Problem solve

Problem solve

Get help with specific problems with your technologies, process and projects.

• HTTPS interception gets a bad rap; now what?

  Should products intercept Transport Layer Security connections to gain visibility into network traffic? A new study by researchers and U.S.-CERT warn against it. Continue Reading

• How NotPetya ransomware used legitimate tools to move laterally

  WannaCry and NotPetya ransomware woke enterprises up to an expanded threat landscape. Expert Michael Cobb explains these threats and what enterprises can do to stop them. Continue Reading

• How to detect and defend against a TCP port 445 exploit

  The WannaCry TCP port 445 exploit returned the spotlight to Microsoft's long-abused networking port. Network security expert Kevin Beaver explains how to detect and defend such attacks. Continue Reading

• ATMitch malware: Can fileless ATM malware be stopped?

  How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it spreads. Continue Reading

• DoubleAgent malware could turn antivirus tools into attack vector

  DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains how to contain the threat. Continue Reading

• How does the MajikPOS malware evade detection?

  A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how to defend against it.Continue Reading

• Why is the patched Apache Struts vulnerability still being exploited?

  An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform still carries risk for users.Continue Reading

• Stopping EternalBlue: Can the next Windows 10 update help?

  The upcoming Windows update, Redstone 3, will patch the vulnerability that enables EternalBlue exploits. Expert Judith Myerson discusses protection methods to use until the update.Continue Reading

• How does CrashOverride malware threaten industrial control systems?

  CrashOverride malware targets industrial control systems and can wreak havoc. Expert Judith Myerson explains the capabilities of the malware and what to do to stop it.Continue Reading

• Common web application login security weaknesses and how to fix them

  Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them.Continue Reading

• Is upgrading to SNMP v3 enough to secure network devices?

  Using SNMP v3 is a good first step, but it's not enough to prevent attackers from accessing a network through an SNMP-enabled device. Expert Judith Myerson explains what else to do.Continue Reading

• What is the best way to secure telematics information?

  SMS authentication is often used to secure telematics information, but it may not be strong enough. Expert Judith Myerson discusses why, and how to improve the protection of this data.Continue Reading

• How can VMware vulnerabilities in vSphere expose credentials?

  Two VMware vulnerabilities in vSphere Data Protection were recently patched. Expert Judith Myerson explains how the flaws work and how to defend against them.Continue Reading

• How did sensitive data from file-sharing website Docs.com get leaked?

  Many users of the file-sharing website Docs.com were unaware that the sensitive data they uploaded was searchable. Expert Michael Cobb explains how this data leak happened.Continue Reading

• Libpurple flaw: How does it affect connected IM clients?

  The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains how the flaw works.Continue Reading