Ask the Experts

Ask the Experts

• Can the STIX security framework improve threat intelligence sharing?

  Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.  Continue Reading

• New WordPress malware: What to do about WP-Base-SEO

  A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to avoid it.  Continue Reading

• How can a DDoS reflection attack abuse CLDAP?

  A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against this new threat.  Continue Reading

• PINLogger: How does this exploit steal PINs?

  The proof-of-concept PINLogger attack exploits mobile device sensors to steal PINs. Nick Lewis explains how the attack works and offers advice on how to stop it.  Continue Reading

• Hajime IoT worm: Is it pure malware or vigilante malware?

  The Hajime IoT worm aims to help users tighten up security, whether they want to or not, but it's probably not a good security strategy. Expert Nick Lewis explains the risks.  Continue Reading

• How does a Magento Community Edition flaw allow remote attacks?

  As the Magento Community Edition suffers a new zero-day vulnerability, expert Nick Lewis explains how it's being exploited and how to mitigate the cross-site request forgery flaw.  Continue Reading

• Application containers: What are the major risks?

  NIST recently issued guidance on mitigating the security risks of application containers. Expert Judith Myerson outlines some of the risks and fixes highlighted in the guide.  Continue Reading

• How does BrickerBot threaten enterprise IoT devices?

  BrickerBot is similar to other IoT malware like Mirai, Hajime and others. Expert Judith Myerson explains what makes BrickerBot different, and what can be done to defend against it.  Continue Reading

• How can the Jenkins vulnerabilities in plug-ins be mitigated?

  A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should mitigate them.  Continue Reading

• How will IEEE 802.11ax prevent IoT security vulnerabilities?

  Router security vulnerabilities become a bigger problem as IoT devices become more widely used. The IEEE 802.11ax protocol could help, as expert Judith Myerson explains.  Continue Reading

• Are long URLs better for security than short URLs?

  Shortened URLs are weak on security and easy for attackers to inject with malware. Expert Judith Myerson discusses how long URLs are more secure, despite the inconvenience.  Continue Reading

• What risk do Windows 10 telemetry features pose enterprises?

  Microsoft collects data using Windows 10 telemetry features. Expert Michael Cobb explains what type of data is collected, and whether enterprises need to be worried about it.  Continue Reading

• How can users detect dangerous open ports in mobile apps?

  Some malicious apps can hijack smartphones and expose those devices with open ports. Expert Michael Cobb explains how this happens and how users can protect themselves.  Continue Reading

• How can memory corruption attacks threaten smartphones?

  Smartphone users could be at risk of memory corruption attacks because of a baseband vulnerability. Expert Michael Cobb explains the attack and how concerned users should be.  Continue Reading

• How do code-reuse attacks bypass Windows 10 security features?

  Certain Windows 10 security features can be bypassed with code-reuse attacks. Expert Michael Cobb explains how that works and what can be done to prevent it.  Continue Reading