPhone phishing scam work?

  An iPhone phishing scam leads users to believe malicious incoming calls are from Apple Support. How can enterprises protect their employee against this threat?  Continue Reading

• Should I use GitHub's new private repositories?

  Is GitHub's new private repositories service robust enough to serve the needs of enterprises? Nick Lewis examines what works -- and what doesn't.  Continue Reading

• How do I stop the Vidar malvertising attack?

  The Vidar malvertising attack was part of a two-pronged intrusion that included the installation of ransomware in endpoints. How can enterprises protect themselves?  Continue Reading

• How do trusted app stores release and disclose patches?

  A flaw was found in the Android installer for Fortnite and was patched within 24 hours. Learn how such a quick turnaround affects mobile app security with expert Nick Lewis.  Continue Reading

• How can credential stuffing attacks be detected?

  Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively manage the threat.  Continue Reading

• How did the Dirty COW exploit get shipped in software?

  An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what this vulnerability can do.  Continue Reading