Ask the Experts

Ask the Experts

• What are the challenges of migrating to HTTPS from HTTP?

  Migrating to HTTPS from HTTP is a good idea for security, but the process can be a challenge. Expert Matthew Pascucci explains how to make it easier for enterprises.  Continue Reading

• How did Webroot's antivirus signature update create false positives?

  A Webroot antivirus signature update flagged Windows and Windows applications as dangerous. Expert Matthew Pascucci explains how it happened and what Webroot did about it.  Continue Reading

• How does the Antbleed backdoor vulnerability work?

  Antbleed, a backdoor vulnerability, was discovered in bitcoin mining equipment. Expert Matthew Pascucci explains how the Bitmain flaw works and how it can be prevented.  Continue Reading

• Fruitfly Mac malware: How does its decades-old code work?

  The Fruitfly Mac malware has decades-old code, but has been conducting surveillance attacks for over two years without detection. Expert Nick Lewis explains how it works.  Continue Reading

• How can users identify phishing techniques and fraudulent websites?

  A Gmail phishing attack brought users to fake login pages designed to look like Google's. Expert Nick Lewis explains how users can prevent similar phishing attacks.  Continue Reading

• What are HummingWhale malware's new ad fraud features?

  A HummingBad malware variant, HummingWhale, was discovered being spread through 20 apps on the Google Play Store. Expert Nick Lewis explains the malware's new features.  Continue Reading

• Heartbleed vulnerability: Why does it persist on so many services?

  The Heartbleed flaw still impacts almost 200,000 services connected to the internet. Expert Nick Lewis explains why these services remain unpatched and vulnerable.  Continue Reading

• How did thousands of MongoDB databases get hijacked?

  Thousands of MongoDB configurations were hijacked due to poor authentication practices. Expert Nick Lewis explains how organizations can properly configure their implementations.  Continue Reading

• Why do HTTPS interception tools weaken TLS security?

  HTTPS interception tools help protect websites, but they can also hurt TLS security. Expert Judith Myerson explains how this works and what enterprises can do about it.  Continue Reading

• How do Linksys router vulnerabilities expose user data?

  Router vulnerabilities in over 20 Linksys models expose user data to attackers. Expert Judith Myerson explains how the flaws work and how to protect against them.  Continue Reading

• How can DevOps application lifecycle management protect digital keys?

  Better DevOps application lifecycle management can help protect cryptographic and digital keys. Expert Judith Myerson explains the right approaches to secure DevOps.  Continue Reading

• How can Bosch's diagnostic dongle be leveraged by hackers?

  Hacks on a car's diagnostic dongle can completely take over the vehicle and even shut off the engine. Expert Judith Myerson explains how this works and how to prevent it from happening.  Continue Reading

• How do attackers use Microsoft Application Verifier for hijacking?

  Attackers found a way to use Microsoft Application Verifier to hijack security products, like antivirus tools. Expert Judith Myerson explains how it's done and what to do to stop it.  Continue Reading

• How can a NULL pointer dereference flaw create a DoS attack?

  A flaw in the open source graphics library libpng enabling denial-of-service attacks was discovered. Expert Michael Cobb explains how the vulnerability works.  Continue Reading

• The Apple Notify flaw: How does it allow malicious script injection?

  Flaws in the Apple Notify function and iTunes can enable attackers to inject malicious script into the application side. Expert Michael Cobb explains how these vulnerabilities work.  Continue Reading