Ask the Experts

Ask the Experts

• Vulnerability scans: How effective are they for web apps?

  Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can be missed by security teams.  Continue Reading

• Android bootloader: How does it work and what is the risk?

  Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk these vulnerabilities present.  Continue Reading

• How should undocumented features in software be addressed?

  Kaspersky Lab recently discovered an undocumented feature in Microsoft Word. Expert Kevin Beaver explains the risks and what to do if you come across one of these software flaws.  Continue Reading

• Broadpwn flaw: How does the new iOS exploit compare?

  An iOS exploit similar to the Broadpwn flaw was recently developed by a researcher at Google's Project Zero. Expert Kevin Beaver explains what the exploit is and how it works.  Continue Reading

• Can a decentralized open source community properly address security?

  SearchSecurity talks with UC Berkeley Professor Steven Weber about the open source community, the security challenges facing it and the prospect of software liability.  Continue Reading

• What is emotional data and what are the related privacy risks?

  SearchSecurity talks with UC Berkeley professor Steven Weber about the concept of emotional data, where it comes from and how it can potentially be used -- and abused.  Continue Reading

• Brutal Kangaroo: How does it hop to air-gapped computers?

  The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is possible with expert Nick Lewis.  Continue Reading

• Antimalware software: How can Windows 10 disable it?

  Kaspersky Lab recently accused Windows 10 of acting as an antivirus block to third-party antimalware software. Discover how your software is being blocked and how this can be fixed.  Continue Reading

• QakBot malware: How did it trigger Microsoft AD lockouts?

  QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks are being carried out.  Continue Reading

• OneLogin data breach: What does the attack mean for SSOs?

  A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies.  Continue Reading

• Zusy malware: Are your PowerPoint files at risk?

  Several spam campaigns were discovered after a malicious PowerPoint file was exposed. Learn how Zusy malware is delivered upon hovering over hypertext and how files can be saved.  Continue Reading

• How can a vulnerability in Ruggedcom switches be mitigated?

  Vulnerabilities in Ruggedcom switches could open the industrial switches and other communication devices up to attacks. Expert Judith Myerson explains how to mitigate the risks.  Continue Reading

• Which 4G vulnerabilities should BYOD users be aware of?

  Enterprises should consider pressing 4G vulnerabilities when developing a BYOD strategy for their employees. Expert Judith Myerson explains the flaws and what to do about them.  Continue Reading

• How can a local file inclusion attack be stopped?

  A botnet-based local file inclusion attack targeted IBM X-Force customers. Expert Judith Myerson explains how these attacks work and how enterprises can defend against them.  Continue Reading

• How can platform firmware be protected from attacks?

  The NIST published guidance on building up platform firmware resiliency. Expert Judith Myerson looks at the NIST guidelines and the major takeaways for enterprises.  Continue Reading

• How does port swapping work to bypass two-factor authentication?

  With a port swapping attack, hackers can bypass two-factor authentication and control a victim's mobile device. Judith Myerson explains how the attacks work and how to stop them.  Continue Reading

• LDAP injection: How was it exploited in a Joomla attack?

  After eight years, Joomla discovered an LDAP vulnerability that could be exploited by threat actors. Learn how the attack works from expert Matt Pascucci.  Continue Reading

• BlueBorne vulnerabilities: Are your Bluetooth devices safe?

  Armis Labs discovered a series of vulnerabilities that enables remote connection to Bluetooth devices. Learn more about the BlueBorne vulnerabilities with expert Matt Pascucci.  Continue Reading

• How can Windows digital signature check be defeated?

  A security researcher discovered that editing two registry keys can alter a Windows digital signature check. Matt Pascucci explains what that means for digital signatures.  Continue Reading

• iOS updates: Why are some Apple products behind on updates?

  A study by Zimperium found that more than 23% of iOS devices aren't running the latest software. Matt Pascucci explains how this is possible, even though Apple controls iOS updates.  Continue Reading

• PGP keys: Can accidental exposures be mitigated?

  The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys.  Continue Reading

• How does the GhostHook attack bypass Microsoft PatchGuard?

  A technique known as the GhostHook attack can get around PatchGuard, but Microsoft hasn't patched the flaw. Expert Michael Cobb explains why, as well as how the attack works.  Continue Reading

• How can Intel AMT be used to bypass the Windows firewall?

  Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains how it works.  Continue Reading

• How do source code reviews of security products work?

  Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains what to know about these reviews.  Continue Reading

• How can attacks like the Cherry Blossom project be prevented?

  With the WikiLeaks Cherry Blossom project, attackers can potentially inject malicious firmware into wireless routers. Expert Michael Cobb explains how to stop it from happening.  Continue Reading

• How does the Stack Clash vulnerability target Unix-based OSes?

  A privilege escalation vulnerability known as Stack Clash affects Unix-based OSes. Expert Michael Cobb explains the flaw and how to protect systems from being exploited.  Continue Reading

• Ransomware recovery methods: What does the NIST suggest?

  Knowing what ransomware recovery methods are available is important as the threat continues to grow. Expert Judith Myerson outlines what the NIST recommends for enterprises.  Continue Reading

• What QNAP vulnerabilities affect NAS storage device security?

  QNAP vulnerabilities in NAS enabled attackers to control devices. Expert Judith Myerson explains each of the QNAP NAS vulnerabilities and their fixes.  Continue Reading

• How did a Rufus software vulnerability put enterprises at risk?

  A vulnerability in Rufus software put some enterprise systems at risk. Expert Judith Myerson explains the flaw and the available fixes for organizations.  Continue Reading

• HTTP Strict Transport Security: What are the security benefits?

  Google's use of HTTP Strict Transport Security aims to improve web browsing security. Expert Judith Myerson explains how HSTS can make the internet more secure.  Continue Reading

• VMware AppDefense: How will it address endpoint security?

  VMware announced AppDefense, its latest effort to help improve endpoint security. Matt Pascucci explains how AppDefense addresses applications in vSphere environments.  Continue Reading

• Killer discovery: What does a new Intel kill switch mean for users?

  Cybersecurity company Positive Technologies recently discovered an Intel kill switch in the vendor's Management Engine. Learn more about this kill switch with expert Matt Pascucci.  Continue Reading

• WireX botnet: How did it use infected Android apps?

  To avoid a mobile device catastrophe, several large tech organizations came together to stop the WireX botnet. Learn how this Android botnet with 300 infected apps was stopped.  Continue Reading

• How should security teams handle the Onliner spambot leak?

  A security researcher recently discovered a list of 711 million records used by the Onliner spambot. Expert Matt Pascucci explains what actions exposed individuals should take.  Continue Reading

• Monitoring employee communications: What do EU privacy laws say?

  The European Court of Human Rights recently placed strict regulations on monitoring employee communications. Matt Pascucci compares EU privacy laws to the U.S.'s standards.  Continue Reading

• EternalRocks malware: What exploits are in it?

  When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and explains what's lurking inside.  Continue Reading

• Google Docs phishing attack: How does it work?

  A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend against such an attack.  Continue Reading

• What's the best career path to get CISSP certified?

  The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP certified.  Continue Reading

• How did a Windows Defender antivirus bug enable remote exploits?

  A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it happened, and what to do about it.  Continue Reading

• Samsung S8 iris scanner: How was it bypassed?

  Hackers bypassed the Samsung S8 iris scanner, which could spell trouble for biometric authentication. Expert Nick Lewis explains how it happened and how to stay protected.  Continue Reading

• HP keylogger: How did it get there and how can it be removed?

  A keylogging flaw found its way into dozens of Hewlett Packard laptops. Nick Lewis explains how the HP keylogger works and what can be done about it.  Continue Reading

• What knowledge factors qualify for true two-factor authentication?

  Can two-factor authentication be applied to a mobile device that's used as a 2FA factor? Michael Cobb explores the different knowledge factors and uses for mobile devices.  Continue Reading

• Running a private certificate authority: What are the risks?

  Running a private certificate authority can pose significant risks and challenges to meet baseline requirements. Michael Cobb explores what enterprises should know.  Continue Reading

• How can Android app permissions be exploited by attackers?

  A recently discovered Android app permissions flaw can expose users to attacks. Michael Cobb explains what the risks are and how Android O security will help users.  Continue Reading

• How did an ImageMagick vulnerability endanger Yahoo servers?

  An ImageMagick vulnerability known as Yahoobleed could give hackers access to Yahoo servers. Expert Michael Cobb explains the flaw and how Yahoo handled the situation.  Continue Reading

• Telerik web UI: Can the cryptographic weakness be mitigated?

  A cryptographic weakness was discovered in the Telerik web UI. Expert Judith Myerson alerts readers about this weakness and the alternative options for companies to explore.  Continue Reading

• How does Google Play Protect aim to improve Android security?

  Google's new security platform, Google Play Protect, looks to decrease Android app security threats through machine learning. Michael Cobb explains how the new platform works.  Continue Reading

• How can hackers use subtitle files to control endpoint devices?

  New media player vulnerabilities have been exposed that enable hackers to use subtitle files to control devices. Expert Judith Myerson explains how this happens.  Continue Reading

• Foxit Reader vulnerabilities: What can be done to mitigate them?

  Two critical, zero-day Foxit Reader vulnerabilities haven't been patched and pose a threat to enterprises. Judith Myerson explains the vulnerabilities and how to mitigate them.  Continue Reading

• How are Windows shortcut files vulnerable to attacks?

  A Windows vulnerability targets shortcut files and enables hackers to automatically execute code. Expert Judith Myerson explains the flaw and how to stop it.  Continue Reading

• How does an Amazon Echo vulnerability enable attackers to eavesdrop?

  Hackers could take advantage of a physical Amazon Echo vulnerability to turn the Echo into a listening device. Judith Myerson explains how this works and what can be done about it.  Continue Reading

• How does the Ursnif Trojan variant exploit mouse movements?

  A new version of the Ursnif Trojan uses mouse movements to bypass security efforts by beating sandbox detection. Expert Matthew Pascucci explains how this technique works.  Continue Reading

• Flash's end of life: How should security teams prepare?

  Adobe Flash's end of life is coming, and it includes an incremental removal method, allotting security teams enough time to adjust. Matt Pascucci explains how changes can be made.  Continue Reading

• How does a private bug bounty program compare to a public program?

  Explore the differences of public versus private bug bounty programs, as well as the benefits of each one. Expert Mathew Pascucci explains the risk and return of both programs.  Continue Reading

• WoSign certificates: What happens when Google Chrome removes trust?

  Google Chrome has started removing trust in certificates issued by WoSign. Matthew Pascucci explains this decision and what it means for companies using WoSign certificates.  Continue Reading

• How can peer group analysis address malicious apps?

  Google is using machine learning and peer group analysis to protect against malicious Android apps in the Google Play Store. Matt Pascucci explains how this works.  Continue Reading

• Can the STIX security framework improve threat intelligence sharing?

  Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.  Continue Reading

• New WordPress malware: What to do about WP-Base-SEO

  A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to avoid it.  Continue Reading

• How can a DDoS reflection attack abuse CLDAP?

  A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against this new threat.  Continue Reading

• PINLogger: How does this exploit steal PINs?

  The proof-of-concept PINLogger attack exploits mobile device sensors to steal PINs. Nick Lewis explains how the attack works and offers advice on how to stop it.  Continue Reading

• Hajime IoT worm: Is it pure malware or vigilante malware?

  The Hajime IoT worm aims to help users tighten up security, whether they want to or not, but it's probably not a good security strategy. Expert Nick Lewis explains the risks.  Continue Reading

• How does a Magento Community Edition flaw allow remote attacks?

  As the Magento Community Edition suffers a new zero-day vulnerability, expert Nick Lewis explains how it's being exploited and how to mitigate the cross-site request forgery flaw.  Continue Reading

• Application containers: What are the major risks?

  NIST recently issued guidance on mitigating the security risks of application containers. Expert Judith Myerson outlines some of the risks and fixes highlighted in the guide.  Continue Reading

• How does BrickerBot threaten enterprise IoT devices?

  BrickerBot is similar to other IoT malware like Mirai, Hajime and others. Expert Judith Myerson explains what makes BrickerBot different, and what can be done to defend against it.  Continue Reading

• How can the Jenkins vulnerabilities in plug-ins be mitigated?

  A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should mitigate them.  Continue Reading

• How will IEEE 802.11ax prevent IoT security vulnerabilities?

  Router security vulnerabilities become a bigger problem as IoT devices become more widely used. The IEEE 802.11ax protocol could help, as expert Judith Myerson explains.  Continue Reading

• Are long URLs better for security than short URLs?

  Shortened URLs are weak on security and easy for attackers to inject with malware. Expert Judith Myerson discusses how long URLs are more secure, despite the inconvenience.  Continue Reading

• What risk do Windows 10 telemetry features pose enterprises?

  Microsoft collects data using Windows 10 telemetry features. Expert Michael Cobb explains what type of data is collected, and whether enterprises need to be worried about it.  Continue Reading

• How can users detect dangerous open ports in mobile apps?

  Some malicious apps can hijack smartphones and expose those devices with open ports. Expert Michael Cobb explains how this happens and how users can protect themselves.  Continue Reading

• How can memory corruption attacks threaten smartphones?

  Smartphone users could be at risk of memory corruption attacks because of a baseband vulnerability. Expert Michael Cobb explains the attack and how concerned users should be.  Continue Reading

• How do code-reuse attacks bypass Windows 10 security features?

  Certain Windows 10 security features can be bypassed with code-reuse attacks. Expert Michael Cobb explains how that works and what can be done to prevent it.  Continue Reading

• How is Pegasus malware different on Android than on iOS?

  Pegasus malware used to only target iOS devices, but a variant called Chrysaor now goes after Android devices, too. Expert Michael Cobb explains what users need to know about it.  Continue Reading

• How do network management systems simplify security?

  Network security teams can find themselves overwhelmed with protecting an enterprise network. Expert Matthew Pascucci explains how network management systems can help with that.  Continue Reading

• How can enterprises secure encrypted traffic from cloud applications?

  As enterprises use more cloud applications, they generate more encrypted traffic. Expert Matthew Pascucci discusses the challenges that presents for network security teams.  Continue Reading

• Should an enterprise BYOD strategy allow the use of Gmail?

  Using personal Gmail accounts for business purposes is not a secure enterprise BYOD strategy. Expert Matthew Pascucci discusses why companies should avoid implementing this tactic.  Continue Reading

• What should you do when third-party compliance is failing?

  Third-party compliance is a necessary part of securing your organization's data. Expert Matthew Pascucci discusses what to do if you suspect a business partner isn't compliant.  Continue Reading

• How is cross-platform malware carried in Word docs?

  Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks work and how to defend against them.  Continue Reading

• ATMitch malware: Can fileless ATM malware be stopped?

  How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it spreads.  Continue Reading

• DoubleAgent malware could turn antivirus tools into attack vector

  DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains how to contain the threat.  Continue Reading

• How does the MajikPOS malware evade detection?

  A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how to defend against it.  Continue Reading

• Why is the patched Apache Struts vulnerability still being exploited?

  An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform still carries risk for users.  Continue Reading

• Stopping EternalBlue: Can the next Windows 10 update help?

  The upcoming Windows update, Redstone 3, will patch the vulnerability that enables EternalBlue exploits. Expert Judith Myerson discusses protection methods to use until the update.  Continue Reading

• How does CrashOverride malware threaten industrial control systems?

  CrashOverride malware targets industrial control systems and can wreak havoc. Expert Judith Myerson explains the capabilities of the malware and what to do to stop it.  Continue Reading

• Is upgrading to SNMP v3 enough to secure network devices?

  Using SNMP v3 is a good first step, but it's not enough to prevent attackers from accessing a network through an SNMP-enabled device. Expert Judith Myerson explains what else to do.  Continue Reading

• What is the best way to secure telematics information?

  SMS authentication is often used to secure telematics information, but it may not be strong enough. Expert Judith Myerson discusses why, and how to improve the protection of this data.  Continue Reading

• How can VMware vulnerabilities in vSphere expose credentials?

  Two VMware vulnerabilities in vSphere Data Protection were recently patched. Expert Judith Myerson explains how the flaws work and how to defend against them.  Continue Reading

• How did sensitive data from file-sharing website Docs.com get leaked?

  Many users of the file-sharing website Docs.com were unaware that the sensitive data they uploaded was searchable. Expert Michael Cobb explains how this data leak happened.  Continue Reading

• Libpurple flaw: How does it affect connected IM clients?

  The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains how the flaw works.  Continue Reading

• What tools can bypass Google's CAPTCHA challenges?

  The ReBreakCaptcha exploit can bypass Google's reCAPTCHA verification system using flaws in Google's own API. Expert Michael Cobb explains how the attack works.  Continue Reading

• How did a Moodle security vulnerability enable remote code execution?

  A series of logic flaws in Moodle enabled attackers to remotely execute code on servers. Expert Michael Cobb explains how the Moodle security vulnerability can be exploited.  Continue Reading

• How did flaws in WhatsApp and Telegram enable account takeovers?

  Flaws in WhatsApp and Telegram, popular messaging services, enable attackers to break encryption and take over accounts. Expert Michael Cobb explains how the attacks work.  Continue Reading

• Could the WannaCry decryptor work on other ransomware strains?

  Researchers created WannaCry decryptor tools after the outbreak of the ransomware. Expert Matthew Pascucci explains how the tools work and if they work on other ransomware.  Continue Reading

• How is the Samba vulnerability different from EternalBlue?

  A recently discovered Samba vulnerability bears a striking resemblance to the notorious Windows exploit EternalBlue. Expert Matthew Pascucci compares the two vulnerabilities.  Continue Reading

• Can a PCI Internal Security Assessor validate level 1 merchants?

  A PCI Internal Security Assessor might not be the best bet to validate the compliance of a level 1 service provider. Expert Matthew Pascucci explains why and the alternative.  Continue Reading

• How can OSS-Fuzz and other vulnerability scanners help developers?

  Google's OSS-Fuzz is an open source vulnerability scanner. Expert Matthew Pascucci looks at how developers can take advantage of this tool and others like it.  Continue Reading

• Did DDoS attacks cause the FCC net neutrality site to go down?

  The FCC net neutrality comment site crashed, and it was blamed on DDoS attacks. Expert Matthew Pascucci looks at the technical side of this incident and what was behind it.  Continue Reading

• Poison Ivy RAT: What new delivery techniques are attackers using?

  A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that enterprises should look out for.  Continue Reading

• Samsung Knox platform: Can it improve Android device security?

  Application security expert Michael Cobb discusses the Samsung Knox platform and its ability to improve Android device security in the enterprise.  Continue Reading

• What tools were used to hide fileless malware in server memory?

  Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the wider fileless malware trend.  Continue Reading

• How are FTP injection attacks carried out on Java and Python?

  Vulnerabilities in Java and Python have opened them up to possible FTP injections. Expert Nick Lewis explains how enterprises can mitigate these attacks.  Continue Reading