Ask the Experts

Ask the Experts

• How can obfuscated macro malware be located and removed?

  A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware.  Continue Reading

• How does BENIGNCERTAIN exploit Cisco PIX firewalls?

  The BENIGNCERTAIN exploit affects certain versions of Cisco systems using the IKEv1 protocol. Expert Nick Lewis explains what the protocol does and how the vulnerability works.  Continue Reading

• How can open FTP servers be protected from Miner-C malware?

  Enterprises with open FTP servers are being targeted by Miner-C malware for crypto coin mining activities. Expert Nick Lewis explains how enterprises can protect their servers.  Continue Reading

• How does a security portfolio help an enterprise security program?

  A security portfolio shouldn't be used as an alternative to a reporting structure, but it can still be beneficial to enterprises. Expert Mike O. Villegas explains how.  Continue Reading

• What are the pros and cons of hiring a virtual CISO?

  A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons.  Continue Reading

• How can CISOs get past security vendor hype and make smart purchases?

  Security vendor hype is a problem CISOs often have to deal with. Expert Mike O. Villegas discusses some ways to cut through the hype and make smart purchasing decisions.  Continue Reading

• Who should be on an enterprise cybersecurity advisory board?

  What qualifications does a cybersecurity advisory board member need to best serve enterprises? Expert Mike O. Villegas outlines the most helpful backgrounds for board members.  Continue Reading

• What caused the ClixSense privacy breach that exposed user data?

  A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held accountable for their security practices.  Continue Reading

• How did iOS 10 security checks open brute force risk on local backups?

  A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks led to this vulnerability.  Continue Reading

• HTTP public key pinning: Is the Firefox browser insecure without it?

  HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael Cobb explains how HPKP works.  Continue Reading

• How did a Signal app bug let attackers alter encrypted attachments?

  The Signal app, used for end-to-end encrypted mobile messaging, contained a bug that allowed data to be added to attachments. Expert Michael Cobb explains the flaw.  Continue Reading

• How does Overseer spyware work on infected Android apps?

  Spyware was found on infected Android apps, which were meant to convey embassy information and news, in the Google Play Store. Expert Michael Cobb explains how the spyware works.  Continue Reading

• What are the best anti-network reconnaissance tools for Linux systems?

  Anti-network reconnaissance tools can prevent attackers from getting access to system information. Expert Judith Myerson goes over the best enterprise options.  Continue Reading

• How does DNSChanger take advantage of WebRTC protocols?

  WebRTC protocols are being targeted by a new version of the DNSChanger exploit kit. Judith Myerson explains how these attacks work and what enterprises should know.  Continue Reading

• Are free VPN clients secure enough for enterprise users?

  There are many free VPN clients on the market, but are they secure enough for enterprise users? Expert Judith Myerson looks at the pros and cons of ad-supported VPNs.  Continue Reading

• Which encryption tools can secure data on IoT devices?

  Protecting the data that moves through the internet of things can be a challenge for enterprises. Expert Judith Myerson offers several encryption tools for the task.  Continue Reading

• How does a Netgear vulnerability enable command injection attacks?

  A Netgear vulnerability exposed a number of wireless router models to command injection attacks. Expert Judith Myerson explains how the attack works and how to stop it.  Continue Reading

• How can enterprises fix the NTP daemon vulnerability to DoS attacks?

  A recently patched NTP daemon vulnerability has put enterprises at risk. Expert Matthew Pascucci explains the vulnerability and how organizations can defend against it.  Continue Reading

• How does Stampado ransomware spread to external drives?

  The Stampado ransomware is a low-cost threat to networks and external drives. Expert Matthew Pascucci explains how Stampado works and how enterprises should handle it.  Continue Reading

• How serious are the flaws in St. Jude Medical's IoT medical devices?

  MedSec and Muddy Waters Capital revealed serious flaws in IoT medical devices manufactured by St. Jude Medical. Expert Nick Lewis explains the severity of these vulnerabilities.  Continue Reading

• How does RIPPER ATM malware use malicious EMV chips?

  RIPPER malware has been found responsible for the theft of $378,000 from ATMs in Thailand. Expert Nick Lewis explains how this ATM malware works.  Continue Reading

• How do facial recognition systems get bypassed by attackers?

  Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what can be done to prevent them.  Continue Reading

• How does USBee turn USB storage devices into covert channels?

  USB storage devices can be turned into covert channels with a software tool called USBee. Expert Nick Lewis explains how to protect your enterprise data from this attack.  Continue Reading

• How do man-in-the-middle attacks on PIN pads expose credit card data?

  Passive man-in-the-middle attacks on PIN pads can lead to attackers stealing credit card details. Expert Nick Lewis explains how companies can mitigate these attacks.  Continue Reading

• What effect does FITARA have on U.S. government cybersecurity?

  FITARA became a law in 2014, but government cybersecurity continues to struggle. Expert Mike O. Villegas discusses the effects of the law.  Continue Reading

• Are bug bounty programs secure enough for enterprise use?

  The use of bug bounty programs in enterprises is growing, but they aren't risk free. Expert Mike O. Villegas discusses some concerns related to bug bounties.  Continue Reading

• What are the potential pros and cons of a Cyber National Guard?

  A congressman proposed adding a Cyber National Guard to the military to protect the U.S. from cyber adversaries. Expert Mike O. Villegas examines the potential drawbacks of this branch.  Continue Reading

• Are investigations crucial to data breach protection?

  SWIFT banking has a team dedicated to data breach investigations. Expert Mike O. Villegas discusses why this is necessary and whether other organizations should follow suit.  Continue Reading

• How are hackers using Twitter as C&C servers for malware?

  C&C servers have been replaced with Twitter accounts, which spread the Android Trojan Twitoor to user devices. Expert Michael Cobb explains how to stop this attack.  Continue Reading

• How can two-factor authentication systems be used effectively?

  Two-factor authentication systems require more than using codes sent through SMS and smart cards. Expert Michael Cobb explains how to properly and effectively implement 2FA.  Continue Reading

• How does a Linux vulnerability allow attacks on TCP communications?

  A Linux vulnerability that affects 80% of Android devices allows for attacks on TCP communications and remote code execution. Expert Michael Cobb explains how to mitigate these risks.  Continue Reading

• How can PGP short key IDs be protected from collision attacks?

  A well-known PGP short key ID flaw has been discovered to be the cause of collision attacks on Linux developers. Expert Michael Cobb explains the flaw with short key IDs.  Continue Reading

• What new NIST password recommendations should enterprises adopt?

  NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note.  Continue Reading

• How does Microsoft's NetCease perform anti-network reconnaissance?

  Microsoft security researchers recently introduced a new tool called NetCease that prevents network reconnaissance. Expert Judith Myerson explains how the tool can stop attackers.  Continue Reading

• Do DMZ networks still provide security benefits for enterprises?

  DMZ networks were once widely used by enterprises, but are they still common today? Expert Judith Myerson explains why DMZs may be a good security option for some organizations.  Continue Reading

• How to prevent DoS attacks in the enterprise

  It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares pointers on how to prevent DoS attacks.  Continue Reading

• How does the BlackNurse attack overwhelm firewalls?

  A new attack called "BlackNurse" can disrupt firewalls with a small amount of ICMP packets. Expert Judith Myerson explains how it works and why it's a security issue for enterprises.  Continue Reading

• Can security employee tenure be improved by CISOs?

  Security employee tenure is shorter than in most industries. Expert Mike O. Villegas outlines five budget-friendly steps CISOs can take to help lengthen it.  Continue Reading

• Should one cybersecurity mistake mean the end of a CEO's career?

  In one case, a tenured CEO made one cybersecurity mistake and was fired. Expert Mike O. Villegas discusses whether this sets a precedence for enterprises going forward.  Continue Reading

• Should CISOs share the responsibility for a cybersecurity incident?

  CISOs usually take the brunt of the blame when a cybersecurity incident occurs, but should they? Expert Mike O. Villegas details ways CISOs can share the responsibility.  Continue Reading

• What are the pros and cons of the different types of CISOs?

  There can often be two types of CISOs: the builder and the stabilizer. Expert Mike O. Villegas discusses the pros and cons of each type and the roles they play.  Continue Reading

• How does the SFG malware dropper evade antimalware programs?

  The SFG malware dropper can bypass antimalware programs and exploit two patched vulnerabilities. Expert Nick Lewis explains how to these attacks work and how to stop them.  Continue Reading

• The Darkleech campaign: What changes should enterprises be aware of?

  Darkleech campaigns have taken a new form and have now stopped using obfuscated script. Expert Nick Lewis explains the changes in Darkleech operations to watch for.  Continue Reading

• How did Ammyy Admin software get repeatedly abused by malware?

  The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how enterprises should protect themselves.  Continue Reading

• Is a GRE tunnel or IPsec tunnel more secure for enterprise use?

  The difference between a GRE tunnel and an IPsec tunnel is a commonly discussed topic, but which is more secure? Expert Matthew Pascucci explains which is better for enterprises.  Continue Reading

• Keydnap malware: How does it steal Mac passwords?

  The Keydnap malware has the ability to steal passwords stored in the Keychain Access app on Mac systems. Expert Nick Lewis explains how to mitigate this issue.  Continue Reading

• CryptXXX: How does this ransomware spread through legitimate websites?

  The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how this happens with WordPress.  Continue Reading

• How does the CLDAP protocol DDoS amplification attack work?

  DDoS amplification attacks that use the CLDAP protocol are a new threat to enterprises. Expert Matthew Pascucci explains how they work and how enterprises can protect themselves.  Continue Reading

• What should happen after an employee clicks on a malicious link?

  The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack.  Continue Reading

• How do the Linux kernel memory protection features on Android work?

  Google has added Linux kernel memory protection and other security measures to the Android OS. Expert Michael Cobb explains how these features work to protect devices.  Continue Reading

• How does the HummingBad malware enable click fraud?

  The HummingBad malware has infected 10 million mobile devices worldwide. Expert Michael Cobb explains how this exploit enables click fraud and other risks for users.  Continue Reading

• How did a full access OAuth token get issued to the Pokémon GO app?

  A full account access OAuth token was mistakenly issued to the Pokémon GO mobile game by Google. Expert Michael Cobb explains the security risks and if this can happen with other apps.  Continue Reading

• Is Barclays' phone banking biometric authentication system secure?

  Barclays now uses a biometric authentication system for phone banking customers, where 'voice prints' can replace passwords. Expert Michael Cobb explains the security risks.  Continue Reading

• Bug bounties: How does Apple's program compare to others?

  Apple has started to offer bug bounties to researchers who find vulnerabilities in iOS. Expert Michael Cobb compares Apple's program to that of other companies.  Continue Reading

• How should HIPAA covered entities respond to healthcare ransomware?

  The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. Expert Mike Chapple discusses.  Continue Reading

• Should healthcare organizations follow the NIST guidelines for HIPAA?

  HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple explains.  Continue Reading

• Is a no-SMS 2FA policy a good idea for enterprises?

  Now that NIST has deprecated the use of SMS 2FA, should nongovernment organizations follow suit? Expert Mike Chapple discusses the risks of SMS-based 2FA to enterprises.  Continue Reading

• Are cybersecurity conferences valuable to CISOs?

  Cybersecurity conferences are highly attended events, but are they valuable to CISOs in particular? Expert Mike O. Villegas discusses how CISOs can get the most out of them.  Continue Reading

• How should CISOs handle security patching with IT administrators?

  What role does the CISO play when it comes to security patching? Expert Mike O. Villegas discusses the best way to share patch management responsibilities.  Continue Reading

• Is it possible to get a new CISO position after being fired?

  CISO turnover is common after a security incident, but it's not the end of a career in security. Expert Mike O. Villegas discusses how to increase the odds of finding a new CISO position.  Continue Reading

• What CISO certifications are the most important to have?

  There are multitudes of cybersecurity certifications, but which are the best CISO certifications? Expert Mike O. Villegas discusses the most effective combination of credentials.  Continue Reading

• How can users protect mobile devices from SandJacking attacks?

  Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack.  Continue Reading

• How is Windows BITS used to redownload malware after its removal?

  Malicious Windows BITS tasks set up by attackers can reinfect systems even after the malware has been removed. Expert Nick Lewis explains how to locate and remove these tasks.  Continue Reading

• Can ZCryptor ransomware be stopped by upgrading to Windows 10?

  ZCryptor ransomware can self-replicate through autorun files placed on removable storage devices. Expert Nick Lewis explains how your enterprise can mitigate this risk.  Continue Reading

• How does Locky ransomware get distributed by the Necurs botnet?

  The Necurs botnet has been distributing a new variant of Locky ransomware. Expert Nick Lewis explains how to prevent and detect Locky infections in your enterprise.  Continue Reading

• How can IoMT devices be protected from the Conficker worm?

  IoT medical devices are being targeted by the Conficker worm and other older malware in order to steal patient data. Expert Nick Lewis explains how to protect these IoMT devices.  Continue Reading

• How does the Safeguards Rule pertain to SEC cybersecurity regulations?

  The SEC claimed Morgan Stanley violated the Safeguards Rule, but what does that mean? Expert Mike Chapple discusses the federal regulation and what happened with Morgan Stanley.  Continue Reading

• Is destroying a decryption key a strong enough security practice?

  Destroying a decryption key isn't the same as destroying the data, but which method is more secure? Expert Mike Chapple explains the best way to combat a future encryption flaw.  Continue Reading

• How does the Federal Privacy Council affect government security?

  Established as part of an executive order by President Obama, the Federal Privacy Council plays a role in government cybersecurity. Expert Mike Chapple discusses what that means.  Continue Reading

• How does auto-rooting malware LevelDropper gain device root access?

  Auto-rooting app LevelDropper has the ability to silently root devices and gain system level privileges. Expert Michael Cobb explains how to detect and stop it.  Continue Reading

• Asset tracking: What products and services can trace device location?

  IT asset tracking can be used to ensure devices stay in a precise location, or to trace missing devices. Expert Michael Cobb covers the most popular products and services.  Continue Reading

• Why have macro malware authors moved toward using OLE technology?

  Threat actors are moving from macro malware to using OLE technology to spread their malicious code. Expert Michael Cobb explains what enterprises should look out for.  Continue Reading

• Can an HTML5 document with a digital signature be authenticated?

  A digital signature on an HTML5 document cannot be authenticated the same way a PDF can. Expert Michael Cobb explains how enterprises should address this issue.  Continue Reading

• Patching and updating applications: How much time should be spent?

  A survey found that half of its respondents perform application updates daily. Expert Michael Cobb explains how to allocate appropriate time on different security controls.  Continue Reading

• Which are the best cybersecurity certifications for beginners?

  There are an overwhelming number of cybersecurity certifications available, so which one should people just beginning their career start with? Expert Mike O. Villegas answers.  Continue Reading

• How can the cybersecurity skills shortage be fixed?

  With the skills shortage plaguing the industry, should enterprises put less of a focus on finding staff with cybersecurity skills? Expert Mike O. Villegas explains why not.  Continue Reading

• Is a cybersecurity expert necessary on a board of directors?

  Communicating cybersecurity issues to a board of directors can be challenging. Expert Mike O. Villegas discusses whether a cybersecurity expert on the board would ease the struggle.  Continue Reading

• Why are cybersecurity KPIs important for enterprises to determine?

  Cybersecurity KPIs are important for enterprises to determine when setting up a security program. Expert Mike O. Villegas discusses why and what a KPI for security should be.  Continue Reading

• How can an HTTPS session get hijacked with the Forbidden attack?

  An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly secure HTTPS-authenticated sites.  Continue Reading

• Irongate malware: What are the risks to industrial control systems?

  The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS and SCADA systems.  Continue Reading

• How can APT groups be stopped from exploiting a Microsoft Office flaw?

  APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks work and how to prevent them.  Continue Reading

• Rowhammer exploit: Are Microsoft Edge browser users at risk?

  The Rowhammer and memory deduplication attack enables read and write access to Microsoft Edge browsers. Expert Nick Lewis explains how to mitigate this threat.  Continue Reading

• SAP vulnerability: Why didn't the patch work correctly?

  An old SAP vulnerability that enabled remote administrative access was found to be ineffectually patched. Expert Nick Lewis explains how enterprises can secure their systems.  Continue Reading

• How would a cyberattack information database affect companies?

  A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach information means for U.S. companies.  Continue Reading

• What are the new CFTC regulations on cybersecurity testing?

  The proposed CFTC regulations on cybersecurity testing are set to finalize in 2016. Expert Mike Chapple discusses the effects these regulations have on IT-reliant trading firms.  Continue Reading

• Will Apple become a HIPAA covered entity or business associate?

  Whether Apple is a HIPAA covered entity was called into question when it advertised for a health regulations lawyer. Expert Mike Chapple discusses Apple's relationship with HIPAA.  Continue Reading

• Internal PKI: What are the benefits of enterprises moving it in-house?

  Many large enterprises have their own internal public key infrastructure. Expert Michael Cobb explains the considerations organizations should make before undertaking the task.  Continue Reading

• How can privileged access accounts be managed in large companies?

  Network administrators typically resist policies for separate accounts when performing different tasks. Expert Michael Cobb explains the risk of privileged access.  Continue Reading

• How are weak passwords banned with Microsoft's Smart Password Lockout?

  Microsoft is banning weak passwords on many of its services with the Smart Password Lockout feature. Expert Michael Cobb explains how it works, and if it will be beneficial.  Continue Reading

• How did a malicious app slip past Google Play app store security?

  A malicious app called Black Jack Free was able to bypass Google Play's app store security. Expert Michael Cobb explains the threat and how enterprises should defend themselves.  Continue Reading

• How does SandJacking let attackers load malware on iOS devices?

  SandJacking, a new iOS attack technique, uses an XCode certificate flaw to load malicious apps onto devices. Expert Michael Cobb explains how the attack works.  Continue Reading

• Is open source security software too much of a risk for enterprises?

  Before using open source security software, enterprises should consider the security risks. Expert Mike O. Villegas discusses what to do before using open source software.  Continue Reading

• How can security automation tools keep organizations protected?

  Sometimes security teams fall into 'set and forget' habits with security automation. Expert Mike O. Villegas explains how to take advantage of automation while staying secure.  Continue Reading

• Is settling a data breach lawsuit the best option for enterprises?

  In the unfortunate event of a data breach lawsuit, it's often better to settle before the case reaches court. Expert Mike O. Villegas explains why and how CISOs can help.  Continue Reading

• Are new cybersecurity products the best investment for enterprises?

  Having the latest cybersecurity products isn't always the best way to approach security. Expert Mike O. Villegas explains why and how to deal with pressure to buy new.  Continue Reading

• Are Conficker malware infections of ICS or SCADA systems a threat?

  Conficker malware was found in a German nuclear power plant computer system. Expert Nick Lewis explains the possible impact of malware infections of ICS and SCADA systems.  Continue Reading

• How does the OneSoftPerDay adware hide from antimalware systems?

  OneSoftPerDay, an adware program can install backdoors on PCs, is able to avoid detection from antimalware tools. Expert Nick Lewis explains how to mitigate its effects.  Continue Reading

• How is Windows hot patching exploited by APT groups?

  The hot-patching feature in Windows servers is vulnerable to attacks from APT groups. Expert Nick Lewis explains what hot patching is and how to mitigate its flaw.  Continue Reading

• Closure of OSVDB: What impact does it have on open source security?

  The OSVDB closed down after 10 years due to lack of support from the open source community. Expert Nick Lewis explains the possible effects on the security industry.  Continue Reading

• How is Windows AppLocker whitelisting bypassed by Regsvr32?

  Windows AppLocker whitelisting was discovered to be exploitable with command-line tool Regsvr32. Expert Nick Lewis explains how organizations can mitigate possible attacks.  Continue Reading