Get help with specific problems with your technologies, process and projects.
Get help with specific problems with your technologies, process and projects.
New game provides cybersecurity education for Girl Scouts
A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game. Continue Reading
How to secure network devices in a hostile world
Find out how to secure network devices by locking down the biggest, riskiest holes to protect them from exploits long before some or all of the network crashes. Continue Reading
Protect your enterprise against shadow IT in the cloud
More technologies than ever are available to people now that the cloud is so pervasive, and, as a result, shadow IT has become a problem. Expert Michael Cobb explains what to do. Continue Reading
What is post-quantum cryptography and should we care?
Post-quantum cryptographic algorithms are aimed at securing encrypted data against super-powerful computers in the future, but will they even be necessary? Hanno Böck explains. Continue Reading
How concerned should I be about a padding oracle attack?
Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks. Continue Reading
8 ways to protect building management systems
Security threats to building management systems can come from numerous sources. Expert Ernie Hayden outlines these potential threats and how to protect against them.Continue Reading
How automated patch management using SOAR can slash risk
Learn how to use security orchestration, automation and response, also known as SOAR, to ease the hassle of mundane tasks related to patch management.Continue Reading
Find out whether secure email really protects user data in transit
Outside of user perceptions, how safe is secure email in terms of protecting users' data in transit? Our expert explains how much the SSL and TLS protocols can protect email.Continue Reading
5 common web application vulnerabilities and how to avoid them
Common web application vulnerabilities continue to confound enterprises. Here's how to defend against them and stop enabling exploits.Continue Reading
How do I stop the screaming channel wireless threat?
A screaming channel attack is a new wireless threat making networks -- particularly those with IoT components -- vulnerable. Are there any safeguards to prevent these attacks?Continue Reading
Why do DDoS attack patterns rise in the autumn?
DDoS attack patterns indicate a sharp escalation in the fall. Why does that occur and what can be done to guard against these attacks?Continue Reading
Container security awareness, planning required as threats persist
As container security vulnerabilities continue to emerge, companies should plan ahead and have strategies ready to defend against looming segmentation failures.Continue Reading
Nine email security features to help prevent phishing attacks
Check out nine email security features that can help protect you from phishing attacks. First, make sure they're enabled on your email system configuration, and if not, start your wish list.Continue Reading
Should I worry about the Constrained Application Protocol?
The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack.Continue Reading
How can I protect my self-encrypting drives?
Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on vulnerable solid-state drives?Continue Reading
How does a WordPress SEO malware injection work and how can enterprises prevent it?
Security expert Nick Lewis explains how to prevent WordPress SEO malware injection attacks that rank the attacker's search engine results higher than legitimate webpages.Continue Reading
What new technique does the Osiris banking Trojan use?
A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it poses with Nick Lewis.Continue Reading
How does the iPhone phishing scam work?
An iPhone phishing scam leads users to believe malicious incoming calls are from Apple Support. How can enterprises protect their employee against this threat?Continue Reading
How do I stop the Vidar malvertising attack?
The Vidar malvertising attack was part of a two-pronged intrusion that included the installation of ransomware in endpoints. How can enterprises protect themselves?Continue Reading
How can credential stuffing attacks be detected?
Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively manage the threat.Continue Reading
How did the Dirty COW exploit get shipped in software?
An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what this vulnerability can do.Continue Reading
Should large enterprises add dark web monitoring to their security policies?
Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find.Continue Reading
How did the Python supply chain attack occur?
A Python supply chain attack made it possible for an attacker to steal cryptocurrency. What steps should be taken to prevent incidents like this?Continue Reading
Is there a viable breach notification tool?
A breach notification tool from Firefox Monitor and Have I Been Pwned could help consumers understand more quickly if their email or other vital information has been hacked.Continue Reading
More Ghostscript vulnerabilities, more PostScript problems
Researchers keep finding PostScript interpreter bugs. Find out how a new Ghostscript vulnerability enables remote code execution against web services and Linux desktop users.Continue Reading
CISO tackles banking cybersecurity and changing roles
Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations.Continue Reading
Cyber NYC initiative strives to make New York a cybersecurity hub
New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation.Continue Reading
RSAC's diversity and inclusion initiative stresses equality on keynote stage
RSA Conference curator Sandra Toms hopes a new diversity and inclusion initiative will facilitate change in the cybersecurity industry, starting with the upcoming 2019 conference.Continue Reading
Steps to improve an application environment and fix flaws
Eliminating application security flaws from an enterprise's server can be a complex task. Learn steps to take in order to improve application security with expert Kevin Beaver.Continue Reading
How a Windows antimalware tool helps endpoint security
The Windows Defender Antivirus program was updated to include sandbox network security. Learn why this is so important and why security professionals have been asking for it.Continue Reading
How does cross-site tracking increase security risks?
Mozilla's Firefox 63 automatically blocks tracking cookies and other site data from cross-site tracking. Learn what this is and what the benefits of blocking it are with Nick Lewis.Continue Reading
How to defend against malicious IP addresses in the cloud
Cybercriminals have found a way to use the cloud to mask their locations. Expert Rob Shapland looks at the options organizations have to deal with malicious IP addresses.Continue Reading
Ping of death: What is it and how is Apple affected?
An Apple vulnerability recently resurfaced and is targeting Apple devices that are connected to public hotspots. Discover what this vulnerability is and how to protect your devices.Continue Reading
How is SamSam ransomware using a manual attack process?
Sophos researchers believe the SamSam ransomware campaign could be the work of one or a few threat actors using manual techniques. Learn how it works and if recovery is possible.Continue Reading
How to ensure your enterprise doesn't have compromised hardware
Enterprise protections are crucial in order to guarantee the safety of your hardware. Discover best practices to guard your enterprise's hardware with Nick Lewis.Continue Reading
How does the new Dharma Ransomware variant work?
Brrr ransomware, a Dharma variant, was found adding malicious extensions to encrypted files. Discover how this is possible and how this attack can be mitigated with Judith Myerson.Continue Reading
Why U.S. election security needs an immediate overhaul
There's no evidence that threat actors have been able to manipulate or change vote counts in our elections, but Kevin McDonald says that doesn't mean it can't -- or won't -- happen.Continue Reading
How bring-your-own-land attacks are challenging enterprises
FireEye researchers developed a new technique called bring your own land, which involves attackers creating their own tools. Discover more about how this works with Nick Lewis.Continue Reading
How were attackers able to bypass 2FA in a Reddit breach?
Reddit announced a breach after users were socially engineered and attackers bypassed 2FA protocols. Discover how this attack was possible and how sites can avoid falling victim.Continue Reading
Can a D-Link router vulnerability threaten bank customers?
A D-Link router vulnerability was used to send banking users to a fake site in order to steal their information. Learn more about this vulnerability with expert Judith Myerson.Continue Reading
How does a Bluetooth vulnerability enable validation attacks?
Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how it works and can be mitigated.Continue Reading
How does signed software help mitigate malware?
Okta researchers found a bypass that allows macOS malware to pose as signed Apple files. Discover how this is possible and how to mitigate this attack.Continue Reading
How does new MacOS malware target users through chat?
New malware targets cryptocurrency investors through MacOS and chat platforms were recently discovered. Learn how OSX.Dummy malware works and what users can do to spot the attack.Continue Reading
Why entropy sources should be added to mobile application vetting
NIST's 'Vetting the Security of Mobile Applications' draft discusses four key areas of general requirements. Learn how further improvements to the vetting process could be made.Continue Reading
How can U2F authentication end phishing attacks?
By requiring employees to use U2F authentication and physical security keys, Google eliminated phishing attacks. Learn how the combination works from expert Michael Cobb.Continue Reading
How was Kea DHCP v1.4.0 affected by a security advisory?
Kea, an open source DHCP server, was issued a medium security advisory for a flaw that causes memory leakage in version 1.4.0. Discover the workarounds with Judith Myerson.Continue Reading
Guide to identifying and preventing OSI model security risks: Layers 4 to 7
Each layer of the Open Systems Interconnection presents unique vulnerabilities that could move to other layers if not properly monitored. Here's how to establish risk mitigation strategies for OSI layer security in Layers 4 through 7.Continue Reading
Siemens Siclock: How do threat actors exploit these devices?
Siemens disclosed six Siclock flaws that were found within its central plant clocks. Discover why three flaws have been rated critical and how threat actors can exploit devices.Continue Reading
How do newly found flaws affect robot controllers?
Several vulnerabilities were found in controllers made by Universal Robots. Discover what these controllers are used for and how threat actors can exploit these vulnerabilities.Continue Reading
Removable storage devices: Why are companies banning them?
IBM banned removable storage devices to encourage employees to use the company's internal file-sharing system. Learn how a ban like this can improve enterprise security.Continue Reading
How can companies implement ITSM compliance standards?
In this Ask the Expert, IT governance expert Jeffrey Ritter discusses his formula to successfully align new technology with ITSM compliance standards -- all while minimizing risk.Continue Reading
How do hackers use legitimate admin tools to compromise networks?
Hackers use legitimate admin tools to exfiltrate data in living off the land attacks that are hard to detect. Learn about this cyberattack tactic from expert Michael Cobb.Continue Reading
How does FacexWorm malware use Facebook Messenger to spread?
Researchers at Trend Micro found a new strain of malware -- dubbed FacexWorm -- that targets users via a malicious Chrome extension. Discover how this attack works with Nick Lewis.Continue Reading
How is Android Accessibility Service affected by a banking Trojan?
ThreatFabric researchers uncovered MysteryBot, Android malware that uses overlay attacks to avoid detection. Learn how this malware affects Google's Android Accessibility Service.Continue Reading
How does MassMiner malware infect systems across the web?
Researchers from AlienVault found a new cryptocurrency mining malware -- dubbed MassMiner -- that infects systems across the web. Learn how this malware operates with Nick Lewis.Continue Reading
Teramind CTO talks insider threat prevention, employee monitoring
A fear of insider threats on Wall Street led one software engineer to start his own security company.Continue Reading
Why communication is critical for web security management
Conveying the importance of web security to management can be difficult for many security professionals. Kevin Beaver explains how to best communicate with the enterprise.Continue Reading
Can monitoring help defend against Sanny malware update?
Changes to the Sanny malware were recently discovered by FireEye researchers. Learn who is at risk and how elevated privileges can help protect you with Nick Lewis.Continue Reading
How can attackers exploit a buffer underflow vulnerability?
A buffer underflow was found to be caused by a vulnerability in strongSwan's open source VPN. Learn how this is possible and how attackers can exploit it with Judith Myerson.Continue Reading
Understanding the risk SQL injection vulnerabilities pose
SQL injection vulnerabilities put a system at risk and are often unknown to users. Discover how this web vulnerability works and how to prevent it with expert Kevin Beaver.Continue Reading
How does Telegram malware bypass end-to-end encryption?
A Telegram malware called Telegrab targets Telegram's desktop instant messaging service to collect and exfiltrate cache data. Expert Michael Cobb explains how Telegrab works.Continue Reading
What issues can arise from hardware debug exception flaws?
Misinterpretation of Intel's System Programming Guide resulted in a hardware debug exception vulnerability. Expert Michael Cobb explains how attackers can gain unauthorized access.Continue Reading
How does the Android Rowhammer exploit affect users?
Android Rowhammer is a hardware weakness in older devices that puts users at risk of remote exploits. Expert Michael Cobb explains why it's important to upgrade to newer devices.Continue Reading
How does a WDC vulnerability put hardcoded passwords at risk?
Several vulnerabilities were found in Western Digital's My Cloud, including one that affects the default hardcoded password. Learn how to avoid such risks with expert Nick Lewis.Continue Reading
How insider fraud can be detected and avoided in the enterprise
IT sabotage and insider threats can put an organization at great risk. Guest expert Peter Sullivan details preventative measures to take and employee training techniques.Continue Reading
ATM jackpotting: How does the Ploutus.D malware work?
Ploutus.D malware recently started popping up in the U.S. after several ATM jackpotting attacks. Discover how this is possible and what banks can do to prevent this with Nick Lewis.Continue Reading
How to monitor and detect a cloud API vulnerability
A REST API vulnerability in Salesforce's Marketing Cloud service put users at risk of data disclosure. Learn how to detect cloud API vulnerabilities from expert Rob Shapland.Continue Reading
What risks does the OpenFlow protocol vulnerability present?
Researchers found a vulnerability in OpenFlow that can cause problems. Learn how vendor-specific SDN controllers may cause these OpenFlow protocol vulnerabilities.Continue Reading
Four new Mac malware strains exposed by Malwarebytes
Mac platforms are at risk after Malwarebytes discovered four new Mac malware strains. Learn how to protect your enterprise and how to mitigate these attacks with expert Nick Lewis.Continue Reading
Microsoft's NTFS flaw: What are the potential consequences?
A security researcher exposed an NTFS flaw that Microsoft deliberately hasn't patched. Expert Michael Cobb explains how the bug works and why it isn't being treated as severe.Continue Reading
Women in cybersecurity: How to make conferences more diverse
The lack of women speaking at security conferences might be representative of the low number of women in cybersecurity, but efforts are finally being made to close the gender gap.Continue Reading
How does SirenJack put emergency warning systems at risk?
Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. Judith Myerson explains how it works.Continue Reading
How is Apple iOS 11 affected by a QR code vulnerability?
A QR code vulnerability was recently discovered in the Apple iOS 11 camera app. Learn how an attacker could exploit it and how to avoid the issue with Judith Myerson.Continue Reading
Digimine bot: How does social media influence cryptojacking?
Facebook Messenger is being used to reach more victims with a cryptojacking bot that Trend Micro researchers named Digimine. Learn how this bot works with expert Nick Lewis.Continue Reading
Android vulnerability: How can users mitigate Janus malware?
The Janus vulnerability was found injecting malicious code into reputable Android apps. Once injected, users' endpoints become infected. Learn how to prevent this with expert Nick Lewis.Continue Reading
How did an old, unpatched Firefox bug expose master passwords?
A Firefox bug went undetected for nine years. Expert Michael Cobb explains how it enabled attackers to access the browser's master password and what's being done to mitigate it.Continue Reading
How studying the black hat community can help enterprises
White hat hackers often assimilate themselves into the black hat community to track the latest threats. Discover how this behavior actually benefits the enterprise with David Geer.Continue Reading
How can a hardcoded password vulnerability affect Cisco PCP?
Cisco patched a hardcoded password vulnerability found in their PCP software. Learn how the software works and how attackers can exploit this vulnerability with Judith Myerson.Continue Reading
Where machine learning for cybersecurity works best now
Need to up your endpoint protection endgame? Learn how applying machine learning for cybersecurity aids in the fight against botnets, evasive malware and more.Continue Reading
How did cryptomining malware exploit a Telegram vulnerability?
Hackers were able to exploit a Telegram vulnerability to launch cryptomining malware. Expert Michael Cobb explains how they were able to do so and how to prevent similar attacks.Continue Reading
Q&A: Why data security controls are a hard problem to solve
Feeling less friendly after Facebook? "There is a great deal of power in being able to combine data-sources," says Jay Jacobs, security data scientist.Continue Reading
How to prevent cloud cryptojacking attacks on your enterprise
As the value of bitcoin has risen over the last year, so has the prevalence of cloud cryptojacking attacks. Expert Rob Shapland explains how enterprises can prevent these attacks.Continue Reading
How does the KRACK vulnerability use encryption keys?
The KRACK vulnerability was found in the WPA2 protocol for wireless networks and it enables attackers to crack encrypted connections. Learn how it works from Nick Lewis.Continue Reading
Bad Rabbit ransomware: How does it compare to other variants?
Bad Rabbit ransomware mimics other recent ransomware variants, such as NotPetya. Discover the similarities and differences between the two with expert Nick Lewis.Continue Reading
How will the new WPA3 protocol strengthen password security?
The development of WPA3 helps advance Wi-Fi protocol, as the next generation of Wi-Fi-enabled devices begins to demand more. Expert Michael Cobb explains how it differs from WPA2.Continue Reading
How were Android Pixel vulnerabilities exploited?
Android Pixel vulnerabilities could open the smartphone up to attack. Expert Michael Cobb explains the vulnerabilities and how to defend against them.Continue Reading
How did an Electron framework flaw put Slack at risk?
An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it.Continue Reading
How air gap attacks challenge the notion of secure networks
Today's cyberattacks are taking new shapes and sizes in the ever-changing tech environment. This guide explores air gap attacks, the history behind them and the latest threats facing air-gapped networks.Continue Reading
How enterprises should handle GDPR compliance in the cloud
GDPR compliance in the cloud can be an intimidating concept for some enterprises, but it doesn't have to be. Rob Shapland explains why it's not so different from on premises.Continue Reading
Zero-trust model promises increased security, decreased risk
The zero-trust model takes focused and sustained effort, but promises to improve most companies' risk posture. Learn what it takes to get the most out of zero trust.Continue Reading
Imran Awan case shows lax security controls for IT staff
Investigations into the conduct of the IT staff of the House of Representatives raised alarms. Kevin McDonald explains what we can learn from the case of Imran Awan.Continue Reading
What VPN alternatives should enterprises consider using?
VPN vulnerabilities in products from popular vendors were recently found to enable serious threats. Discover how detrimental these threats are and best alternatives to the use of VPNs.Continue Reading
Emotet Trojan: How to defend against fileless attacks
An increase in fileless malware, including PowerShell malware, was reported in McAfee Labs' December 2017 Threat Report. Discover how enterprises can defend again fileless attacks.Continue Reading
Intel AMT flaw: How are corporate endpoints put at risk?
A recent flaw in Intel's Advanced Management Technology enables hackers to gain access to endpoint devices. Discover how this flaw can be mitigated with expert Judith Myerson.Continue Reading
When does the clock start for GDPR data breach notification?
As new GDPR data breach notification rules go into effect, companies must be ready to move faster than before. Mimecast's Marc French explains what will change and how to cope.Continue Reading
Secure DevOps: Inside the five lifecycle phases
Secure DevOps and cloud computing are altering the design, build, deployment and operation of online systems. Learn more from Eric Johnson and Frank Kim of the SANS Institute.Continue Reading
What will GDPR data portability mean for enterprises?
Enforcement of the EU's Global Data Protection Regulation is coming soon. Mimecast's Marc French discusses the big questions about GDPR data portability for enterprises.Continue Reading
Addressing vulnerable web systems that are often overlooked
Web security vulnerability scanners often focus on large applications within the enterprise. However, there are plenty of overlooked web systems that contain hidden flaws.Continue Reading
AIR-Jumper: How can security camera lights transmit data?
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to prevent it with expert Nick Lewis.Continue Reading
ExpensiveWall malware: How does this SMS attack function?
A new SMS malware known as ExpensiveWall was recently discovered by Check Point. Learn how it infects devices and puts Android device users at risk with expert Nick Lewis.Continue Reading