Ask the Experts

Ask the Experts

Web security tools and best practices

• How does a WDC vulnerability put hardcoded passwords at risk?

  Several vulnerabilities were found in Western Digital's My Cloud, including one that affects the default hardcoded password. Learn how to avoid such risks with expert Nick Lewis.  Continue Reading

• How can a 13-year-old configuration flaw affect SAP systems?

  Cybersecurity vendor Onapsis found a 13-year-old flaw that affects nine out of 10 SAP NetWeaver systems. Learn how the flaw affects SAP systems with expert Judith Myerson.  Continue Reading

• What is missing from the NIST/DHS botnet security report?

  The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis.  Continue Reading

• How did a Navarino Infinity flaw expose unauthenticated scripts?

  Navarino Infinity, a satellite communication system, found and fixed a flaw that exposed an unauthenticated script. Discover what threats this flaw enabled with Judith Myerson.  Continue Reading

• How can cryptojacking attacks in Chrome be stopped?

  Google instituted an aggressive ban on all cryptomining extensions for Chrome after cryptojacking attacks started to become more common. Learn how the ban works with Michael Cobb.  Continue Reading

• How did an old, unpatched Firefox bug expose master passwords?

  A Firefox bug went undetected for nine years. Expert Michael Cobb explains how it enabled attackers to access the browser's master password and what's being done to mitigate it.  Continue Reading

• Microsoft CredSSP: How was it exploited by CVE-2018-0886?

  The CVE-2018-0886 vulnerability found within Microsoft's CredSSP was recently patched. Discover what this vulnerability is and how it affects the CredSSP protocol with Judith Myerson.  Continue Reading

• How can a text editor plug-in enable privilege escalation?

  Developers use text editors to enhance efficiency in the workplace even though they require vulnerable third-party plug-ins. Discover these vulnerabilities with Judith Myerson.  Continue Reading

• How are air-gapped computers put at risk by the Mosquito attack?

  Researchers recently discovered Mosquito -- an air-gapped attack that bites computers to put air-gapped networks at risk. Discover the logistics of this technique with Judith Myerson.  Continue Reading

• How did the Panera Bread website expose customers?

  Panera Bread website users were put at risk after a security researcher discovered a vulnerability relating to a lack of authentication for their publicly available API endpoint.  Continue Reading

• How can domain generation algorithms be used to bypass ad blockers?

  An ad network used domain generation algorithms to bypass ad blockers and launch cryptomining malware. Expert Michael Cobb explains how and the best way to prevent these attacks.  Continue Reading

• What risks do untrusted certificates pose to enterprises?

  Researchers found that untrusted certificates are still used on many major websites. Expert Michael Cobb discusses the security risks of sticking with these certificates.  Continue Reading

• How did an Electron framework flaw put Slack at risk?

  An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it.  Continue Reading

• How can a Moxa MXview vulnerability be exploited by hackers?

  A vulnerability was found in Moxa MXview -- a software used to visualize network devices and physical connections. Learn how this vulnerability can enable privilege escalation.  Continue Reading

• Internet Explorer bug: How does it expose address bar info?

  A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL tracking with Nick Lewis.  Continue Reading