Ask the Experts

Ask the Experts

• How can I protect my self-encrypting drives?

  Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on vulnerable solid-state drives?  Continue Reading

• How does a WordPress SEO malware injection work and how can enterprises prevent it?

  Security expert Nick Lewis explains how to prevent WordPress SEO malware injection attacks that rank the attacker's search engine results higher than legitimate webpages.  Continue Reading

• Is a Mirai botnet variant targeting unpatched enterprises?

  New variants of popular botnets were found targeting IoT devices by Palo Alto Networks' Unit 42. Discover how these variants differ from their sources and what new risks they pose.  Continue Reading

• Why is the N-gram content search key for threat detection?

  Detected malware can now efficiently be tracked due to VirusTotal's enterprise version of its software. Discover what N-gram is and how it can be used with Nick Lewis.  Continue Reading

• What new technique does the Osiris banking Trojan use?

  A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it poses with Nick Lewis.  Continue Reading

• How did Signal Desktop expose plaintext passwords?

  The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords were put at risk.  Continue Reading

• How does the iPhone phishing scam work?

  An iPhone phishing scam leads users to believe malicious incoming calls are from Apple Support. How can enterprises protect their employee against this threat?  Continue Reading

• Should I use GitHub's new private repositories?

  Is GitHub's new private repositories service robust enough to serve the needs of enterprises? Nick Lewis examines what works -- and what doesn't.  Continue Reading

• How do I stop the Vidar malvertising attack?

  The Vidar malvertising attack was part of a two-pronged intrusion that included the installation of ransomware in endpoints. How can enterprises protect themselves?  Continue Reading

• How do trusted app stores release and disclose patches?

  A flaw was found in the Android installer for Fortnite and was patched within 24 hours. Learn how such a quick turnaround affects mobile app security with expert Nick Lewis.  Continue Reading

• How can credential stuffing attacks be detected?

  Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively manage the threat.  Continue Reading

• How did the Dirty COW exploit get shipped in software?

  An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what this vulnerability can do.  Continue Reading

• Why did a Cisco patch for Webex have to be reissued?

  Cisco's Webex Meetings platform had to be re-patched after researchers found the first one was failing. Discover what went wrong with the first patch with Judith Myerson.  Continue Reading

• How did Browser Reaper cause browsers to crash?

  A Mozilla vulnerability duplicated in the Browser Reaper set of DoS proofs of concept caused Chrome, Firefox and Safari to crash. Learn why and how this occurred.  Continue Reading

• Should large enterprises add dark web monitoring to their security policies?

  Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find.  Continue Reading