BLOG

blog /août 17, 2017

Cry “Havoc” and Let Loose the Thingbots of War!

by Lori MacVittie

Gray hats might have good intentions launching their “vigilante” botnets, but are they really helping us win the war against Death Star-sized thingbots?

blog /août 15, 2017

Where Do Vulnerabilities Come From?

by Ray Pompon

Vulnerabilities are an emergent property of modern software’s complexity, requested features, and the way data inputs are handled.

blog /août 03, 2017

Can Engineers Build Networks Too Complicated for Humans to Operate? Part I: Scope of the Problem

by Mike Simon

This series explores how InfoSec practitioners can use math, technology, and critical thinking to mitigate risk in a world where networks and data have surpassed the scope of human comprehension.

blog /août 01, 2017

RSA in a “Pre-Post-Quantum” Computing World

by David Holmes

Quantum computing is coming. What should your strategy be today to deal with what’s on the horizon?

blog /juil. 25, 2017

What Are You Doing to Protect Critical Infrastructure?

by Mike Levin, Center for Information Security Awareness

Protecting our critical infrastructure is everyone’s responsibility, and there are many ways we can all do our part.

blog /juil. 20, 2017

Phishing for Information, Part 2: How Attackers Collect Data About Your Employees

by Ray Pompon

The personal and job-related information that employees often innocently post on various websites makes it easy for phishers to pull off their scams.

blog /juil. 18, 2017

How to Avoid the Six Most Common Audit Failures

by Ray Pompon

A veteran auditor told us how organizations fail audits. Here are six detailed strategies to help you achieve success.

blog /juil. 11, 2017

Who Should the CISO Report To?

by Ray Pompon

Savvy organizations that understand the gravity of cyber security are giving CISOs a voice at the executive table.

blog /juil. 06, 2017

Phishing for Information, Part 1: How Phishers Bait Their Hooks with Information You Volunteer

by Ray Pompon

In this five-part blog series, we look at how cyber scammers vacuum up information across the Internet to build profiles for phishing and other kinds of social engineering attacks.

blog /juin 29, 2017

The Six Most Common Audit Failures

by Kyle Robinson, Senior Manager at Grant Thornton

A veteran auditor walks through where he’s seen organizations fail during audit.

blog /juin 27, 2017

NSA, CIA Leaks Provide a Roadmap to Stealthier, Faster, More Powerful Malware

by Mike Convertino

Recent NSA and CIA leaks exposed advanced new techniques for building automated malware factories that churn out threats like SambaCry and Petya/NotPetya, which deploy over untraceable networks.

blog /juin 22, 2017

Achieving Multi-Dimensional Security through Information Modeling—The Master Model Part 2

by Ravila White

Understanding the customer segment of your organization is critical to developing a strategy that ensures regulatory compliance.

blog /juin 21, 2017

Russian Hackers, Face to Face

by Ray Pompon

An undercover interview of two infamous Russian hackers speak volumes about skills, passion, and motivation of some of the world’s most dangerous cybercriminals.

blog /juin 15, 2017

TrickBot Expands Global Targets Beyond Banks and Payment Processors to CRMs

by Sara Boddy

TrickBot shows no signs of slowing down as new targets are added and command and control servers hide within web hosting providers’ networks.

blog /juin 14, 2017

Yak Shaving: CISOs Aren’t Immune

by Ray Pompon

Sometimes, CISOs spin their wheels doing useless security activity that only looks productive from the outside.

blog /juin 08, 2017

10 Ways Organizations Can Get Ready for Breach Disclosure

by Ray Pompon

Facing data breach disclosure requirements across the globe, organizations need to be prepare in advance to respond well.

blog /juin 06, 2017

Default Passwords Are Not the Biggest Part of the IoT Botnet Problem

by Lori MacVittie

Providers and manufacturers could go a long way toward reducing the very real threat of IoT.

blog /juin 01, 2017

The CISO: A Field Guide

by Bill Hughes

Learn to recognize different types of CISOs so you can ensure you’re hiring the right one.

blog /mai 31, 2017

Fight Credential Stuffing by Taking a New Approach to Authorization

by Michael Koyfman

How a token-based authorization model can help organizations dramatically reduce credential stuffing attacks.

blog /mai 26, 2017

SambaCry: The Linux Sequel to WannaCry

by Malcolm Heath, Ray Pompon

With simple exploits plaguing Windows and Linux SMB week over week, do yourself a favor and patch for CVE-2017-7494 now to avoid having to do it in panic mode.

blog /mai 25, 2017

How I Learned to Love Cyber Security

by Todd Plesco, CISO of Prescribe Wellness

Cyber security can be a difficult and thankless job, but you can learn to love it when you know how to go about it.

blog /mai 23, 2017

How a CISO Can Play a Role in Selling Security

by Ray Pompon

More and more CISOs are finding themselves pulled into the sales cycle to defend and sell their security programs. Here’s how to do it right.

blog /mai 18, 2017

Why Cloud Sprawl is a Security Risk

by Lori MacVittie

Cloud sprawl isn’t just a budget sinkhole; it’s quickly becoming a security blind spot and potential attack vector for data theft.

blog /mai 16, 2017

Strike Back at Silent Bob: Scan and Block Ports Used by Intel AMT

by David Holmes

Is the Intel AMT vulnerability as bad as we all first thought? Either way, here are some suggestions for protecting yourself.

blog /mai 12, 2017

From NSA Exploit to Widespread Ransomware: WannaCry is on the Loose

by Ray Pompon

The new EternalBlue NSA exploit is powering a wave of virulent ransomware sweeping across Europe.

blog /mai 09, 2017

Can Your Risk Assessment Stand Up Under Scrutiny?

by Ray Pompon

Risk assessments are a key part of a security program, but their execution and format are highly variable. Regulators can sanction organizations that perform improper or inadequate risk assessments.

blog /mai 04, 2017

Achieving Multi-Dimensional Security through Information Modeling – Part 1

by Ravila White

Information modeling blends lateral thinking and deductive logic. Applied to information security, it’s a powerful technique for designing a security architecture with multi-dimensional controls that minimizes risk and achieves continuous compliance.

blog /mai 02, 2017

Profile of a Hacker: The Real Sabu, Part 2 of 2

by David Holmes

One simple error led to the capture of notorious hacker Sabu—and the revelation of his identity.

blog /avr. 28, 2017

7 Upgrades to Level Up Your Security Program Experience

by Ray Pompon

When you feel like you’re losing the security battle, try one, a few, or all of these tips to re-invigorate your program and stay on a positive track.

blog /avr. 25, 2017

Internet, We (Still) Have a Problem with Internationalized Domain Names

by Lori MacVittie

Even URLs that look legitimate can be fake, so train, train, train your users to verify links before they click.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.