Ask the Experts

Ask the Experts

• How can attackers turn Instagram into C&C infrastructure?

  An Instagram application can be turned into C&C infrastructure with the help of image steganography malware attacks. Expert Nick Lewis explains how this works.  Continue Reading

• Pork Explosion Android flaw: How is it used to create a backdoor?

  The Pork Explosion vulnerability present in some Foxconn-created app bootloaders can be used to create an Android backdoor. Expert Nick Lewis explains how the flaw works.  Continue Reading

• Can CISOs facilitate peace between privacy and information security?

  Privacy and information security can often be at odds with each other in enterprises. Expert Mike O. Villegas explains how C-levels can help to get the two to work in harmony.  Continue Reading

• How can CISOs strengthen communications with cybersecurity staff?

  Effective CISO communications are key to fostering a healthy relationship with the cybersecurity staff. Expert Mike O. Villegas reviews some ways to build that relationship.  Continue Reading

• What effect does a federal CISO have on government cybersecurity?

  The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture.  Continue Reading

• What are some best practices for reporting ransomware attacks?

  Enterprises are advised to start reporting ransomware attacks, but are there risks? Expert Mike O. Villegas discusses whether organizations are obligated to report attacks.  Continue Reading

• Attack by TIFF images: What are the vulnerabilities in LibTIFF?

  Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how these vulnerabilities work.  Continue Reading

• CJIS Security Policy: How can companies ensure FIPS compliance?

  Companies and government agencies handling criminal justice information need to comply with CJIS Security Policy. Expert Michael Cobb explains the cryptographic modules to use.  Continue Reading

• How can attacks bypass ASLR protection on Intel chips?

  An Intel chip flaw lets attackers bypass ASLR protection on most operating systems. Expert Michael Cobb explains the vulnerability and how to prevent attacks.  Continue Reading

• How can the Dirty COW vulnerability be used to attack Android devices?

  A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack.  Continue Reading

• SHA-1 certificates: How will Mozilla's deprecation affect enterprises?

  Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do.  Continue Reading

• What's the best corporate email security policy for erroneous emails?

  If an employee receives invalidated emails, should the corporate email security policy handle it? Expert Matthew Pascucci discusses the rights of the enterprise.  Continue Reading

• What should enterprises know about how a stored XSS exploit works?

  A stored XSS exploit can be damaging to enterprises that aren't fully protected. Expert Matthew Pascucci explains what stored XSS attacks are and how to defend against them.  Continue Reading

• What basic steps can improve network device security in enterprises?

  Network device security is a big problem for enterprises, but there are some basic steps they can take to improve it. Expert Matthew Pascucci outlines the process.  Continue Reading

• How can enterprises leverage Google's Project Wycheproof?

  Google's Project Wycheproof tests crypto libraries for known vulnerabilities, but there are potential drawbacks to this tool. Expert Matthew Pascucci explains them.  Continue Reading