Ask the Experts

Ask the Experts

• How does Ticketbleed affect session ID security?

  The Ticketbleed bug in some F5 Networks products caused session IDs and uninitialized memory to leak. Expert Judith Myerson explains what a session ID is and how attackers use it.  Continue Reading

• How does USB Killer v3 damage devices through their USB connections?

  USB Killer devices, with the ability to destroy systems via a USB input, are available and inexpensive. Expert Nick Lewis explains how they work and how to defend against this threat.  Continue Reading

• How does Exaspy spyware disguise itself on Android devices?

  Exaspy spyware, which can access messages, video chats and more, was found on Android devices owned by executives. Expert Nick Lewis explains how Exaspy is able to avoid detection.  Continue Reading

• How does Nemucod malware get spread through Facebook Messenger?

  The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available protections against this attack.  Continue Reading

• What is the impact of the Siemens SCADA vulnerability?

  Certain Siemens SCADA products were found to be vulnerable to local privilege escalation. Expert Nick Lewis explains how the SCADA vulnerability works and how to protect your systems.  Continue Reading

• How does the PoisonTap exploit bypass password locks on computers?

  The PoisonTap exploit can bypass password locks on computers, enabling an attacker to remotely control systems. Expert Nick Lewis explains how the attack works.  Continue Reading

• What should be included in a social media security policy?

  A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media policies.  Continue Reading

• What are the possible benefits of a cybersecurity training center?

  A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises? Expert Mike O. Villegas explains.  Continue Reading

• Should a forced password reset be standard after a data breach?

  Yahoo reportedly rejected a forced password reset after numerous data breaches compromised user data. Expert Mike O. Villegas discusses whether this should be a standard practice.  Continue Reading

• Is it worth using outsourced security services instead of in-house?

  Outsourced security services are always an option for enterprises. Expert Mike O. Villegas outlines the pros and cons of using MSSPs instead of in-house security.  Continue Reading

• How have ARM TrustZone flaws affected Android encryption?

  Android encryption on devices using Qualcomm chips can be broken due to two vulnerabilities. Expert Michael Cobb explains how these flaws affect encryption.  Continue Reading

• How serious is a malicious DLL file vulnerability for enterprises?

  A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability and its classification.  Continue Reading

• Insecure OAuth implementations: How are mobile app users at risk?

  Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can implement OAuth securely.  Continue Reading

• How does a WebKit framework flaw enable denial-of-service attacks?

  A vulnerability in Apple's WebKit framework allows attackers to initiate phone calls through mobile apps on victims' devices. Expert Michael Cobb explains how the attack works.  Continue Reading

• How did firmware create an Android backdoor in budget devices?

  An Android backdoor was discovered in the Ragentek firmware used in almost three million low-cost devices. Expert Michael Cobb explains how to prevent attacks on affected devices.  Continue Reading