BLOG

blog / Apr 20, 2017

Executive Impersonation Fraud Is on the Rise—and It Is Working

by Mike Levin, Center for Information Security Awareness

Your company could lose hundreds of thousands in an impersonation scam, but here are eight things you can do to protect yourself.

blog / Apr 18, 2017 (MODIFIED: Apr 20, 2017)

Profile of a Hacker: The Real Sabu, Part 1 of 2

by David Holmes

Notorious hacker of Anonymous and LulzSec fame is challenged by rival hacker, The Jester, to reveal his identity.

blog / Apr 14, 2017 (MODIFIED: Apr 18, 2017)

Stalking in the Workplace: What CISOs Can Do

by Ray Pompon

Cyberstalking will rise as hacking tools become more powerful and easier to use, but there’s much you can do to help protect victims.

blog / Apr 14, 2017

Stalking in the Workplace: What CISOs Can Do

by Ray Pompon

Cyberstalking will rise as hacking tools become more powerful and easier to use, but there’s much you can do to help protect victims.

blog / Apr 04, 2017 (MODIFIED: Apr 20, 2017)

Wait, Don’t Throw Out Your Firewalls!

by Wendy Nather, Duo Security

Yes, the perimeter has shifted, but firewalls still have a place in your network. They’re just not alone anymore.

blog / Mrz 30, 2017 (MODIFIED: Apr 14, 2017)

How to Talk Cyber Risk with Executives

by Ray Pompon

Board level interest in your cyber risk posture is growing, in fact it might be required soon for publicly traded companies. Presenting cyber risk to your board – effectively – means talking in their terms.

blog / Mrz 30, 2017 (MODIFIED: Apr 18, 2017)

Virtual Kidnapping: The Latest in an Endless Stream of Scams

by Mike Levin, Center for Information Security Awareness

The virtual kidnapping scam is on the rise because of the excessive amount of personal information people volunteer on social media.

blog / Mrz 24, 2017 (MODIFIED: Apr 14, 2017)

Cyber Insurance: Read the Fine Print!

by Ray Pompon

Purchasing cyber insurance can be useful, but claims are often denied due to policy exclusions or lapses in controls.

blog / Mrz 20, 2017 (MODIFIED: Apr 20, 2017)

Can Audits Help Us Trust Third Parties?

by Ray Pompon

Organizations who outsource need to measure the risk of entrusting their data to someone else. They aren’t easy or cheap, but audits are really the best tool we have.

blog / Mrz 13, 2017 (MODIFIED: Apr 14, 2017)

Will Deception as a Defense Become Mainstream?

by Ray Pompon

Defensive deception works well, but needs championing before we’ll see it as a best practice or compliance requirement.

blog / Mrz 09, 2017 (MODIFIED: Apr 14, 2017)

Security’s “Rule Zero” Violated Again with Zero-Day Apache Struts 2 Exploit

by Lori MacVittie

If you’re running Apache Struts 2 and the vulnerable component, stop reading and update now.

blog / Mrz 06, 2017 (MODIFIED: Apr 04, 2017)

Five Steps Users Can Take to Inoculate Themselves against Fake News

by Michael Levin, Center for Information Security Awareness

Security awareness training can significantly curb users' dissemination of fake news.

blog / Mrz 03, 2017 (MODIFIED: Mrz 29, 2017)

Why Managing Low-Severity Vulnerabilities Can’t Be Just a Pipe Dream

by Sara Boddy

Putting off fixing low-severity vulnerabilities can have high-impact effects.

blog / Mrz 03, 2017 (MODIFIED: Mrz 20, 2017)

Speed Over Security Still Prevalent in Spite of Substantial Risk for IoT Apps

by Lori MacVittie

Speed to market means IoT and mobile apps are being released with known vulnerabilities.

blog / Feb 28, 2017 (MODIFIED: Mrz 30, 2017)

A CISO’s Reflections on RSA 2017

by Mike Convertino

Recapping RSA 2017: Endpoint Protection, Threat Hunting, and Talent Searching Abound!

blog / Feb 24, 2017 (MODIFIED: Mrz 29, 2017)

Cloudbleed: What We Know and What You Should Do

by Lori MacVittie

Definitive steps individuals and organizations can take today to deal with the impact of Cloudbleed.

blog / Feb 23, 2017 (MODIFIED: Mrz 20, 2017)

Building Secure Solutions Successfully Using Systems Theory

by Ray Pompon

When security solutions don’t work as planned, embrace the complexity and use Systems Theory tools to adjust, regulate, and redefine.

blog / Feb 17, 2017 (MODIFIED: Feb 21, 2017)

Ramnit's Twist: A Disappearing Configuration

by Anna Dorfman

The Ramnit banking Trojan continues to evolve, this time with the intent of making the malware harder to detect.

blog / Feb 14, 2017 (MODIFIED: Mrz 20, 2017)

The Conflicting Obligations of a Security Leader

by Ray Pompon

Faced with competing pressures, CISOs are ultimately the experts at assessing what’s truly at stake in their organizations.

blog / Feb 09, 2017 (MODIFIED: Mrz 03, 2017)

The Risk Pivot: Succeeding with Business Leadership by Quantifying...

by Ray Pompon

Getting the security investments you need often comes down to making your case to management in terms of operational risk.

blog / Feb 02, 2017 (MODIFIED: Mrz 03, 2017)

Friendly Reminder: App Security in the Cloud is Your Responsibility

by Lori MacVittie

Nearly 200,000 servers are still vulnerable to Heartbleed—and the organizations who own them might surprise you.

blog / Jan 23, 2017 (MODIFIED: Feb 27, 2017)

The Humanization of the Security Leader: What CISOs Need to Be Successful

by Ray Pompon

When someone from the IT group gets promoted into security management, a common first lesson is that “geek culture” is ineffective in the boardroom. Just watch one episode of The Big Bang Theory and you’ll recognize the classic nerd character...

blog / Jan 19, 2017 (MODIFIED: Feb 23, 2017)

The New Insider Threat: Automation Frameworks

by Lori MacVittie

One of the pillars of DevOps is - according to its founders - automation. Along with automation naturally comes orchestration, which as you might guess is automation but at a higher level of abstraction. Where automation focuses on using...

blog / Jan 18, 2017 (MODIFIED: Mrz 13, 2017)

Application Threat Intelligence: What Do CISOs Need?

by Mike Convertino

I’ve mentioned before how important strong risk management is to a CISO. When it comes to risk, the applications our users depend on are a big concern. In F5's 2016 State of Application Security survey, a majority of respondents cited security around applications as an area of great concern.

blog / Jan 17, 2017 (MODIFIED: Mrz 03, 2017)

IoT Threats: A First Step into a Much Larger World of Mayhem

by Ray Pompon

So far, we’ve seen IoT DDoS attacks on a Death Star scale. What's next for those of us that may be caught in the blast?

blog / Dez 01, 2016 (MODIFIED: Jan 27, 2017)

TrickBot Now Targeting German Banking Group Sparkassen-Finanzgruppe

by Shaul Vilkomir-Preisman

TrickBot, the latest arrival to the banking malware scene and successor to the infamous Dyre botnet, is in constant flux.

blog / Nov 14, 2016 (MODIFIED: Feb 24, 2017)

Security’s Blind Spot: Application Layer Visibility

by Lori MacVittie

We’ve all seen after-the-fact security camera footage of a wide variety of crimes splashed across social media and news sites. This visibility is a critical component of any judicial system, as it helps identify who did what and provides crucial, objective evidence of what actually happened.

blog / Nov 07, 2016 (MODIFIED: Feb 13, 2017)

Little TrickBot Growing Up: New Campaign

by Julia Karpin

Recently there have been several reports of a financial malware named TrickBot; this malware's code looks similar to Dyre.

blog / Okt 04, 2016 (MODIFIED: Feb 24, 2017)

Bug Bounty Programs Only Half the Battle

by Lori MacVittie

What's the other half? And why don't organizations just find and fix their own bugs?

blog / Aug 12, 2016 (MODIFIED: Jan 19, 2017)

Is HEIST a Risk or a Threat?

by Lori MacVittie

HEIST is an example of how risk and threat are different, and why the distinction matters.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.