Ask the Experts

Ask the Experts

Data security breaches

• How does the Terror exploit kit spread through malicious ads

  Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with expert Nick Lewis.  Continue Reading

• SSH private keys: How do threat actors find exposed keys?

  Cybersecurity vendor Wordfence reported a rise in scans for SSH private keys that are often accidentally exposed to the public. Learn how to stay protected with Nick Lewis.  Continue Reading

• Zyklon malware: What Microsoft Office flaws does it exploit?

  Zyklon malware targets three previously patched Microsoft Office vulnerabilities. Learn how attackers can access passwords and cryptocurrency wallet data with expert Judith Myerson.  Continue Reading

• How can a Moxa MXview vulnerability be exploited by hackers?

  A vulnerability was found in Moxa MXview -- a software used to visualize network devices and physical connections. Learn how this vulnerability can enable privilege escalation.  Continue Reading

• Uber breach: How did a private GitHub repository fail Uber?

  The recent Uber breach calls into question the use of code repositories. Expert Matt Pascucci explains how the breach of GitHub and Amazon Web Services occurred.  Continue Reading

• Ransomware recovery methods: What does the NIST suggest?

  Knowing what ransomware recovery methods are available is important as the threat continues to grow. Expert Judith Myerson outlines what the NIST recommends for enterprises.  Continue Reading

• How did sensitive data from file-sharing website Docs.com get leaked?

  Many users of the file-sharing website Docs.com were unaware that the sensitive data they uploaded was searchable. Expert Michael Cobb explains how this data leak happened.  Continue Reading

• ASLR side-channel attack: How is JavaScript used to bypass protection?

  Researchers have developed an ASLR Cache side-channel attack that enables them to eliminate ASLR protections. Expert Nick Lewis explains how JavaScript code is used in the attack.  Continue Reading

• How are forged cookies used in attacks on online user accounts?

  Yahoo claimed a vulnerability in its email service enabled attackers to use forged cookies to gain access to user accounts. Expert Michael Cobb explains what forged cookies are and how they are used in attacks  Continue Reading

• How did thousands of MongoDB databases get hijacked?

  Thousands of MongoDB configurations were hijacked due to poor authentication practices. Expert Nick Lewis explains how organizations can properly configure their implementations.  Continue Reading

• What is the impact of the Siemens SCADA vulnerability?

  Certain Siemens SCADA products were found to be vulnerable to local privilege escalation. Expert Nick Lewis explains how the SCADA vulnerability works and how to protect your systems.  Continue Reading

• Insecure OAuth implementations: How are mobile app users at risk?

  Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can implement OAuth securely.  Continue Reading

• What caused the ClixSense privacy breach that exposed user data?

  A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held accountable for their security practices.  Continue Reading

• How do facial recognition systems get bypassed by attackers?

  Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what can be done to prevent them.  Continue Reading

• Should one cybersecurity mistake mean the end of a CEO's career?

  In one case, a tenured CEO made one cybersecurity mistake and was fired. Expert Mike O. Villegas discusses whether this sets a precedence for enterprises going forward.  Continue Reading