Ask the Experts

Ask the Experts

• How can a BGP vulnerability in Cisco products be fixed?

  A BGP vulnerability in some Cisco products enabled denial-of-service attacks. Expert Judith Myerson explains the vulnerability and how Cisco fixed the problem.  Continue Reading

• Unknown apps: How does Android Oreo control installation?

  Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver explains what this change means.  Continue Reading

• Vulnerability scans: How effective are they for web apps?

  Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can be missed by security teams.  Continue Reading

• Android bootloader: How does it work and what is the risk?

  Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk these vulnerabilities present.  Continue Reading

• How should undocumented features in software be addressed?

  Kaspersky Lab recently discovered an undocumented feature in Microsoft Word. Expert Kevin Beaver explains the risks and what to do if you come across one of these software flaws.  Continue Reading

• Broadpwn flaw: How does the new iOS exploit compare?

  An iOS exploit similar to the Broadpwn flaw was recently developed by a researcher at Google's Project Zero. Expert Kevin Beaver explains what the exploit is and how it works.  Continue Reading

• Can a decentralized open source community properly address security?

  SearchSecurity talks with UC Berkeley Professor Steven Weber about the open source community, the security challenges facing it and the prospect of software liability.  Continue Reading

• What is emotional data and what are the related privacy risks?

  SearchSecurity talks with UC Berkeley professor Steven Weber about the concept of emotional data, where it comes from and how it can potentially be used -- and abused.  Continue Reading

• Brutal Kangaroo: How does it hop to air-gapped computers?

  The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is possible with expert Nick Lewis.  Continue Reading

• Antimalware software: How can Windows 10 disable it?

  Kaspersky Lab recently accused Windows 10 of acting as an antivirus block to third-party antimalware software. Discover how your software is being blocked and how this can be fixed.  Continue Reading

• QakBot malware: How did it trigger Microsoft AD lockouts?

  QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks are being carried out.  Continue Reading

• OneLogin data breach: What does the attack mean for SSOs?

  A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies.  Continue Reading

• Zusy malware: Are your PowerPoint files at risk?

  Several spam campaigns were discovered after a malicious PowerPoint file was exposed. Learn how Zusy malware is delivered upon hovering over hypertext and how files can be saved.  Continue Reading

• How can a vulnerability in Ruggedcom switches be mitigated?

  Vulnerabilities in Ruggedcom switches could open the industrial switches and other communication devices up to attacks. Expert Judith Myerson explains how to mitigate the risks.  Continue Reading

• Which 4G vulnerabilities should BYOD users be aware of?

  Enterprises should consider pressing 4G vulnerabilities when developing a BYOD strategy for their employees. Expert Judith Myerson explains the flaws and what to do about them.  Continue Reading