Ask the Experts

Ask the Experts

• How did a Microsoft Equation Editor flaw put systems at risk?

  A stack buffer overflow vulnerability in Microsoft Equation Editor may have put enterprises at risk of compromise. Expert Judith Myerson explains what went wrong.  Continue Reading

• What are the root causes of the cybersecurity skills shortage?

  SearchSecurity talks with David Shearer, CEO of (ISC)2, about what is -- and isn't -- contributing to the cybersecurity skills shortage in the U.S., as well as how to fix the problem.  Continue Reading

• NotPetya malware: How does it detect security products?

  Bitdefender discovered that the NotPetya malware changes its behavior when Kaspersky security products are detected. Nick Lewis explains how the malware's tricks work.  Continue Reading

• Katyusha Scanner: How does it work via a Telegram account?

  The Katyusha Scanner is based on the open source penetration test scanner Arachni. However, it has been modified to work through Telegram accounts. Nick Lewis explains how it works.  Continue Reading

• RSA-1024 keys: How does a Libgcrypt vulnerability expose them?

  A Libgcrypt vulnerability could allow attackers to recover private RSA-1024 keys, as it allows a left-to-right sliding window that shows how specific parts of the algorithm work.  Continue Reading

• CopyCat malware: How does this Android threat operate?

  Check Point researchers discovered new Android malware named CopyCat, which has infected 14 million devices. Learn how this malware works and how it spread from expert Nick Lewis.  Continue Reading

• Devil's Ivy vulnerability: How does it put IoT devices at risk?

  A gSOAP flaw was found in an Axis Communications security camera and branded the Devil's Ivy vulnerability. Learn how it threatens IoT devices with expert Nick Lewis.  Continue Reading

• How does credential stuffing enable account takeover attacks?

  Credential stuffing activity is outpacing the growth of other cyberattacks and enabling account takeover attacks. Akamai Technologies' Patrick Sullivan explains the threat.  Continue Reading

• What do Dnsmasq vulnerabilities mean for Android users?

  Researchers found several Dnsmasq vulnerabilities that affect Google's Android operating system. Matt Pascucci explains how these flaws can be exploited by threat actors.  Continue Reading

• Public key pinning: Why is Google switching to a new approach?

  After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch.  Continue Reading

• Confused deputy: How did the vulnerability affect Slack?

  A major SAML vulnerability was found in Slack that granted expired login credentials permission into the system. Matt Pascucci explains how this 'confused deputy' problem was handled.  Continue Reading

• Advanced Protection Program: How has Google improved security?

  Google added a layer to its account security system with Advanced Protection Program. Matt Pascucci explains how individuals can better defend themselves from malicious actors.  Continue Reading

• Canvas fingerprinting: How does it compromise security?

  Mozilla recently decided to pull the HTML canvas element from the Firefox browser. Learn from expert Matt Pascucci what this means for the security and privacy of users.  Continue Reading

• What went wrong with the Dirty COW vulnerability patch?

  A patch was issued for the Dirty COW vulnerability, but researchers later discovered problems with the patch. Expert Judith Myerson explains what went wrong.  Continue Reading

• How should enterprise firewall settings be reviewed?

  Getting firewall settings right is one of the most basic ways to protect enterprise data from accidental exposures. Expert Judith Myerson discusses how to review firewall policies.  Continue Reading