Ask the Experts

Ask the Experts

• Digimine bot: How does social media influence cryptojacking?

  Facebook Messenger is being used to reach more victims with a cryptojacking bot that Trend Micro researchers named Digimine. Learn how this bot works with expert Nick Lewis.  Continue Reading

• Spider ransomware: How do ransomware attacks differ?

  Spider ransomware has been found spreading malicious files via a phishing campaign that gives victims a 96-hour deadline. Learn how this attack is similar to past attacks with Nick Lewis.  Continue Reading

• Android vulnerability: How can users mitigate Janus malware?

  The Janus vulnerability was found injecting malicious code into reputable Android apps. Once injected, users' endpoints become infected. Learn how to prevent this with expert Nick Lewis.  Continue Reading

• Drupalgeddon 2.0: Why is this vulnerability highly critical?

  A recently discovered Drupal vulnerability in its open source CMS allowed attackers to control websites. Learn how almost one million sites were affected with Michael Cobb.  Continue Reading

• How can cryptojacking attacks in Chrome be stopped?

  Google instituted an aggressive ban on all cryptomining extensions for Chrome after cryptojacking attacks started to become more common. Learn how the ban works with Michael Cobb.  Continue Reading

• What are the implications of DNS over HTTPS for privacy?

  With enterprises testing DNS over HTTPS to encrypt domain name traffic, some fear the potential privacy issues. Discover the challenges and benefits of the new protocol.  Continue Reading

• What effect does GDPR have on the WHOIS database?

  With GDPR in effect, ICANN proposed redacting information from the WHOIS database. Expert Michael Cobb discusses what this could mean for the domain database.  Continue Reading

• How did an old, unpatched Firefox bug expose master passwords?

  A Firefox bug went undetected for nine years. Expert Michael Cobb explains how it enabled attackers to access the browser's master password and what's being done to mitigate it.  Continue Reading

• Microsoft CredSSP: How was it exploited by CVE-2018-0886?

  The CVE-2018-0886 vulnerability found within Microsoft's CredSSP was recently patched. Discover what this vulnerability is and how it affects the CredSSP protocol with Judith Myerson.  Continue Reading

• How can a text editor plug-in enable privilege escalation?

  Developers use text editors to enhance efficiency in the workplace even though they require vulnerable third-party plug-ins. Discover these vulnerabilities with Judith Myerson.  Continue Reading

• How are air-gapped computers put at risk by the Mosquito attack?

  Researchers recently discovered Mosquito -- an air-gapped attack that bites computers to put air-gapped networks at risk. Discover the logistics of this technique with Judith Myerson.  Continue Reading

• How can a hardcoded password vulnerability affect Cisco PCP?

  Cisco patched a hardcoded password vulnerability found in their PCP software. Learn how the software works and how attackers can exploit this vulnerability with Judith Myerson.  Continue Reading

• How did the Panera Bread website expose customers?

  Panera Bread website users were put at risk after a security researcher discovered a vulnerability relating to a lack of authentication for their publicly available API endpoint.  Continue Reading

• How does UBoatRAT use Google services and GitHub to spread?

  A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can protect enterprises with Nick Lewis.  Continue Reading

• Golden SAML: How can it abuse SAML authentication protocol?

  CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about the attack with Nick Lewis.  Continue Reading