Ask the Experts

Ask the Experts

• How does Gooligan malware compromise Google accounts?

  Android apps infected with Gooligan malware enable attackers to compromise the security of Google accounts. Expert Nick Lewis explains how users can protect themselves.  Continue Reading

• How does the Stegano exploit kit use malvertising to spread?

  A malvertising campaign by the AdGholas group has been found spreading the Stegano exploit kit. Expert Nick Lewis explains how web advertisements are used in this attack.  Continue Reading

• How does Rakos malware attack embedded Linux systems?

  Rakos malware is attempting to build a botnet by attacking embedded Linux systems. Expert Nick Lewis explains how enterprises can prevent attacks on their systems.  Continue Reading

• Switcher Android Trojan: How does it attack wireless routers?

  The Switcher Trojan spreads to Android devices through the wireless router to which they are connected. Expert Nick Lewis explains how this attack is carried out.  Continue Reading

• Can BGP anycast addressing be used for DDoS attacks?

  The BGP anycast addressing technique could potentially be used for malicious purposes. Expert Judith Myerson explains how this might work and what types of attacks to look out for.  Continue Reading

• What is the SS7 protocol and what are its security implications?

  The SS7 protocol has been a source of controversy lately because of its security vulnerabilities. Expert Judith Myerson explains what the protocol is and what its issues are.  Continue Reading

• How can a smart TV security vulnerability be mitigated?

  A smart TV security vulnerability could potentially be exploited to steal the owner's data. Expert Judith Myerson explains how this works and offers tips on how to protect yourself.  Continue Reading

• How is session hijacking possible without passwords?

  Local Windows admins can perform session hijacking without passwords. Expert Judith Myerson explains how this type of attack works and what to include in a policy to prevent it.  Continue Reading

• What is NIST's guidance on lightweight cryptography?

  NIST released a report on lightweight cryptography. Expert Judith Myerson reviews what the report covers and what NIST recommends for standardization.  Continue Reading

• How did a Slack vulnerability expose user authentication tokens?

  A Slack vulnerability exposed user authentication tokens and enabled hackers to access private data. Expert Matthew Pascucci explains how and why this hack was successful.  Continue Reading

• Should the Vulnerabilities Equities Process be codified into law?

  The Vulnerabilities Equities Process is a controversial subject. Expert Matthew Pascucci looks at the arguments for and against codifying it into law.  Continue Reading

• Are separate administrator accounts a good idea for enterprises?

  Separate administrator accounts are becoming a normal part of access policies in enterprises. Expert Matthew Pascucci explains why this is a good idea and how to implement it.  Continue Reading

• How should companies prepare for EU GDPR compliance?

  Companies that don't meet GDPR compliance standards by May 2018 will be fined. Expert Matthew Pascucci looks at how Microsoft is preparing, and what other companies should do to comply with GDPR.  Continue Reading

• How effective is geofencing technology as a security method?

  Geofencing technology is increasingly being used as a security tactic, such as to control access to servers with DNS settings. Expert Michael Cobb explains how it works.  Continue Reading

• Why did the PHPMailer library vulnerability have to be patched twice?

  After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the critical vulnerability works.  Continue Reading