Ask the Experts

Ask the Experts

• How can Windows digital signature check be defeated?

  A security researcher discovered that editing two registry keys can alter a Windows digital signature check. Matt Pascucci explains what that means for digital signatures.  Continue Reading

• iOS updates: Why are some Apple products behind on updates?

  A study by Zimperium found that more than 23% of iOS devices aren't running the latest software. Matt Pascucci explains how this is possible, even though Apple controls iOS updates.  Continue Reading

• PGP keys: Can accidental exposures be mitigated?

  The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys.  Continue Reading

• How does the GhostHook attack bypass Microsoft PatchGuard?

  A technique known as the GhostHook attack can get around PatchGuard, but Microsoft hasn't patched the flaw. Expert Michael Cobb explains why, as well as how the attack works.  Continue Reading

• How can Intel AMT be used to bypass the Windows firewall?

  Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains how it works.  Continue Reading

• How do source code reviews of security products work?

  Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains what to know about these reviews.  Continue Reading

• How can attacks like the Cherry Blossom project be prevented?

  With the WikiLeaks Cherry Blossom project, attackers can potentially inject malicious firmware into wireless routers. Expert Michael Cobb explains how to stop it from happening.  Continue Reading

• How does the Stack Clash vulnerability target Unix-based OSes?

  A privilege escalation vulnerability known as Stack Clash affects Unix-based OSes. Expert Michael Cobb explains the flaw and how to protect systems from being exploited.  Continue Reading

• Ransomware recovery methods: What does the NIST suggest?

  Knowing what ransomware recovery methods are available is important as the threat continues to grow. Expert Judith Myerson outlines what the NIST recommends for enterprises.  Continue Reading

• What QNAP vulnerabilities affect NAS storage device security?

  QNAP vulnerabilities in NAS enabled attackers to control devices. Expert Judith Myerson explains each of the QNAP NAS vulnerabilities and their fixes.  Continue Reading

• How did a Rufus software vulnerability put enterprises at risk?

  A vulnerability in Rufus software put some enterprise systems at risk. Expert Judith Myerson explains the flaw and the available fixes for organizations.  Continue Reading

• HTTP Strict Transport Security: What are the security benefits?

  Google's use of HTTP Strict Transport Security aims to improve web browsing security. Expert Judith Myerson explains how HSTS can make the internet more secure.  Continue Reading

• VMware AppDefense: How will it address endpoint security?

  VMware announced AppDefense, its latest effort to help improve endpoint security. Matt Pascucci explains how AppDefense addresses applications in vSphere environments.  Continue Reading

• Killer discovery: What does a new Intel kill switch mean for users?

  Cybersecurity company Positive Technologies recently discovered an Intel kill switch in the vendor's Management Engine. Learn more about this kill switch with expert Matt Pascucci.  Continue Reading

• WireX botnet: How did it use infected Android apps?

  To avoid a mobile device catastrophe, several large tech organizations came together to stop the WireX botnet. Learn how this Android botnet with 300 infected apps was stopped.  Continue Reading