Problem solve

Problem solve

Get help with specific problems with your technologies, process and projects.

• The top 3 email security threats and how to defuse them

  Understanding the nature of the top 3 email security threats -- malware, phishing and spoofed domains -- can help reduce their impact. Continue Reading

• A look at security threats to critical infrastructure

  Threats to critical infrastructure, like Operation Sharpshooter, should motivate CI sectors to take cybersecurity seriously. Learn about the threats and how to defend against them. Continue Reading

• How important is security awareness training for executives?

  Corporate executives are prime targets for spies and hackers, and that is why security awareness training for executives is so important. Continue Reading

• What are the most important security awareness training topics?

  Organizations looking to heighten security awareness among employees need to cover a wide variety of security awareness training topics, but social engineering tops the list. Continue Reading

• DHS-led agency works to visualize, share cyber-risk information

  A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain. Continue Reading

• What is a password spraying attack and how does it work?

  Password spraying isn't a sophisticated attack, but don't discount the attackers if you detect one. Find out how this brute-force technique works and how to defend against it.Continue Reading

• HPE takes aim at STEM and cybersecurity education, awareness

  HPE CISO Liz Joyce worked with the Girl Scouts on an educational cybersecurity game for girls and ensures HPE's Women in Cybersecurity encourages more women to join the industry.Continue Reading

• New game provides cybersecurity education for Girl Scouts

  A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game.Continue Reading

• How to secure network devices in a hostile world

  Find out how to secure network devices by locking down the biggest, riskiest holes to protect them from exploits long before some or all of the network crashes.Continue Reading

• Protect your enterprise against shadow IT in the cloud

  More technologies than ever are available to people now that the cloud is so pervasive, and, as a result, shadow IT has become a problem. Expert Michael Cobb explains what to do.Continue Reading

• What is post-quantum cryptography and should we care?

  Post-quantum cryptographic algorithms are aimed at securing encrypted data against super-powerful computers in the future, but will they even be necessary? Hanno Böck explains.Continue Reading

• How concerned should I be about a padding oracle attack?

  Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks.Continue Reading

• 8 ways to protect building management systems

  Security threats to building management systems can come from numerous sources. Expert Ernie Hayden outlines these potential threats and how to protect against them.Continue Reading

• How automated patch management using SOAR can slash risk

  Learn how to use security orchestration, automation and response, also known as SOAR, to ease the hassle of mundane tasks related to patch management.Continue Reading

• Find out whether secure email really protects user data in transit

  Outside of user perceptions, how safe is secure email in terms of protecting users' data in transit? Our expert explains how much the SSL and TLS protocols can protect email.Continue Reading

• 5 common web application vulnerabilities and how to avoid them

  Common web application vulnerabilities continue to confound enterprises. Here's how to defend against them and stop enabling exploits.Continue Reading

• How do I stop the screaming channel wireless threat?

  A screaming channel attack is a new wireless threat making networks -- particularly those with IoT components -- vulnerable. Are there any safeguards to prevent these attacks?Continue Reading

• Why do DDoS attack patterns rise in the autumn?

  DDoS attack patterns indicate a sharp escalation in the fall. Why does that occur and what can be done to guard against these attacks?Continue Reading

• Container security awareness, planning required as threats persist

  As container security vulnerabilities continue to emerge, companies should plan ahead and have strategies ready to defend against looming segmentation failures.Continue Reading

• Nine email security features to help prevent phishing attacks

  Check out nine email security features that can help protect you from phishing attacks. First, make sure they're enabled on your email system configuration, and if not, start your wish list.Continue Reading

• Should I worry about the Constrained Application Protocol?

  The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack.Continue Reading

• How can I protect my self-encrypting drives?

  Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on vulnerable solid-state drives?Continue Reading

• How does a WordPress SEO malware injection work and how can enterprises prevent it?

  Security expert Nick Lewis explains how to prevent WordPress SEO malware injection attacks that rank the attacker's search engine results higher than legitimate webpages.Continue Reading

• What new technique does the Osiris banking Trojan use?

  A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it poses with Nick Lewis.Continue Reading

• How does the iPhone phishing scam work?

  An iPhone phishing scam leads users to believe malicious incoming calls are from Apple Support. How can enterprises protect their employee against this threat?Continue Reading

• How do I stop the Vidar malvertising attack?

  The Vidar malvertising attack was part of a two-pronged intrusion that included the installation of ransomware in endpoints. How can enterprises protect themselves?Continue Reading

• How can credential stuffing attacks be detected?

  Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively manage the threat.Continue Reading

• How did the Dirty COW exploit get shipped in software?

  An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what this vulnerability can do.Continue Reading

• Should large enterprises add dark web monitoring to their security policies?

  Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find.Continue Reading

• How did the Python supply chain attack occur?

  A Python supply chain attack made it possible for an attacker to steal cryptocurrency. What steps should be taken to prevent incidents like this?Continue Reading

• Is there a viable breach notification tool?

  A breach notification tool from Firefox Monitor and Have I Been Pwned could help consumers understand more quickly if their email or other vital information has been hacked.Continue Reading

• More Ghostscript vulnerabilities, more PostScript problems

  Researchers keep finding PostScript interpreter bugs. Find out how a new Ghostscript vulnerability enables remote code execution against web services and Linux desktop users.Continue Reading

• CISO tackles banking cybersecurity and changing roles

  Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations.Continue Reading

• Cyber NYC initiative strives to make New York a cybersecurity hub

  New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation.Continue Reading

• RSAC's diversity and inclusion initiative stresses equality on keynote stage

  RSA Conference curator Sandra Toms hopes a new diversity and inclusion initiative will facilitate change in the cybersecurity industry, starting with the upcoming 2019 conference.Continue Reading

• Steps to improve an application environment and fix flaws

  Eliminating application security flaws from an enterprise's server can be a complex task. Learn steps to take in order to improve application security with expert Kevin Beaver.Continue Reading

• How a Windows antimalware tool helps endpoint security

  The Windows Defender Antivirus program was updated to include sandbox network security. Learn why this is so important and why security professionals have been asking for it.Continue Reading

• How does cross-site tracking increase security risks?

  Mozilla's Firefox 63 automatically blocks tracking cookies and other site data from cross-site tracking. Learn what this is and what the benefits of blocking it are with Nick Lewis.Continue Reading

• How to defend against malicious IP addresses in the cloud

  Cybercriminals have found a way to use the cloud to mask their locations. Expert Rob Shapland looks at the options organizations have to deal with malicious IP addresses.Continue Reading

• Ping of death: What is it and how is Apple affected?

  An Apple vulnerability recently resurfaced and is targeting Apple devices that are connected to public hotspots. Discover what this vulnerability is and how to protect your devices.Continue Reading

• How is SamSam ransomware using a manual attack process?

  Sophos researchers believe the SamSam ransomware campaign could be the work of one or a few threat actors using manual techniques. Learn how it works and if recovery is possible.Continue Reading

• How to ensure your enterprise doesn't have compromised hardware

  Enterprise protections are crucial in order to guarantee the safety of your hardware. Discover best practices to guard your enterprise's hardware with Nick Lewis.Continue Reading

• How does the new Dharma Ransomware variant work?

  Brrr ransomware, a Dharma variant, was found adding malicious extensions to encrypted files. Discover how this is possible and how this attack can be mitigated with Judith Myerson.Continue Reading

• Why U.S. election security needs an immediate overhaul

  There's no evidence that threat actors have been able to manipulate or change vote counts in our elections, but Kevin McDonald says that doesn't mean it can't -- or won't -- happen.Continue Reading

• How bring-your-own-land attacks are challenging enterprises

  FireEye researchers developed a new technique called bring your own land, which involves attackers creating their own tools. Discover more about how this works with Nick Lewis.Continue Reading

• How were attackers able to bypass 2FA in a Reddit breach?

  Reddit announced a breach after users were socially engineered and attackers bypassed 2FA protocols. Discover how this attack was possible and how sites can avoid falling victim.Continue Reading

• Can a D-Link router vulnerability threaten bank customers?

  A D-Link router vulnerability was used to send banking users to a fake site in order to steal their information. Learn more about this vulnerability with expert Judith Myerson.Continue Reading

• How does a Bluetooth vulnerability enable validation attacks?

  Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how it works and can be mitigated.Continue Reading

• How does signed software help mitigate malware?

  Okta researchers found a bypass that allows macOS malware to pose as signed Apple files. Discover how this is possible and how to mitigate this attack.Continue Reading

• How does new MacOS malware target users through chat?

  New malware targets cryptocurrency investors through MacOS and chat platforms were recently discovered. Learn how OSX.Dummy malware works and what users can do to spot the attack.Continue Reading

• Why entropy sources should be added to mobile application vetting

  NIST's 'Vetting the Security of Mobile Applications' draft discusses four key areas of general requirements. Learn how further improvements to the vetting process could be made.Continue Reading

• How can U2F authentication end phishing attacks?

  By requiring employees to use U2F authentication and physical security keys, Google eliminated phishing attacks. Learn how the combination works from expert Michael Cobb.Continue Reading

• How was Kea DHCP v1.4.0 affected by a security advisory?

  Kea, an open source DHCP server, was issued a medium security advisory for a flaw that causes memory leakage in version 1.4.0. Discover the workarounds with Judith Myerson.Continue Reading

• Guide to identifying and preventing OSI model security risks: Layers 4 to 7

  Each layer of the Open Systems Interconnection presents unique vulnerabilities that could move to other layers if not properly monitored. Here's how to establish risk mitigation strategies for OSI layer security in Layers 4 through 7.Continue Reading

• Siemens Siclock: How do threat actors exploit these devices?

  Siemens disclosed six Siclock flaws that were found within its central plant clocks. Discover why three flaws have been rated critical and how threat actors can exploit devices.Continue Reading

• How do newly found flaws affect robot controllers?

  Several vulnerabilities were found in controllers made by Universal Robots. Discover what these controllers are used for and how threat actors can exploit these vulnerabilities.Continue Reading

• Removable storage devices: Why are companies banning them?

  IBM banned removable storage devices to encourage employees to use the company's internal file-sharing system. Learn how a ban like this can improve enterprise security.Continue Reading

• How can companies implement ITSM compliance standards?

  In this Ask the Expert, IT governance expert Jeffrey Ritter discusses his formula to successfully align new technology with ITSM compliance standards -- all while minimizing risk.Continue Reading

• How do hackers use legitimate admin tools to compromise networks?

  Hackers use legitimate admin tools to exfiltrate data in living off the land attacks that are hard to detect. Learn about this cyberattack tactic from expert Michael Cobb.Continue Reading

• How does FacexWorm malware use Facebook Messenger to spread?

  Researchers at Trend Micro found a new strain of malware -- dubbed FacexWorm -- that targets users via a malicious Chrome extension. Discover how this attack works with Nick Lewis.Continue Reading

• How is Android Accessibility Service affected by a banking Trojan?

  ThreatFabric researchers uncovered MysteryBot, Android malware that uses overlay attacks to avoid detection. Learn how this malware affects Google's Android Accessibility Service.Continue Reading

• How does MassMiner malware infect systems across the web?

  Researchers from AlienVault found a new cryptocurrency mining malware -- dubbed MassMiner -- that infects systems across the web. Learn how this malware operates with Nick Lewis.Continue Reading

• Teramind CTO talks insider threat prevention, employee monitoring

  A fear of insider threats on Wall Street led one software engineer to start his own security company.Continue Reading

• Why communication is critical for web security management

  Conveying the importance of web security to management can be difficult for many security professionals. Kevin Beaver explains how to best communicate with the enterprise.Continue Reading

• Can monitoring help defend against Sanny malware update?

  Changes to the Sanny malware were recently discovered by FireEye researchers. Learn who is at risk and how elevated privileges can help protect you with Nick Lewis.Continue Reading

• How can attackers exploit a buffer underflow vulnerability?

  A buffer underflow was found to be caused by a vulnerability in strongSwan's open source VPN. Learn how this is possible and how attackers can exploit it with Judith Myerson.Continue Reading

• Understanding the risk SQL injection vulnerabilities pose

  SQL injection vulnerabilities put a system at risk and are often unknown to users. Discover how this web vulnerability works and how to prevent it with expert Kevin Beaver.Continue Reading

• How does Telegram malware bypass end-to-end encryption?

  A Telegram malware called Telegrab targets Telegram's desktop instant messaging service to collect and exfiltrate cache data. Expert Michael Cobb explains how Telegrab works.Continue Reading

• What issues can arise from hardware debug exception flaws?

  Misinterpretation of Intel's System Programming Guide resulted in a hardware debug exception vulnerability. Expert Michael Cobb explains how attackers can gain unauthorized access.Continue Reading

• How does the Android Rowhammer exploit affect users?

  Android Rowhammer is a hardware weakness in older devices that puts users at risk of remote exploits. Expert Michael Cobb explains why it's important to upgrade to newer devices.Continue Reading

• How does a WDC vulnerability put hardcoded passwords at risk?

  Several vulnerabilities were found in Western Digital's My Cloud, including one that affects the default hardcoded password. Learn how to avoid such risks with expert Nick Lewis.Continue Reading

• How insider fraud can be detected and avoided in the enterprise

  IT sabotage and insider threats can put an organization at great risk. Guest expert Peter Sullivan details preventative measures to take and employee training techniques.Continue Reading

• ATM jackpotting: How does the Ploutus.D malware work?

  Ploutus.D malware recently started popping up in the U.S. after several ATM jackpotting attacks. Discover how this is possible and what banks can do to prevent this with Nick Lewis.Continue Reading

• How to monitor and detect a cloud API vulnerability

  A REST API vulnerability in Salesforce's Marketing Cloud service put users at risk of data disclosure. Learn how to detect cloud API vulnerabilities from expert Rob Shapland.Continue Reading

• What risks does the OpenFlow protocol vulnerability present?

  Researchers found a vulnerability in OpenFlow that can cause problems. Learn how vendor-specific SDN controllers may cause these OpenFlow protocol vulnerabilities.Continue Reading

• Four new Mac malware strains exposed by Malwarebytes

  Mac platforms are at risk after Malwarebytes discovered four new Mac malware strains. Learn how to protect your enterprise and how to mitigate these attacks with expert Nick Lewis.Continue Reading

• Microsoft's NTFS flaw: What are the potential consequences?

  A security researcher exposed an NTFS flaw that Microsoft deliberately hasn't patched. Expert Michael Cobb explains how the bug works and why it isn't being treated as severe.Continue Reading

• Women in cybersecurity: How to make conferences more diverse

  The lack of women speaking at security conferences might be representative of the low number of women in cybersecurity, but efforts are finally being made to close the gender gap.Continue Reading

• How does SirenJack put emergency warning systems at risk?

  Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. Judith Myerson explains how it works.Continue Reading

• How is Apple iOS 11 affected by a QR code vulnerability?

  A QR code vulnerability was recently discovered in the Apple iOS 11 camera app. Learn how an attacker could exploit it and how to avoid the issue with Judith Myerson.Continue Reading

• Digimine bot: How does social media influence cryptojacking?

  Facebook Messenger is being used to reach more victims with a cryptojacking bot that Trend Micro researchers named Digimine. Learn how this bot works with expert Nick Lewis.Continue Reading

• Android vulnerability: How can users mitigate Janus malware?

  The Janus vulnerability was found injecting malicious code into reputable Android apps. Once injected, users' endpoints become infected. Learn how to prevent this with expert Nick Lewis.Continue Reading

• How did an old, unpatched Firefox bug expose master passwords?

  A Firefox bug went undetected for nine years. Expert Michael Cobb explains how it enabled attackers to access the browser's master password and what's being done to mitigate it.Continue Reading

• How studying the black hat community can help enterprises

  White hat hackers often assimilate themselves into the black hat community to track the latest threats. Discover how this behavior actually benefits the enterprise with David Geer.Continue Reading

• How can a hardcoded password vulnerability affect Cisco PCP?

  Cisco patched a hardcoded password vulnerability found in their PCP software. Learn how the software works and how attackers can exploit this vulnerability with Judith Myerson.Continue Reading

• Where machine learning for cybersecurity works best now

  Need to up your endpoint protection endgame? Learn how applying machine learning for cybersecurity aids in the fight against botnets, evasive malware and more.Continue Reading

• How did cryptomining malware exploit a Telegram vulnerability?

  Hackers were able to exploit a Telegram vulnerability to launch cryptomining malware. Expert Michael Cobb explains how they were able to do so and how to prevent similar attacks.Continue Reading

• Q&A: Why data security controls are a hard problem to solve

  Feeling less friendly after Facebook? "There is a great deal of power in being able to combine data-sources," says Jay Jacobs, security data scientist.Continue Reading

• How to prevent cloud cryptojacking attacks on your enterprise

  As the value of bitcoin has risen over the last year, so has the prevalence of cloud cryptojacking attacks. Expert Rob Shapland explains how enterprises can prevent these attacks.Continue Reading

• How does the KRACK vulnerability use encryption keys?

  The KRACK vulnerability was found in the WPA2 protocol for wireless networks and it enables attackers to crack encrypted connections. Learn how it works from Nick Lewis.Continue Reading

• Bad Rabbit ransomware: How does it compare to other variants?

  Bad Rabbit ransomware mimics other recent ransomware variants, such as NotPetya. Discover the similarities and differences between the two with expert Nick Lewis.Continue Reading

• How will the new WPA3 protocol strengthen password security?

  The development of WPA3 helps advance Wi-Fi protocol, as the next generation of Wi-Fi-enabled devices begins to demand more. Expert Michael Cobb explains how it differs from WPA2.Continue Reading

• How were Android Pixel vulnerabilities exploited?

  Android Pixel vulnerabilities could open the smartphone up to attack. Expert Michael Cobb explains the vulnerabilities and how to defend against them.Continue Reading

• How did an Electron framework flaw put Slack at risk?

  An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it.Continue Reading

• How air gap attacks challenge the notion of secure networks

  Today's cyberattacks are taking new shapes and sizes in the ever-changing tech environment. This guide explores air gap attacks, the history behind them and the latest threats facing air-gapped networks.Continue Reading

• How enterprises should handle GDPR compliance in the cloud

  GDPR compliance in the cloud can be an intimidating concept for some enterprises, but it doesn't have to be. Rob Shapland explains why it's not so different from on premises.Continue Reading

• Zero-trust model promises increased security, decreased risk

  The zero-trust model takes focused and sustained effort, but promises to improve most companies' risk posture. Learn what it takes to get the most out of zero trust.Continue Reading

• Imran Awan case shows lax security controls for IT staff

  Investigations into the conduct of the IT staff of the House of Representatives raised alarms. Kevin McDonald explains what we can learn from the case of Imran Awan.Continue Reading

• What VPN alternatives should enterprises consider using?

  VPN vulnerabilities in products from popular vendors were recently found to enable serious threats. Discover how detrimental these threats are and best alternatives to the use of VPNs.Continue Reading

• Emotet Trojan: How to defend against fileless attacks

  An increase in fileless malware, including PowerShell malware, was reported in McAfee Labs' December 2017 Threat Report. Discover how enterprises can defend again fileless attacks.Continue Reading