Ask the Experts

Ask the Experts

• How does signed software help mitigate malware?

  Okta researchers found a bypass that allows macOS malware to pose as signed Apple files. Discover how this is possible and how to mitigate this attack.  Continue Reading

• How does the Mylobot botnet differ from a typical botnet?

  The new Mylobot botnet demonstrated new, complex tools and techniques that are modifying botnet attacks. Learn how this botnet differs from a typical botnet with Nick Lewis.  Continue Reading

• How does new MacOS malware target users through chat?

  New malware targets cryptocurrency investors through MacOS and chat platforms were recently discovered. Learn how OSX.Dummy malware works and what users can do to spot the attack.  Continue Reading

• How is Plead malware used for cyberespionage attacks?

  Cyberespionage hackers have used stolen digital certificates to steal data. Expert Michael Cobb explains how hackers sign Plead malware to conduct these attacks.  Continue Reading

• What is behind the growing trend of BEC attacks?

  BEC attacks cost over $676 million in 2017, according to the FBI's Internet Crime Report. Learn how to recognize possible BEC attacks from expert Michael Cobb.  Continue Reading

• How does site isolation defend against Spectre vulnerabilities?

  Spectre exploits how processors manage performance-enhancing features. Expert Michael Cobb explains Google Chrome's initiative to use site isolation as a defense mechanism.  Continue Reading

• How does the public Venmo API pose a threat for users?

  The public Venmo API setting puts users at risk by providing detailed insight into their transactions and personal lives. Expert Michael Cobb discusses the risks of public APIs.  Continue Reading

• How can U2F authentication end phishing attacks?

  By requiring employees to use U2F authentication and physical security keys, Google eliminated phishing attacks. Learn how the combination works from expert Michael Cobb.  Continue Reading

• How was Kea DHCP v1.4.0 affected by a security advisory?

  Kea, an open source DHCP server, was issued a medium security advisory for a flaw that causes memory leakage in version 1.4.0. Discover the workarounds with Judith Myerson.  Continue Reading

• Does pcAnywhere put election management systems at risk?

  ES&S admitted it installed the insecure remote access program pcAnywhere on election management systems. Learn what pcAnywhere is and what this risk means for election systems.  Continue Reading

• Siemens Siclock: How do threat actors exploit these devices?

  Siemens disclosed six Siclock flaws that were found within its central plant clocks. Discover why three flaws have been rated critical and how threat actors can exploit devices.  Continue Reading

• How do newly found flaws affect robot controllers?

  Several vulnerabilities were found in controllers made by Universal Robots. Discover what these controllers are used for and how threat actors can exploit these vulnerabilities.  Continue Reading

• What are DMARC records and can they improve email security?

  Last year, the U.S. federal government mandated that by October 2018, all agencies must have DMARC policies in place. Learn how complicated this requirement is with Judith Myerson.  Continue Reading

• Removable storage devices: Why are companies banning them?

  IBM banned removable storage devices to encourage employees to use the company's internal file-sharing system. Learn how a ban like this can improve enterprise security.  Continue Reading

• How does the resurgent VPNFilter botnet target victims?

  After a comeback of the Russian-built VPNFilter botnet, home network devices are at risk. Learn how this malware targets victims with expert Nick Lewis.  Continue Reading