Ask the Experts

Ask the Experts

• How does a Magento Community Edition flaw allow remote attacks?

  As the Magento Community Edition suffers a new zero-day vulnerability, expert Nick Lewis explains how it's being exploited and how to mitigate the cross-site request forgery flaw.  Continue Reading

• Application containers: What are the major risks?

  NIST recently issued guidance on mitigating the security risks of application containers. Expert Judith Myerson outlines some of the risks and fixes highlighted in the guide.  Continue Reading

• How does BrickerBot threaten enterprise IoT devices?

  BrickerBot is similar to other IoT malware like Mirai, Hajime and others. Expert Judith Myerson explains what makes BrickerBot different, and what can be done to defend against it.  Continue Reading

• How can the Jenkins vulnerabilities in plug-ins be mitigated?

  A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should mitigate them.  Continue Reading

• How will IEEE 802.11ax prevent IoT security vulnerabilities?

  Router security vulnerabilities become a bigger problem as IoT devices become more widely used. The IEEE 802.11ax protocol could help, as expert Judith Myerson explains.  Continue Reading

• Are long URLs better for security than short URLs?

  Shortened URLs are weak on security and easy for attackers to inject with malware. Expert Judith Myerson discusses how long URLs are more secure, despite the inconvenience.  Continue Reading

• What risk do Windows 10 telemetry features pose enterprises?

  Microsoft collects data using Windows 10 telemetry features. Expert Michael Cobb explains what type of data is collected, and whether enterprises need to be worried about it.  Continue Reading

• How can users detect dangerous open ports in mobile apps?

  Some malicious apps can hijack smartphones and expose those devices with open ports. Expert Michael Cobb explains how this happens and how users can protect themselves.  Continue Reading

• How can memory corruption attacks threaten smartphones?

  Smartphone users could be at risk of memory corruption attacks because of a baseband vulnerability. Expert Michael Cobb explains the attack and how concerned users should be.  Continue Reading

• How do code-reuse attacks bypass Windows 10 security features?

  Certain Windows 10 security features can be bypassed with code-reuse attacks. Expert Michael Cobb explains how that works and what can be done to prevent it.  Continue Reading

• How is Pegasus malware different on Android than on iOS?

  Pegasus malware used to only target iOS devices, but a variant called Chrysaor now goes after Android devices, too. Expert Michael Cobb explains what users need to know about it.  Continue Reading

• How do network management systems simplify security?

  Network security teams can find themselves overwhelmed with protecting an enterprise network. Expert Matthew Pascucci explains how network management systems can help with that.  Continue Reading

• How can enterprises secure encrypted traffic from cloud applications?

  As enterprises use more cloud applications, they generate more encrypted traffic. Expert Matthew Pascucci discusses the challenges that presents for network security teams.  Continue Reading

• Should an enterprise BYOD strategy allow the use of Gmail?

  Using personal Gmail accounts for business purposes is not a secure enterprise BYOD strategy. Expert Matthew Pascucci discusses why companies should avoid implementing this tactic.  Continue Reading

• What should you do when third-party compliance is failing?

  Third-party compliance is a necessary part of securing your organization's data. Expert Matthew Pascucci discusses what to do if you suspect a business partner isn't compliant.  Continue Reading