Problem solve

Problem solve

Get help with specific problems with your technologies, process and projects.

• How can a NULL pointer dereference flaw create a DoS attack?

  A flaw in the open source graphics library libpng enabling denial-of-service attacks was discovered. Expert Michael Cobb explains how the vulnerability works. Continue Reading

• Guide to vendor-specific IT security certifications

  The abundance of vendor-specific information technology security certifications can overwhelm any infosec professional. Expert Ed Tittel helps navigate the crowded field. Continue Reading

• Embedded malware: How OLE objects can harbor threats

  Nation-states have been carrying out attacks using RTF files with embedded malware. Expert Nick Lewis explains how OLE technology is used and how to protect your enterprise. Continue Reading

• The Apple Notify flaw: How does it allow malicious script injection?

  Flaws in the Apple Notify function and iTunes can enable attackers to inject malicious script into the application side. Expert Michael Cobb explains how these vulnerabilities work. Continue Reading

• Adobe Acrobat Chrome extension: What are the risks?

  An Adobe Acrobat extension was automatically installed onto users' Chrome browsers during an update. Expert Michael Cobb explains the problems that existed with the extension. Continue Reading

• WannaCry ransomware threat exposes enterprise security shortcomings

  Expert Rob Shapland explains how a confluence of weaknesses in enterprise security led to the WannaCry ransomware threat generating maximum devastation.Continue Reading

• Cisco WebEx extension flaw: How does the patch fall short?

  Cisco's WebEx extension flaw was patched to prevent remote code execution from all but WebEx sites. Expert Michael Cobb explains how this flaw could still introduce risk to users.Continue Reading

• How can the latest LastPass vulnerabilities be mitigated?

  More LastPass vulnerabilities were recently discovered. Expert Matthew Pascucci explains the flaws, as well as what enterprises can do to mitigate the threat they pose.Continue Reading

• Why is patching telecom infrastructures such a challenge?

  Patching telecom infrastructures presents many challenges. Expert Matthew Pascucci explains those challenges and what can be done to make sure the systems get patched anyway.Continue Reading

• Triple DES: How strong is the data encryption standard?

  Expert Jon Callas explains how strong the Triple DES symmetric encryption algorithm actually is and offers guidance on how it compares to other widely used block ciphers.Continue Reading

• Domain validation certificates: What are the security issues?

  Let's Encrypt domain validation certificates had some security issues. Expert Matthew Pascucci explains how DV certificates work and what the issues were.Continue Reading

• What MongoDB security issues are still unresolved?

  There are some MongoDB security issues that have yet to be resolved. Expert Matthew Pascucci discusses the risks and how to protect your enterprise from them.Continue Reading

• How can customer service staff spot social engineering email attacks?

  Social engineering emails targeted at customer service staff have led to the spread of the August malware. Expert Nick Lewis explains how to identify and mitigate these attacks.Continue Reading

• How SSH key management and security can be improved

  The widespread use of SSH keys is posing security risks for enterprises due to poor tracking and management. Expert Michael Cobb explains how some best practices can regain control over SSH.Continue Reading

• How does Gooligan malware compromise Google accounts?

  Android apps infected with Gooligan malware enable attackers to compromise the security of Google accounts. Expert Nick Lewis explains how users can protect themselves.Continue Reading