Ask the Experts

Ask the Experts

• How should security teams handle the Onliner spambot leak?

  A security researcher recently discovered a list of 711 million records used by the Onliner spambot. Expert Matt Pascucci explains what actions exposed individuals should take.  Continue Reading

• Monitoring employee communications: What do EU privacy laws say?

  The European Court of Human Rights recently placed strict regulations on monitoring employee communications. Matt Pascucci compares EU privacy laws to the U.S.'s standards.  Continue Reading

• EternalRocks malware: What exploits are in it?

  When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and explains what's lurking inside.  Continue Reading

• Google Docs phishing attack: How does it work?

  A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend against such an attack.  Continue Reading

• What's the best career path to get CISSP certified?

  The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP certified.  Continue Reading

• How did a Windows Defender antivirus bug enable remote exploits?

  A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it happened, and what to do about it.  Continue Reading

• Samsung S8 iris scanner: How was it bypassed?

  Hackers bypassed the Samsung S8 iris scanner, which could spell trouble for biometric authentication. Expert Nick Lewis explains how it happened and how to stay protected.  Continue Reading

• HP keylogger: How did it get there and how can it be removed?

  A keylogging flaw found its way into dozens of Hewlett Packard laptops. Nick Lewis explains how the HP keylogger works and what can be done about it.  Continue Reading

• What knowledge factors qualify for true two-factor authentication?

  Can two-factor authentication be applied to a mobile device that's used as a 2FA factor? Michael Cobb explores the different knowledge factors and uses for mobile devices.  Continue Reading

• Running a private certificate authority: What are the risks?

  Running a private certificate authority can pose significant risks and challenges to meet baseline requirements. Michael Cobb explores what enterprises should know.  Continue Reading

• How can Android app permissions be exploited by attackers?

  A recently discovered Android app permissions flaw can expose users to attacks. Michael Cobb explains what the risks are and how Android O security will help users.  Continue Reading

• How did an ImageMagick vulnerability endanger Yahoo servers?

  An ImageMagick vulnerability known as Yahoobleed could give hackers access to Yahoo servers. Expert Michael Cobb explains the flaw and how Yahoo handled the situation.  Continue Reading

• Telerik web UI: Can the cryptographic weakness be mitigated?

  A cryptographic weakness was discovered in the Telerik web UI. Expert Judith Myerson alerts readers about this weakness and the alternative options for companies to explore.  Continue Reading

• How does Google Play Protect aim to improve Android security?

  Google's new security platform, Google Play Protect, looks to decrease Android app security threats through machine learning. Michael Cobb explains how the new platform works.  Continue Reading

• How can hackers use subtitle files to control endpoint devices?

  New media player vulnerabilities have been exposed that enable hackers to use subtitle files to control devices. Expert Judith Myerson explains how this happens.  Continue Reading