Ask the Experts

Ask the Experts

• How did an old, unpatched Firefox bug expose master passwords?

  A Firefox bug went undetected for nine years. Expert Michael Cobb explains how it enabled attackers to access the browser's master password and what's being done to mitigate it.  Continue Reading

• Microsoft CredSSP: How was it exploited by CVE-2018-0886?

  The CVE-2018-0886 vulnerability found within Microsoft's CredSSP was recently patched. Discover what this vulnerability is and how it affects the CredSSP protocol with Judith Myerson.  Continue Reading

• How can a text editor plug-in enable privilege escalation?

  Developers use text editors to enhance efficiency in the workplace even though they require vulnerable third-party plug-ins. Discover these vulnerabilities with Judith Myerson.  Continue Reading

• How are air-gapped computers put at risk by the Mosquito attack?

  Researchers recently discovered Mosquito -- an air-gapped attack that bites computers to put air-gapped networks at risk. Discover the logistics of this technique with Judith Myerson.  Continue Reading

• How can a hardcoded password vulnerability affect Cisco PCP?

  Cisco patched a hardcoded password vulnerability found in their PCP software. Learn how the software works and how attackers can exploit this vulnerability with Judith Myerson.  Continue Reading

• How did the Panera Bread website expose customers?

  Panera Bread website users were put at risk after a security researcher discovered a vulnerability relating to a lack of authentication for their publicly available API endpoint.  Continue Reading

• How does UBoatRAT use Google services and GitHub to spread?

  A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can protect enterprises with Nick Lewis.  Continue Reading

• Golden SAML: How can it abuse SAML authentication protocol?

  CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about the attack with Nick Lewis.  Continue Reading

• Scarab ransomware: How do botnets alter ransomware threats?

  The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect data with Nick Lewis.  Continue Reading

• Fake WhatsApp app: How can counterfeit apps be avoided?

  After a fake WhatsApp app was discovered in the Google Play Store, users are questioning what can be done to avoid counterfeit apps. Learn several techniques with Nick Lewis.  Continue Reading

• AVGater vulnerability: How are antivirus products impacted?

  A security researcher recently discovered a new vulnerability -- the AVGater vulnerability -- that puts antivirus products at risk. Discover how this vulnerability works with Nick Lewis.  Continue Reading

• How can domain generation algorithms be used to bypass ad blockers?

  An ad network used domain generation algorithms to bypass ad blockers and launch cryptomining malware. Expert Michael Cobb explains how and the best way to prevent these attacks.  Continue Reading

• How does a SAML vulnerability affect single sign-on systems?

  Researchers at Duo Security discovered a SAML vulnerability that enabled attackers to dupe single sign-on systems. Expert Michael Cobb explains how the exploit works.  Continue Reading

• How did cryptomining malware exploit a Telegram vulnerability?

  Hackers were able to exploit a Telegram vulnerability to launch cryptomining malware. Expert Michael Cobb explains how they were able to do so and how to prevent similar attacks.  Continue Reading

• What risks do untrusted certificates pose to enterprises?

  Researchers found that untrusted certificates are still used on many major websites. Expert Michael Cobb discusses the security risks of sticking with these certificates.  Continue Reading