Ask the Experts

Ask the Experts

• Uber breach: How did a private GitHub repository fail Uber?

  The recent Uber breach calls into question the use of code repositories. Expert Matt Pascucci explains how the breach of GitHub and Amazon Web Services occurred.  Continue Reading

• How did OurMine hackers use DNS poisoning to attack WikiLeaks?

  The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from expert Nick Lewis.  Continue Reading

• Typosquatting: How did threat actors access NPM libraries?

  Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it means for users.  Continue Reading

• How are tech support scams using phishing emails?

  Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work with expert Nick Lewis.  Continue Reading

• GD library: How did it open the Junos OS to attacks?

  The GD library used in the Junos operating system has opened Junos up to attacks. Nick Lewis explains how it happened and what it means for companies using open source software.  Continue Reading

• Antivirus tools: Are two programs better than one?

  Antivirus software is crucial to your device's security. However, less is often more, especially when considering a secondary free antivirus program. Nick Lewis explains why.  Continue Reading

• What can be done to prevent a swatting attack?

  A swatting attack resulted in the death of a Kansas man. Expert Judith Myerson looks at the technology these attacks use and what can be done to make sure they don't happen again.  Continue Reading

• How does the Devil's Ivy bug compromise security cameras?

  The Devil's Ivy bug affects millions of internet-connected security cameras. Expert Judith Myerson explains how the exploit works and what can be done to prevent it.  Continue Reading

• What can enterprises do to prevent an IoT botnet attack?

  An IoT botnet attack on Huawei home routers showed similarities to the Mirai malware. Expert Judith Myerson explains the threat and how enterprises can protect themselves.  Continue Reading

• How should BGP route hijacking be addressed?

  A new report from NIST shows how BGP route hijacking can threaten the internet. Expert Judith Myerson reviews the guidance for improving BGP security.  Continue Reading

• How did a Microsoft Equation Editor flaw put systems at risk?

  A stack buffer overflow vulnerability in Microsoft Equation Editor may have put enterprises at risk of compromise. Expert Judith Myerson explains what went wrong.  Continue Reading

• What are the root causes of the cybersecurity skills shortage?

  SearchSecurity talks with David Shearer, CEO of (ISC)2, about what is -- and isn't -- contributing to the cybersecurity skills shortage in the U.S., as well as how to fix the problem.  Continue Reading

• NotPetya malware: How does it detect security products?

  Bitdefender discovered that the NotPetya malware changes its behavior when Kaspersky security products are detected. Nick Lewis explains how the malware's tricks work.  Continue Reading

• Katyusha Scanner: How does it work via a Telegram account?

  The Katyusha Scanner is based on the open source penetration test scanner Arachni. However, it has been modified to work through Telegram accounts. Nick Lewis explains how it works.  Continue Reading

• RSA-1024 keys: How does a Libgcrypt vulnerability expose them?

  A Libgcrypt vulnerability could allow attackers to recover private RSA-1024 keys, as it allows a left-to-right sliding window that shows how specific parts of the algorithm work.  Continue Reading