Ask the Experts

Ask the Experts

• How does a DDE attack exploit Microsoft Word functionality?

  The SANS Internet Storm Center discovered a DDE attack spreading Locky ransomware through Microsoft Word. Learn what a DDE attack is and how to mitigate it with expert Nick Lewis.  Continue Reading

• How does the KRACK vulnerability use encryption keys?

  The KRACK vulnerability was found in the WPA2 protocol for wireless networks and it enables attackers to crack encrypted connections. Learn how it works from Nick Lewis.  Continue Reading

• Bad Rabbit ransomware: How does it compare to other variants?

  Bad Rabbit ransomware mimics other recent ransomware variants, such as NotPetya. Discover the similarities and differences between the two with expert Nick Lewis.  Continue Reading

• How will the new WPA3 protocol strengthen password security?

  The development of WPA3 helps advance Wi-Fi protocol, as the next generation of Wi-Fi-enabled devices begins to demand more. Expert Michael Cobb explains how it differs from WPA2.  Continue Reading

• IoT botnets: How are new Mirai variants impacting systems?

  An increase of IoT botnets has been seen since the Mirai malware source code was leaked. Learn how the new variants pose to be a serious threat to IoT devices with Michael Cobb.  Continue Reading

• How were Android Pixel vulnerabilities exploited?

  Android Pixel vulnerabilities could open the smartphone up to attack. Expert Michael Cobb explains the vulnerabilities and how to defend against them.  Continue Reading

• How did an Electron framework flaw put Slack at risk?

  An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it.  Continue Reading

• What is included in the mPOS security standard from PCI SSC?

  The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.  Continue Reading

• Self-sovereign identity: How will regulations affect it?

  Will laws like GDPR and PSD2 force enterprises to change their identity management strategies? Expert Bianca Lopes talks regulations, self-sovereign identity and blockchain.  Continue Reading

• Will biometric authentication systems replace passwords?

  Biometric authentication systems have gained traction on mobile devices, but when will they become dominant within the enterprise? Expert Bianca Lopes weighs in on the topic.  Continue Reading

• Secure code review tips: How many review rounds are needed?

  Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices.  Continue Reading

• Do CISOs need computer science degrees?

  Equifax's CISO came under fire for having a music degree. David Shearer, CEO of (ISC)2, discusses what type of education infosec professionals should have.  Continue Reading

• What VPN alternatives should enterprises consider using?

  VPN vulnerabilities in products from popular vendors were recently found to enable serious threats. Discover how detrimental these threats are and best alternatives to the use of VPNs.  Continue Reading

• How are logic devices like WAGO PFC200 used by hackers?

  The Department of Homeland Security warned of a vulnerability affecting WAGO PFC200 logic devices. Discover how this flaw enables threat actors with expert Judith Myerson.  Continue Reading

• Zyklon malware: What Microsoft Office flaws does it exploit?

  Zyklon malware targets three previously patched Microsoft Office vulnerabilities. Learn how attackers can access passwords and cryptocurrency wallet data with expert Judith Myerson.  Continue Reading