Ask the Experts

Ask the Experts

• IoT malware: How can internet-connected devices be secured?

  IoT botnet DDoS attacks have been growing in volume and impact. Expert Nick Lewis explains how you can ensure your internet-connected devices are secure from IoT malware.  Continue Reading

• How can obfuscated macro malware be located and removed?

  A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware.  Continue Reading

• How does BENIGNCERTAIN exploit Cisco PIX firewalls?

  The BENIGNCERTAIN exploit affects certain versions of Cisco systems using the IKEv1 protocol. Expert Nick Lewis explains what the protocol does and how the vulnerability works.  Continue Reading

• How can open FTP servers be protected from Miner-C malware?

  Enterprises with open FTP servers are being targeted by Miner-C malware for crypto coin mining activities. Expert Nick Lewis explains how enterprises can protect their servers.  Continue Reading

• How does a security portfolio help an enterprise security program?

  A security portfolio shouldn't be used as an alternative to a reporting structure, but it can still be beneficial to enterprises. Expert Mike O. Villegas explains how.  Continue Reading

• What are the pros and cons of hiring a virtual CISO?

  A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons.  Continue Reading

• How can CISOs get past security vendor hype and make smart purchases?

  Security vendor hype is a problem CISOs often have to deal with. Expert Mike O. Villegas discusses some ways to cut through the hype and make smart purchasing decisions.  Continue Reading

• Who should be on an enterprise cybersecurity advisory board?

  What qualifications does a cybersecurity advisory board member need to best serve enterprises? Expert Mike O. Villegas outlines the most helpful backgrounds for board members.  Continue Reading

• What caused the ClixSense privacy breach that exposed user data?

  A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held accountable for their security practices.  Continue Reading

• How did iOS 10 security checks open brute force risk on local backups?

  A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks led to this vulnerability.  Continue Reading

• HTTP public key pinning: Is the Firefox browser insecure without it?

  HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael Cobb explains how HPKP works.  Continue Reading

• How did a Signal app bug let attackers alter encrypted attachments?

  The Signal app, used for end-to-end encrypted mobile messaging, contained a bug that allowed data to be added to attachments. Expert Michael Cobb explains the flaw.  Continue Reading

• How does Overseer spyware work on infected Android apps?

  Spyware was found on infected Android apps, which were meant to convey embassy information and news, in the Google Play Store. Expert Michael Cobb explains how the spyware works.  Continue Reading

• What are the best anti-network reconnaissance tools for Linux systems?

  Anti-network reconnaissance tools can prevent attackers from getting access to system information. Expert Judith Myerson goes over the best enterprise options.  Continue Reading

• How does DNSChanger take advantage of WebRTC protocols?

  WebRTC protocols are being targeted by a new version of the DNSChanger exploit kit. Judith Myerson explains how these attacks work and what enterprises should know.  Continue Reading

• Are free VPN clients secure enough for enterprise users?

  There are many free VPN clients on the market, but are they secure enough for enterprise users? Expert Judith Myerson looks at the pros and cons of ad-supported VPNs.  Continue Reading

• Which encryption tools can secure data on IoT devices?

  Protecting the data that moves through the internet of things can be a challenge for enterprises. Expert Judith Myerson offers several encryption tools for the task.  Continue Reading

• How does a Netgear vulnerability enable command injection attacks?

  A Netgear vulnerability exposed a number of wireless router models to command injection attacks. Expert Judith Myerson explains how the attack works and how to stop it.  Continue Reading

• How can enterprises fix the NTP daemon vulnerability to DoS attacks?

  A recently patched NTP daemon vulnerability has put enterprises at risk. Expert Matthew Pascucci explains the vulnerability and how organizations can defend against it.  Continue Reading

• How does Stampado ransomware spread to external drives?

  The Stampado ransomware is a low-cost threat to networks and external drives. Expert Matthew Pascucci explains how Stampado works and how enterprises should handle it.  Continue Reading

• How serious are the flaws in St. Jude Medical's IoT medical devices?

  MedSec and Muddy Waters Capital revealed serious flaws in IoT medical devices manufactured by St. Jude Medical. Expert Nick Lewis explains the severity of these vulnerabilities.  Continue Reading

• How does RIPPER ATM malware use malicious EMV chips?

  RIPPER malware has been found responsible for the theft of $378,000 from ATMs in Thailand. Expert Nick Lewis explains how this ATM malware works.  Continue Reading

• How do facial recognition systems get bypassed by attackers?

  Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what can be done to prevent them.  Continue Reading

• How does USBee turn USB storage devices into covert channels?

  USB storage devices can be turned into covert channels with a software tool called USBee. Expert Nick Lewis explains how to protect your enterprise data from this attack.  Continue Reading

• How do man-in-the-middle attacks on PIN pads expose credit card data?

  Passive man-in-the-middle attacks on PIN pads can lead to attackers stealing credit card details. Expert Nick Lewis explains how companies can mitigate these attacks.  Continue Reading

• What effect does FITARA have on U.S. government cybersecurity?

  FITARA became a law in 2014, but government cybersecurity continues to struggle. Expert Mike O. Villegas discusses the effects of the law.  Continue Reading

• Are bug bounty programs secure enough for enterprise use?

  The use of bug bounty programs in enterprises is growing, but they aren't risk free. Expert Mike O. Villegas discusses some concerns related to bug bounties.  Continue Reading

• What are the potential pros and cons of a Cyber National Guard?

  A congressman proposed adding a Cyber National Guard to the military to protect the U.S. from cyber adversaries. Expert Mike O. Villegas examines the potential drawbacks of this branch.  Continue Reading

• Are investigations crucial to data breach protection?

  SWIFT banking has a team dedicated to data breach investigations. Expert Mike O. Villegas discusses why this is necessary and whether other organizations should follow suit.  Continue Reading

• How are hackers using Twitter as C&C servers for malware?

  C&C servers have been replaced with Twitter accounts, which spread the Android Trojan Twitoor to user devices. Expert Michael Cobb explains how to stop this attack.  Continue Reading

• How can two-factor authentication systems be used effectively?

  Two-factor authentication systems require more than using codes sent through SMS and smart cards. Expert Michael Cobb explains how to properly and effectively implement 2FA.  Continue Reading

• How does a Linux vulnerability allow attacks on TCP communications?

  A Linux vulnerability that affects 80% of Android devices allows for attacks on TCP communications and remote code execution. Expert Michael Cobb explains how to mitigate these risks.  Continue Reading

• How can PGP short key IDs be protected from collision attacks?

  A well-known PGP short key ID flaw has been discovered to be the cause of collision attacks on Linux developers. Expert Michael Cobb explains the flaw with short key IDs.  Continue Reading

• What new NIST password recommendations should enterprises adopt?

  NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note.  Continue Reading

• Do DMZ networks still provide security benefits for enterprises?

  DMZ networks were once widely used by enterprises, but are they still common today? Expert Judith Myerson explains why DMZs may be a good security option for some organizations.  Continue Reading

• Should one cybersecurity mistake mean the end of a CEO's career?

  In one case, a tenured CEO made one cybersecurity mistake and was fired. Expert Mike O. Villegas discusses whether this sets a precedence for enterprises going forward.  Continue Reading

• CryptXXX: How does this ransomware spread through legitimate websites?

  The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how this happens with WordPress.  Continue Reading

• What should happen after an employee clicks on a malicious link?

  The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack.  Continue Reading

• Bug bounties: How does Apple's program compare to others?

  Apple has started to offer bug bounties to researchers who find vulnerabilities in iOS. Expert Michael Cobb compares Apple's program to that of other companies.  Continue Reading

• How should HIPAA covered entities respond to healthcare ransomware?

  The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. Expert Mike Chapple discusses.  Continue Reading

• Is a no-SMS 2FA policy a good idea for enterprises?

  Now that NIST has deprecated the use of SMS 2FA, should nongovernment organizations follow suit? Expert Mike Chapple discusses the risks of SMS-based 2FA to enterprises.  Continue Reading

• What CISO certifications are the most important to have?

  There are multitudes of cybersecurity certifications, but which are the best CISO certifications? Expert Mike O. Villegas discusses the most effective combination of credentials.  Continue Reading

• How can users protect mobile devices from SandJacking attacks?

  Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack.  Continue Reading

• Can ZCryptor ransomware be stopped by upgrading to Windows 10?

  ZCryptor ransomware can self-replicate through autorun files placed on removable storage devices. Expert Nick Lewis explains how your enterprise can mitigate this risk.  Continue Reading

• How does the Federal Privacy Council affect government security?

  Established as part of an executive order by President Obama, the Federal Privacy Council plays a role in government cybersecurity. Expert Mike Chapple discusses what that means.  Continue Reading

• How does auto-rooting malware LevelDropper gain device root access?

  Auto-rooting app LevelDropper has the ability to silently root devices and gain system level privileges. Expert Michael Cobb explains how to detect and stop it.  Continue Reading

• Can an HTML5 document with a digital signature be authenticated?

  A digital signature on an HTML5 document cannot be authenticated the same way a PDF can. Expert Michael Cobb explains how enterprises should address this issue.  Continue Reading

• How can an HTTPS session get hijacked with the Forbidden attack?

  An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly secure HTTPS-authenticated sites.  Continue Reading

• How can APT groups be stopped from exploiting a Microsoft Office flaw?

  APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks work and how to prevent them.  Continue Reading

• SAP vulnerability: Why didn't the patch work correctly?

  An old SAP vulnerability that enabled remote administrative access was found to be ineffectually patched. Expert Nick Lewis explains how enterprises can secure their systems.  Continue Reading

• How would a cyberattack information database affect companies?

  A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach information means for U.S. companies.  Continue Reading

• How are weak passwords banned with Microsoft's Smart Password Lockout?

  Microsoft is banning weak passwords on many of its services with the Smart Password Lockout feature. Expert Michael Cobb explains how it works, and if it will be beneficial.  Continue Reading

• How can security automation tools keep organizations protected?

  Sometimes security teams fall into 'set and forget' habits with security automation. Expert Mike O. Villegas explains how to take advantage of automation while staying secure.  Continue Reading

• Is settling a data breach lawsuit the best option for enterprises?

  In the unfortunate event of a data breach lawsuit, it's often better to settle before the case reaches court. Expert Mike O. Villegas explains why and how CISOs can help.  Continue Reading

• Are new cybersecurity products the best investment for enterprises?

  Having the latest cybersecurity products isn't always the best way to approach security. Expert Mike O. Villegas explains why and how to deal with pressure to buy new.  Continue Reading

• Does encrypting data make access harder for regulators?

  Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? Expert Mike Chapple discusses.  Continue Reading

• What's the best way to communicate about advanced persistent threats?

  Advanced persistent threats are a constant risk for enterprises, so the board needs to know about them. Expert Mike O. Villegas discusses how to effectively communicate about APTs.  Continue Reading

• Are cyberwar games beneficial to test enterprise security?

  Traditional security testing is always recommended, but what about cyberwar games? Expert Mike O. Villegas discusses the best ways to test a security program.  Continue Reading

• How does the EMET 5.0 vulnerability allow attackers to turn it off?

  A vulnerability has been discovered in EMET 5.0 that can be used to turn EMET off. Expert Nick Lewis explains the flaw, and what enterprises can do to maintain security.  Continue Reading

• How can the AirDroid app phone hijacking be prevented?

  A vulnerability in the AirDroid device manager app left users at risk of phone hijacking. Expert Michael Cobb explains how the exploit works, and what can be done to prevent it.  Continue Reading

• What new Asacub Trojan features should enterprises watch out for?

  The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching out for.  Continue Reading

• Is BlackEnergy malware a threat to U.S. utility companies?

  BlackEnergy malware may have been part of the attacks on Ukrainian utility and media companies. Expert Nick Lewis explains how this malware works and if U.S. companies are at risk.  Continue Reading

• Does the Icera modem vulnerability in Blackphones affect other devices?

  A vulnerability was found in the Blackphone's Icera modem. Expert Michael Cobb explains how attackers could hijack the device, and if this would occur in other mobile devices.  Continue Reading

• Oracle Java browser plug-in: How will its death affect enterprises?

  Oracle is killing off the Java browser plug-in due to security risks. Expert Michael Cobb explains the next steps for enterprises with Java-based applications.  Continue Reading

• Is a cryptographic algorithm behind Juniper's backdoor?

  Juniper firewall products were found to have two backdoor vulnerabilities. Expert Michael Cobb explains how a cryptographic algorithm and hardcoded password enabled this to happen.  Continue Reading

• How can Kerberos protocol vulnerabilities be mitigated?

  Microsoft's Kerberos protocol implementation has long-standing issues with its secret keys. Expert Michael Cobb explains how to mitigate the authentication vulnerabilities.  Continue Reading

• Will the Neiman Marcus data breach lawsuit set a precedent?

  The Neiman Marcus data breach lawsuit was appealed and it could set a precedent for the victims of data breach lawsuits in the future. Expert Mike O. Villegas explains.  Continue Reading

• Could a security pledge replace security awareness training?

  Some universities use a security pledge so that students commit to good cybersecurity practices. Mike O. Villegas discusses whether this might work for enterprise employees.  Continue Reading

• How does the banking Trojan Dyreza exploit Windows 10?

  A variant of banking Trojan Dyreza has begun to target Windows 10. Expert Nick Lewis explains the new attack functionalities, and Windows 10 and user vulnerabilities.  Continue Reading

• How does the M-Pesa service work and what are the risks?

  How does mobile microfinancing service M-Pesa allow users to make transactions without a bank account? Expert Michael Cobb explains how it works and M-Pesa security measures.  Continue Reading

• What HTML5 security measures do enterprises need to take?

  With HTML5 taking over as the preferred technology over Adobe Flash, Flash content's days are numbered. Expert Michael Cobb discusses HTML5 security and features for developers.  Continue Reading

• How can Millennials enter cybersecurity careers in the enterprise?

  Getting younger generations interested in cybersecurity careers isn't that hard, but it does require the industry to put effort into education. And enterprises should lead the way.  Continue Reading

• What are the differences between active boards and passive boards?

  Both active and passive boards of directors have different approaches to handling cybersecurity within their organizations. Here's how to tell which type you have.  Continue Reading

• What's the difference between two-step verification and 2FA?

  The terms two-step verification and two-factor authentication are used interchangeably, but do they differ from one another? Expert Michael Cobb explains.  Continue Reading

• Can Firefox tracking protection improve private browsing?

  Firefox aims to improve private browsing with a new tracking protection feature. Expert Michael Cobb explains how the feature works.  Continue Reading

• What are the latest SEC Risk Alert findings?

  The latest SEC Risk Alert from the OCIE has important updates for financial services firms. Expert Mike Chapple reviews the report.  Continue Reading

• Compromised credentials: What can enterprises do?

  Attackers use compromised credentials to infiltrate enterprises undetected and steal corporate data. Expert Nick Lewis offers the best ways to handle this threat.  Continue Reading

• Outdated apps: What are the best ways to address them?

  Dead and outdated apps can pose serious security risks for enterprises. Expert Nick Lewis explains how to find and remove dead apps before they become a problem.  Continue Reading

• How can enterprises mitigate IVR security risks?

  Interactive voice response systems can be used by attackers to hack into enterprises. Expert Nick Lewis explains the security risks of IVR systems and how to mitigate them.  Continue Reading

• Is mobile payment security regulated enough by PCI DSS?

  PCI DSS is pretty specific about security, but does it do enough for mobile payment security? Expert Mike Chapple explains why he says yes.  Continue Reading

• What privacy regulations should enterprises follow?

  The U.S. government has been criticized for its lack of updated privacy regulations. Expert Mike Chapple advises enterprises that want to bolster their privacy policies.  Continue Reading

• What's the effect of a financial malware tool going public?

  A malware tool that helped to compile the Zeus Trojan has been leaked on the Web. Expert Nick Lewis explains what this means for enterprise security teams.  Continue Reading

• How can the Terracotta VPN attacks be detected?

  Threat actors in China are using VPN services to hide and anonymize their attacks. Expert Nick Lewis explains how to get a handle on these VPN-enabled threats.  Continue Reading

• How does the new voicemail phishing scam work?

  A new phishing scam uses voicemail notification emails to spread malware. Expert Nick Lewis explains how this attack works and how enterprises can prevent it.  Continue Reading

• Drive-by login vs. drive-by download attack: What's the difference?

  A drive-by download attack targets everyone while a drive-by login attack gets personal. Expert Nick Lewis explains the two attacks and what can be done to stop them.  Continue Reading

• Is the FedRAMP certification making a difference?

  There was speculation in the security world over whether the FedRAMP certification would be helpful or not. Now that it's in full use, Mike Chapple looks at the state of FedRAMP.  Continue Reading

• Can Vawtrak banking malware bypass two-factor authentication?

  Banking malware Vawtrak has the capability to bypass two-factor authentication. Expert Nick Lewis explains how Vawtrak works and how to stop it.  Continue Reading

• Should the RC4 cipher still be used in enterprises?

  A newly discovered attack can break the RC4 cipher and decrypt user cookies. Expert Michael Cobb explains the attack and the relevance of RC4 in enterprises today.  Continue Reading

• How can software transplants fix bad code?

  Copying and pasting bad code into an application is a big problem for developers, but software transplants can help. Expert Michael Cobb explains the technology.  Continue Reading

• What effect would DMCA changes have on security researchers?

  There's been a lot of controversy around the DMCA, especially because of the Chrysler car hack. Here are the issues with it and how it affects security researchers.  Continue Reading

• How should companies handle SaaS compliance?

  SaaS cloud security presents extra challenges to enterprise compliance. Expert Mike Chapple offers some advice on how to cope with those challenges.  Continue Reading

• What happens if you ignore information security compliance?

  If an enterprise decides to ignore its information security compliance obligations, what happens? Expert Mike Chapple explains what willful noncompliance means.  Continue Reading

• What is the best way to trim a security portfolio?

  Trimming down a security portfolio and budget is a struggle for many security professionals. Here's how to trim security portfolios without affecting security.  Continue Reading

• What's the best way to handle external security auditors?

  Dealing with external security auditors can make IT professionals uncomfortable. Here are some ways to handle and make the most of the audit process.  Continue Reading

• Moose worm: How can enterprises stop social media fraud?

  A Linux-based Moose worm causes social media fraud through infected routers. Expert Nick Lewis explains how the Moose worm works and how to avoid it.  Continue Reading

• Android M security: Is it enterprise-ready?

  The latest version of Google's mobile operating system addresses some key enterprise security concerns. Expert Michael Cobb explains what's new in Android M.  Continue Reading

• What data breach notification policy should enterprises follow?

  A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best practices.  Continue Reading

• How does OpenPGP encryption improve messaging security?

  Facebook added OpenPGP encryption to its messaging services to help improve messaging safety. Expert Michael Cobb explains the benefits of the approach.  Continue Reading

• Can Google's Chrome extension policy improve Web security?

  The updated Chrome extension policy allows users and developers to only install extensions from the Chrome Web Store. Learn how this affects security and enterprise apps.  Continue Reading

• How can stealthy SSL attacks be detected and mitigated?

  SSL attacks "in stealth mode" are helping attackers avoid detection and analysis. Expert Nick Lewis explains how to discover and defend against the threat.  Continue Reading