The Credential Crisis: It’s Really Happening

blog / Dez 14, 2017

by Lori MacVittie

With billions of data records compromised, it’s time to reconsider whether passwords are our best means for authenticating users.

To Protect Your Network, You Must First Know Your Network

/ Dez 13, 2017

by Ray Pompon

Strong security starts with understanding exactly what you need to protect and where it resides within your organization.

Lessons Learned from a Decade of Data Breaches

report / Dez 07, 2017 (MODIFIED: Dez 14, 2017)

by Sara Boddy, Ray Pompon

F5 Labs researched 433 breach cases spanning 12 years, 37 industries, and 27 countries to discover patterns in the initial attacks that lead to the breach.

Avoiding the Epidemic of Hospital Hacks

blog / Dez 05, 2017 (MODIFIED: Dez 14, 2017)

by Ray Pompon

Good security is highly dependent on hospital staff being well trained and having the discipline to follow security processes—manual and otherwise—to the letter.

The Startup Security Challenge: Safe in the Cloud from Day One

blog / Nov 30, 2017 (MODIFIED: Dez 14, 2017)

by Ray Pompon

How this cloud startup met its goals for security and availability right out of the gate by setting goals, doing a risk analysis, and examining tradeoffs.

Achieving Multi-Dimensional Security through Information Modeling—Unwrapping Controls Part 4

blog / Nov 28, 2017 (MODIFIED: Dez 07, 2017)

by Ravila White

In Part 3 of this blog series, we demonstrated modeling the threat landscape along with executive threat-modeling. In this blog, we discuss the importance of defining controls.

If Your Security Question List Looks like a Facebook Favorite List, Start Over Now

blog / Nov 21, 2017 (MODIFIED: Dez 14, 2017)

by Lori MacVittie

Seriously, how many colors are there? And how many of us share the same love of one of those limited choices?

Phishing: The Secret of its Success and What You Can Do to Stop It

report / Nov 16, 2017 (MODIFIED: Dez 14, 2017)

by Ray Pompon

Learn about the tricks attackers use to dupe unsuspecting users and how you can help protect them—and your organization.

A CISO Landmine: No Security Awareness Training

blog / Nov 14, 2017 (MODIFIED: Dez 13, 2017)

by Mike Levin, Center for Information Security Awareness

CISOs who fail to prioritize security awareness training are putting their business and assets at serious risk.

Is a Good Offense the Best Defense Against Hackers?

blog / Nov 09, 2017 (MODIFIED: Dez 14, 2017)

by Ray Pompon

Proposed legislation could change existing laws that bars victims of hacking attacks from striking back.

What Happens to Encryption in a Post-Quantum Computing World?

blog / Nov 07, 2017 (MODIFIED: Dez 13, 2017)

by Debbie Walkowski

As the possibility of quantum computing draws nearer, changes to today’s TLS key exchange algorithms will be required.

Can Engineers Build Networks Too Complicated for Humans to Operate? Part II: Making Sense of Network Activities and System Behaviors

blog / Nov 02, 2017 (MODIFIED: Dez 13, 2017)

by Mike Simon

How to selectively capture packets for further analysis and avoid buying a storage farm.

Academic Research: A Survey of Email Attacks

article / Okt 31, 2017 (MODIFIED: Dez 14, 2017)

by David Hammerstrom, Sara McGarvey, Russel Parham, Kyle Uecker, Anthony Wade

Email has become such an ordinary part of our daily lives that we can forget how vulnerable it is.

Reaper: The Professional Bot Herder’s Thingbot

blog / Okt 26, 2017 (MODIFIED: Dez 12, 2017)

by David Holmes, Justin Shattuck

While Reaper might be considered an “object lesson” today, it should serve as a blistering warning that IoT security needs to be fixed now.

Help Guide the Future of Apps – Ultimately your Threat Landscape – by Responding to our SOAD Survey!

blog / Okt 24, 2017 (MODIFIED: Nov 02, 2017)

by Lori MacVittie

Assessing the State of Application Delivery depends on getting information from you about your applications!

Third-Party Security is Your Security

blog / Okt 24, 2017 (MODIFIED: Dez 05, 2017)

by Ray Pompon

When you must depend on third parties for a variety of products and services, it’s critical that you hold them to high security standards.

Interview with the Experts: The Future of IoT Security through the Eyes of F5 Threat Researchers

blog / Okt 19, 2017 (MODIFIED: Nov 30, 2017)

by Debbie Walkowski

When it comes to IoT threats, we’re nowhere near being out of the woods yet; we’ve just barely entered the forest.

New Threat May Slip through the KRACK in BYOD Policies

blog / Okt 17, 2017 (MODIFIED: Nov 16, 2017)

by Lori MacVittie

Combating this vulnerability might mean you have to force updates on employees’ personal devices or deny them access altogether.

How to Be a More Effective CISO by Aligning Your Security to the Business

blog / Okt 17, 2017 (MODIFIED: Nov 28, 2017)

by Ray Pompon

Security must align to the business needs, not the other way around. Begin with investigation and understanding to be most effective.

Joining Forces with Criminals, Deviants, and Spies to Defend Privacy

blog / Okt 12, 2017 (MODIFIED: Nov 07, 2017)

by Jennifer Chermoshnyuk, Matt Beland

Organizations need to provide clear and specific guidance to employees who travel across national borders when it comes to giving up passwords and surrendering devices.

Academic Research: Web Application Attacks

article / Okt 10, 2017 (MODIFIED: Nov 09, 2017)

by Andrew Cox, Daniel Freese, Matthew Martin, Daniel Massie

Personally identifiable information and user credentials are the primary nuggets attackers are after when they exploit known vulnerabilities in web applications.

The Good News about Breaches

blog / Okt 04, 2017 (MODIFIED: Okt 31, 2017)

by Lori MacVittie

Security breaches in the news serve as a good reminder to check and make sure you have a solid application protection strategy in place, starting with never trusting user input.

Proposed Legislation Calls for Cleaning Up the IoT Security Mess

blog / Okt 03, 2017 (MODIFIED: Nov 14, 2017)

by Ray Pompon, David Holmes

Legislation is a good first step toward persuading IoT manufacturers (who want to stay in business) to do the right thing when it comes to the security of their devices.

Phishing for Information, Part 5: How Attackers Pull It All Together, and How You Can Fight Back

blog / Sep 28, 2017 (MODIFIED: Okt 24, 2017)

by Ray Pompon

Stop feeding attackers every piece of the puzzle they need to pull off their scams.

Five Reasons CISOs Should Keep an Open Mind about Cryptocurrencies

blog / Sep 26, 2017 (MODIFIED: Nov 09, 2017)

by Ray Pompon, Justin Shattuck

Far from a dying breed, cryptocurrencies are not only evolving but being accepted in countless new markets. CISOs need to know the ins and outs, pros and cons.

Profile of a Hacker: The Real Sabu, Part 2 of 2

blog / Sep 21, 2017 (MODIFIED: Okt 17, 2017)

by David Holmes

New information sheds light on Sabu’s activities following the revelation of his identity.

CISOs: Striving Toward Proactive Security Strategies

report / Sep 19, 2017 (MODIFIED: Nov 09, 2017)

by Mike Convertino

As enterprises more closely align their security and IT operations, they still struggle to shift their security programs from reactive to proactive.

TrickBot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies

article / Sep 14, 2017 (MODIFIED: Okt 17, 2017)

by Sara Boddy, Jesse Smith, Doron Voolf

TrickBot kicked into high gear coming into August with the most targeted URLs since its launch. It released a new worm module, shifted its focus towards the US, and soared past the one thousand target URL mark in a single configuration.

Five Reasons the CISO is a Cryptocurrency Skeptic—Starting with Bitcoin

blog / Sep 13, 2017 (MODIFIED: Okt 24, 2017)

by David Holmes

There’s a lot of hype surrounding cryptocurrencies, but what’s good for currency traders may not be great for security-minded professionals.

Phishing for Information, Part 4: Beware of Data Leaking Out of Your Equipment

blog / Sep 07, 2017 (MODIFIED: Okt 10, 2017)

by Ray Pompon

Organizations often overlook the many ways in which their own systems put useful information right into the hands of attackers building cyber scams.

WireX Android DDoS Malware Adds UDP Flood

blog / Sep 01, 2017 (MODIFIED: Okt 04, 2017)

by Julia Karpin, Liron Segal, Maxim Zavodchik

As quickly as attackers commandeer IoT devices to build more “thingbots,” they continue to evolve their attack types and functionality.

Six Steps to Finding Honey in the OWASP

blog / Aug 31, 2017 (MODIFIED: Okt 17, 2017)

by Ray Pompon

According to Verizon’s 2014 Data Breach Investigations Report, “Web applications remain the proverbial punching bag of the Internet.” Things haven’t improved much since then. What is it about web applications that makes them so...

URL Obfuscation—Still a Phisher's Phriend

blog / Aug 29, 2017 (MODIFIED: Sep 28, 2017)

by Ray Pompon

Cyber crooks use several common URL disguising techniques to trick users into thinking their sham sites are legitimate.

Achieving Multi-Dimensional Security through Information Modeling—Executive Threat Modeling Part 3

blog / Aug 23, 2017 (MODIFIED: Okt 10, 2017)

by Ravila White

How InfoSec leaders can build successful threat models by defining the threat landscape and its component resources, then asking simple, situational questions.

Phishing for Information, Part 3: How Attackers Gather Data About Your Organization

blog / Aug 22, 2017 (MODIFIED: Sep 28, 2017)

by Ray Pompon

The Internet is full of information about your company that’s easily accessible to anyone and particularly useful to attackers.

"Cry 'Havoc' and Let Loose the Thingbots of War!"

blog / Aug 17, 2017 (MODIFIED: Sep 21, 2017)

by Lori MacVittie

Gray hats might have good intentions launching their “vigilante” botnets, but are they really helping us win the war against Death Star-sized thingbots?

Where Do Vulnerabilities Come From?

blog / Aug 15, 2017 (MODIFIED: Sep 26, 2017)

by Ray Pompon

Vulnerabilities are an emergent property of modern software’s complexity, requested features, and the way data inputs are handled.

The Hunt for IoT: The Rise of Thingbots

report / Aug 09, 2017 (MODIFIED: Dez 07, 2017)

by Sara Boddy, Justin Shattuck

With “thingbots” now launching Death Star-sized DDoS attacks, hosting banking trojans, and causing physical destruction, all signs point to them becoming the attacker infrastructure of the future.

Can Engineers Build Networks Too Complicated for Humans to Operate? Part I: Scope of the Problem

blog / Aug 03, 2017 (MODIFIED: Okt 30, 2017)

by Mike Simon

This series explores how InfoSec practitioners can use math, technology, and critical thinking to mitigate risk in a world where networks and data have surpassed the scope of human comprehension.

RSA in a “Pre-Post-Quantum” Computing World

blog / Aug 01, 2017 (MODIFIED: Sep 07, 2017)

by David Holmes

Quantum computing is coming. What should your strategy be today to deal with what’s on the horizon?

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.