Ask the Experts

Ask the Experts

• How do SDKs for ad networks cause data leaks?

  SDKs made user data susceptible to security vulnerabilities in mobile apps. Expert Michael Cobb explains how this security vulnerability put user data at risk.  Continue Reading

• What does the expansion of MANRS mean for BGP security?

  The Internet Society expanded MANRS to crack down on BGP security. Expert Michael Cobb explains what MANRS is and its implications for BGP server security.  Continue Reading

• Microsoft's NTFS flaw: What are the potential consequences?

  A security researcher exposed an NTFS flaw that Microsoft deliberately hasn't patched. Expert Michael Cobb explains how the bug works and why it isn't being treated as severe.  Continue Reading

• Powerhammering: Can a power cable be used in air-gapped attacks?

  Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power cables.  Continue Reading

• How does SirenJack put emergency warning systems at risk?

  Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. Judith Myerson explains how it works.  Continue Reading

• How is Apple iOS 11 affected by a QR code vulnerability?

  A QR code vulnerability was recently discovered in the Apple iOS 11 camera app. Learn how an attacker could exploit it and how to avoid the issue with Judith Myerson.  Continue Reading

• Bouncy Castle keystore: How are files vulnerable to brute force?

  BKS files are being exposed to hash collisions, enabling hackers to use brute force attacks against C# and Java applications. Learn how this occurs and possible solutions with Judith Myerson.  Continue Reading

• How did a Navarino Infinity flaw expose unauthenticated scripts?

  Navarino Infinity, a satellite communication system, found and fixed a flaw that exposed an unauthenticated script. Discover what threats this flaw enabled with Judith Myerson.  Continue Reading

• Trojan.AndroidOS.Loapi: What is this jack-of-all-trades malware?

  Kaspersky researchers found a new Android malware that can physically harm phones. Learn how this works and the steps to mitigate the attack with expert Nick Lewis.  Continue Reading

• Zealot campaign: How is the Apache Struts vulnerability used?

  The Zealot campaign discovered by F5 Networks uses the same Apache Struts vulnerability exploited in the Equifax breach. Learn how else it performs cryptomining with Nick Lewis.  Continue Reading

• Digimine bot: How does social media influence cryptojacking?

  Facebook Messenger is being used to reach more victims with a cryptojacking bot that Trend Micro researchers named Digimine. Learn how this bot works with expert Nick Lewis.  Continue Reading

• Spider ransomware: How do ransomware attacks differ?

  Spider ransomware has been found spreading malicious files via a phishing campaign that gives victims a 96-hour deadline. Learn how this attack is similar to past attacks with Nick Lewis.  Continue Reading

• Android vulnerability: How can users mitigate Janus malware?

  The Janus vulnerability was found injecting malicious code into reputable Android apps. Once injected, users' endpoints become infected. Learn how to prevent this with expert Nick Lewis.  Continue Reading

• Drupalgeddon 2.0: Why is this vulnerability highly critical?

  A recently discovered Drupal vulnerability in its open source CMS allowed attackers to control websites. Learn how almost one million sites were affected with Michael Cobb.  Continue Reading

• How can cryptojacking attacks in Chrome be stopped?

  Google instituted an aggressive ban on all cryptomining extensions for Chrome after cryptojacking attacks started to become more common. Learn how the ban works with Michael Cobb.  Continue Reading