Ask the Experts

Ask the Experts

• How can improper certificate pinning be stopped by the Spinner tool?

  Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the Spinner tool.  Continue Reading

• How does a WPAD attack work and how can it be prevented?

  Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how to bolster WPAD security.  Continue Reading

• How can users deal with app trackers that collect customer data?

  App trackers were found in hundreds of Google Play apps. Expert Michael Cobb explains the threat they pose and how GDPR has the potential to reduce the risk.  Continue Reading

• How does Tizi spyware affect Android apps?

  Android apps affected by Tizi spyware were found in the Google Play Store by Google's Play Protect team. Expert Michael Cobb reviews the threat and how it was fixed.  Continue Reading

• The Keeper browser extension flaw: How can users stay secure?

  The Keeper browser extension had a vulnerability that highlighted security issues with password managers. Expert Michael Cobb looks at how to avoid security flaws in these tools.  Continue Reading

• VMs per host: What are the risks of multiple connections?

  While there are no set rules, there are some security recommendations when it comes to virtual machines running on one host. Learn the best practices with expert Matt Pascucci.  Continue Reading

• Search engine poisoning: How are poisoned results detected?

  Poisoned search results have spread the Zeus Panda banking Trojan throughout Google. Learn what this means, how search engine poisoning works and what can be done to stop it.  Continue Reading

• Fileless malware: What tools can jeopardize your system?

  A report from CrowdStrike highlights the growth of malware-less attacks using certain command-line tools. Learn how to handle these growing attacks with Matt Pascucci.  Continue Reading

• Single sign-on best practices: How can enterprises get SSO right?

  Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good start. Here's how to do it.  Continue Reading

• How hard will the GDPR right to be forgotten be to get right?

  Under GDPR, the right to be forgotten is granted to all EU data subjects. Mimecast's Marc French explains why enterprises will need to be careful about how they manage the process.  Continue Reading

• How to secure bitcoin: What are the best ways to keep it safe?

  As bitcoin's value has steadily increased, so too have cyberattacks on cryptocurrency exchanges and wallets. Michael Cobb explains how to keep your bitcoin secure.  Continue Reading

• Uber breach: How did a private GitHub repository fail Uber?

  The recent Uber breach calls into question the use of code repositories. Expert Matt Pascucci explains how the breach of GitHub and Amazon Web Services occurred.  Continue Reading

• How did OurMine hackers use DNS poisoning to attack WikiLeaks?

  The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from expert Nick Lewis.  Continue Reading

• Typosquatting: How did threat actors access NPM libraries?

  Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it means for users.  Continue Reading

• How are tech support scams using phishing emails?

  Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work with expert Nick Lewis.  Continue Reading