From NSA Exploit to Widespread Ransomware: WannaCry is on the Loose

blog / mai 22, 2017

by Ray Pompon

The new EternalBlue NSA exploit is powering a wave of virulent ransomware sweeping across Europe.

Why Cloud Sprawl is a Security Risk

blog / mai 18, 2017

by Lori MacVittie

Cloud sprawl isn’t just a budget sinkhole; it’s quickly becoming a security blind spot and potential attack vector for data theft.

Strike Back at Silent Bob: Scan and Block Ports Used by Intel AMT

blog / mai 16, 2017 (MODIFIED: mai 18, 2017)

by David Holmes

Is the Intel AMT vulnerability as bad as we all first thought? Either way, here are some suggestions for protecting yourself.

From NSA Exploit to Widespread Ransomware: WannaCry is on the Loose

blog / mai 12, 2017 (MODIFIED: mai 15, 2017)

by Ray Pompon

The new EternalBlue NSA exploit is powering a wave of virulent ransomware sweeping across Europe.

THE HUNT FOR IoT: The Networks Building Death Star-Sized Botnets

report / mai 10, 2017 (MODIFIED: mai 16, 2017)

by Sara Boddy, Justin Shattuck

With a growth rate of 1,373% in 2016, the hunt for vulnerable IoT devices rages on, and threat actors become more concentrated within specific networks.

Can Your Risk Assessment Stand Up Under Scrutiny?

blog / mai 09, 2017 (MODIFIED: mai 18, 2017)

by Ray Pompon

Risk assessments are a key part of a security program, but their execution and format are highly variable. Regulators can sanction organizations that perform improper or inadequate risk assessments.

Achieving Multi-Dimensional Security through Information Modeling – Part 1

blog / mai 04, 2017 (MODIFIED: mai 18, 2017)

by Ravila White

Information modeling blends lateral thinking and deductive logic. Applied to information security, it’s a powerful technique for designing a security architecture with multi-dimensional controls that minimizes risk and achieves continuous compliance.

Profile of a Hacker: The Real Sabu, Part 2 of 2

blog / mai 02, 2017 (MODIFIED: mai 15, 2017)

by David Holmes

One simple error led to the capture of notorious hacker Sabu—and the revelation of his identity.

7 Upgrades to Level Up Your Security Program Experience

blog / avr. 28, 2017 (MODIFIED: mai 18, 2017)

by Ray Pompon

When you feel like you’re losing the security battle, try one, a few, or all of these tips to re-invigorate your program and stay on a positive track.

Internet, We (Still) Have a Problem with Internationalized Domain Names

blog / avr. 25, 2017 (MODIFIED: mai 16, 2017)

by Lori MacVittie

Even URLs that look legitimate can be fake, so train, train, train your users to verify links before they click.

Executive Impersonation Fraud Is on the Rise—and It Is Working

blog / avr. 20, 2017 (MODIFIED: mai 18, 2017)

by Mike Levin, Center for Information Security Awareness

Your company could lose hundreds of thousands in an impersonation scam, but here are eight things you can do to protect yourself.

Profile of a Hacker: The Real Sabu, Part 1 of 2

blog / avr. 18, 2017 (MODIFIED: mai 18, 2017)

by David Holmes

Notorious hacker of Anonymous and LulzSec fame is challenged by rival hacker, The Jester, to reveal his identity.

Stalking in the Workplace: What CISOs Can Do

blog / avr. 14, 2017 (MODIFIED: mai 18, 2017)

by Ray Pompon

Cyberstalking will rise as hacking tools become more powerful and easier to use, but there’s much you can do to help protect victims.

Doxing, DoS, and Defacement: Today’s Mainstream Hacktivism Tools

article / avr. 12, 2017 (MODIFIED: mai 16, 2017)

by Ray Pompon

Readily available hacking tools provide new ways for civil disobedience groups to antagonize their targets anonymously.

Marcher Gets Close to Users by Targeting Mobile Banking, Android Apps, Social Media, and Email

article / avr. 07, 2017 (MODIFIED: mai 16, 2017)

by Doron Voolf

Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.

Wait, Don’t Throw Out Your Firewalls!

blog / avr. 04, 2017 (MODIFIED: mai 09, 2017)

by Wendy Nather, Duo Security

Yes, the perimeter has shifted, but firewalls still have a place in your network. They’re just not alone anymore.

How to Talk Cyber Risk with Executives

blog / mars 30, 2017 (MODIFIED: mai 09, 2017)

by Ray Pompon, Sara Boddy

Board level interest in your cyber risk posture is growing, in fact it might be required soon for publicly traded companies. Presenting cyber risk to your board – effectively – means talking in their terms.

Virtual Kidnapping: The Latest in an Endless Stream of Scams

blog / mars 30, 2017 (MODIFIED: mai 10, 2017)

by Mike Levin, Center for Information Security Awareness

The virtual kidnapping scam is on the rise because of the excessive amount of personal information people volunteer on social media.

From DDoS to Server Ransomware: APACHE STRUTS 2 - CVE-2017-5638 Campaign

article / mars 27, 2017 (MODIFIED: mai 04, 2017)

by Maxim Zavodchik, Julia Karpin, Ilya Chernyakov, Dylan Syme

A common infection vector used by botnet creators is scanning the Internet for web vulnerabilities to exploit for malware or back doors. The advantage of hitting servers over personal consumer devices is the ability to leverage powerful hardware that is...

Cyber Insurance: Read the Fine Print!

blog / mars 24, 2017 (MODIFIED: avr. 28, 2017)

by Ray Pompon, Sara Boddy

Purchasing cyber insurance can be useful, but claims are often denied due to policy exclusions or lapses in controls.

Can Audits Help Us Trust Third Parties?

blog / mars 20, 2017 (MODIFIED: avr. 20, 2017)

by Ray Pompon

Organizations who outsource need to measure the risk of entrusting their data to someone else. They aren’t easy or cheap, but audits are really the best tool we have.

Will Deception as a Defense Become Mainstream?

blog / mars 13, 2017 (MODIFIED: avr. 14, 2017)

by Ray Pompon

Defensive deception works well, but needs championing before we’ll see it as a best practice or compliance requirement.

DNS Is Still the Achilles’ Heel of the Internet

article / mars 10, 2017 (MODIFIED: avr. 28, 2017)

by Ray Pompon

Since the Internet can’t survive without DNS, let’s make our best effort to defend it.

Security’s “Rule Zero” Violated Again with Zero-Day Apache Struts 2 Exploit

blog / mars 09, 2017 (MODIFIED: avr. 25, 2017)

by Lori MacVittie

If you’re running Apache Struts 2 and the vulnerable component, stop reading and update now.

Five Steps Users Can Take to Inoculate Themselves against Fake News

blog / mars 06, 2017 (MODIFIED: avr. 04, 2017)

by Michael Levin, Center for Information Security Awareness

Security awareness training can significantly curb users' dissemination of fake news.

Why Managing Low-Severity Vulnerabilities Can’t Be Just a Pipe Dream

blog / mars 03, 2017 (MODIFIED: mars 29, 2017)

by Sara Boddy

Putting off fixing low-severity vulnerabilities can have high-impact effects.

Speed Over Security Still Prevalent in Spite of Substantial Risk for IoT Apps

blog / mars 03, 2017 (MODIFIED: mai 15, 2017)

by Lori MacVittie

Speed to market means IoT and mobile apps are being released with known vulnerabilities.

A CISO’s Reflections on RSA 2017

blog / févr. 28, 2017 (MODIFIED: mars 30, 2017)

by Mike Convertino

Recapping RSA 2017: Endpoint Protection, Threat Hunting, and Talent Searching Abound!

Cloudbleed: What We Know and What You Should Do

blog / févr. 24, 2017 (MODIFIED: mars 29, 2017)

by Lori MacVittie

Definitive steps individuals and organizations can take today to deal with the impact of Cloudbleed.

Building Secure Solutions Successfully Using Systems Theory

blog / févr. 23, 2017 (MODIFIED: mars 20, 2017)

by Ray Pompon

When security solutions don’t work as planned, embrace the complexity and use Systems Theory tools to adjust, regulate, and redefine.

Ramnit's Twist: A Disappearing Configuration

blog / févr. 17, 2017 (MODIFIED: févr. 21, 2017)

by Anna Dorfman

The Ramnit banking Trojan continues to evolve, this time with the intent of making the malware harder to detect.

The Conflicting Obligations of a Security Leader

blog / févr. 14, 2017 (MODIFIED: mars 20, 2017)

by Ray Pompon

Faced with competing pressures, CISOs are ultimately the experts at assessing what’s truly at stake in their organizations.

How Three Low-Risk Vulnerabilities Become One High

article / févr. 13, 2017 (MODIFIED: mars 20, 2017)

by Ray Pompon, Keiron Shepherd

It’s easy to brush off low-risk vulnerabilities as trivial—until they’re combined to create a deep-impact attack.

The Risk Pivot: Succeeding with Business Leadership by Quantifying Operational Risk

blog / févr. 09, 2017 (MODIFIED: mars 03, 2017)

by Ray Pompon

Getting the security investments you need often comes down to making your case to management in terms of operational risk.

Friendly Reminder: App Security in the Cloud is Your Responsibility

blog / févr. 02, 2017 (MODIFIED: mars 03, 2017)

by Lori MacVittie

Nearly 200,000 servers are still vulnerable to Heartbleed—and the organizations who own them might surprise you.

Using F5 Labs Application Threat Intelligence

report / janv. 26, 2017 (MODIFIED: avr. 07, 2017)

by Ray Pompon, Sara Boddy

As security professionals, we often feel like we’re fighting a losing battle when it comes to cyber security.

The Humanization of the Security Leader: What CISOs Need to Be Successful

blog / janv. 23, 2017 (MODIFIED: févr. 27, 2017)

by Ray Pompon

When someone from the IT group gets promoted into security management, a common first lesson is that “geek culture” is ineffective in the boardroom. Just watch one episode of The Big Bang Theory and you’ll recognize the classic nerd character...

The New Insider Threat: Automation Frameworks

blog / janv. 19, 2017 (MODIFIED: févr. 23, 2017)

by Lori MacVittie

One of the pillars of DevOps is - according to its founders - automation. Along with automation naturally comes orchestration, which as you might guess is automation but at a higher level of abstraction. Where automation focuses on using...

The 2016 TLS Telemetry Report

report / janv. 19, 2017 (MODIFIED: mars 30, 2017)

by David Holmes

In just four short years, encryption estimates have gone from almost non-existent (in the low single digits before 2013) to just over 50% by the end of 2016. How much of a victory is this?

Welcome to CISO to CISO

article / janv. 18, 2017 (MODIFIED: mars 06, 2017)

by Mike Convertino

Hi. I’m Mike Convertino, CISO of F5 Networks, and I want to welcome you to an experiment we’re conducting here at F5. We’ve laid the foundation of this CISO to CISO portal on an idea that has traditionally been somewhat controversial in the security community: openness.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.