Managing Compliance Issues within the Value Chain

blog / 5 18, 2018 (MODIFIED: 5 17, 2018)

by Kip Boyle

Align your compliance requirements with your other business requirements so you can distinguish what you must do from what’s nice to do.

Drupalgeddon 2 Highlights the Need for AppSecOps

blog / 5 12, 2018 (MODIFIED: 5 14, 2018)

by Lori MacVittie

If you aren’t aware of Drupalgeddon 2, then you’ve either been living off the grid or don’t use the popular content management system (CMS).

Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media

article / 5 09, 2018 (MODIFIED: 5 14, 2018)

by Doron Voolf

Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.

Risky Business: The Fifth Element

/ 5 09, 2018 (MODIFIED: 5 08, 2018)

by Preston Hogue

Preston Hogue writes for Security Week, explaining the fifth element of risk transfer: Sec-aaS.

Russia Attacks Global Network Infrastructure Through Vulnerabilities That Extend Far Beyond Their Targets

blog / 5 04, 2018 (MODIFIED: 5 17, 2018)

by Sara Boddy

US-CERT TL18-106A alert underscores how insecure Internet systems really are and that ignoring the problem only increases the collateral damage.

Breach Costs Are Rising with the Prevalence of Lawsuits

blog / 5 03, 2018 (MODIFIED: 5 17, 2018)

by Ray Pompon

When it comes to tallying the total cost of a data breach, lawsuits figure prominently, alongside repair costs, loss of reputation and sales, compliance penalties, and operational downtime.

How Secure Are Your Third-Party Web Apps?

blog / 4 27, 2018 (MODIFIED: 5 09, 2018)

by Ray Pompon

You can’t assume that your third-party web apps are secure! You need to assess them yourself using this multi-step process.

The 2017 TLS Telemetry Report

report / 4 23, 2018

by David Holmes

Privacy today isn’t just about staying away from prying eyes. The very act of communicating across the Internet with open, non-confidential protocols invites exposure to multiple threat types.

5 Fun Facts About the 2018 Singapore Cybersecurity Statute

/ 4 20, 2018 (MODIFIED: 4 19, 2018)

by David Holmes

Fun Fact #2: the author is looking forward to being a card-carrying Singaporean crime fighter (temporarily) someday.

Extend Your Security Program’s Influence with Adjuvants

blog / 4 17, 2018 (MODIFIED: 5 09, 2018)

by Ray Pompon

Savvy CISOs don’t go it alone; they rely on in-house collaborators (outside of the security team) to help achieve the organization’s security objectives.

Windows IIS 6.0 CVE-2017-7269 Is Targeted Again to Mine Electroneum

article / 4 13, 2018 (MODIFIED: 5 14, 2018)

by Andrey Shalnev

Attackers are targeting a Windows IIS vulnerability first disclosed a year ago to mine Electroneum.

Know the Risks to Your Critical Apps and Defend Against Them

blog / 4 11, 2018 (MODIFIED: 5 14, 2018)

by Ray Pompon

Critical apps are the ones that must never go down or be hacked. They are also the hardest to defend because they are often massive, ancient, and touch everything.

The Global Playing Field is Leveling Out as Europe and Asia Take on More DDoS Attacks

article / 4 07, 2018 (MODIFIED: 5 17, 2018)

by Sara Boddy, Ilan Meller, Justin Shattuck, Damien Rocha

The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.

Avoid Becoming a Crypto-Mining Bot: Where to Look for Mining Malware and How to Respond

/ 4 04, 2018 (MODIFIED: 5 04, 2018)

by David Holmes

People are mining coins all over the place-all it costs is money for the power bill. So, of course, clever people are figuring out how to use other people’s power to mine cryptocurrency.

Old Dog, New Targets: Switching to Windows to Mine Electroneum

article / 3 29, 2018 (MODIFIED: 4 26, 2018)

by Andrey Shalnev

Apache Struts 2 Jakarta Multipart Parser RCE crypto-mining campaign is now targeting Windows, not just Linux systems.

IOT: Moving to Security by Design

/ 3 28, 2018 (MODIFIED: 5 08, 2018)

by David Holmes

With device developers rushing to build IoT as fast as they can, security can suffer.

When Information Security is a Matter of Public Safety

blog / 3 23, 2018 (MODIFIED: 4 23, 2018)

by Ray Pompon, Sara Boddy, Debbie Walkowski

Seven steps for improving the security of critical infrastructure systems—and protecting the public from unnecessary risk.

Twelve Tips to Help Employees Keep Devices Secure When Away from the Office

blog / 3 21, 2018 (MODIFIED: 4 23, 2018)

by Mike Levin, Center for Information Security Awareness

Laptops full of confidential data are still getting stolen, and public Wi-Fi hotspots are being booby-trapped. CISOs need to make users aware of the threat to prevent this from happening.

Reacting to a Big Breach

/ 3 16, 2018 (MODIFIED: 5 08, 2018)

by Ray Pompon

A big public breach is a teachable moment for both you and your organization.

The Hunt for IoT: The Growth and Evolution of Thingbots Ensures Chaos

report / 3 14, 2018 (MODIFIED: 5 04, 2018)

by Sara Boddy, Justin Shattuck

IoT attacks show no signs of decreasing while infected IoT devices go un-remediated, and discovery of new thingbots is at a decade-long high.

Threat Modeling the Internet of Things: Modeling Reaper

/ 3 10, 2018 (MODIFIED: 4 10, 2018)

by David Holmes

Reaper is just one more blinking light in the faces of the InfoSec community reminding us that we need to get ahead of IOT madness.

rTorrent Vulnerability Leveraged in Campaign Spoofing RIAA and NYU User-Agents?

article / 3 09, 2018 (MODIFIED: 4 10, 2018)

by Andrey Shalnev

The same rTorrent XML-RPC function configuration error that was targeted to mine Monero in February was also targeted in January in a campaign apparently spoofing user-agents for RIAA and NYU.

Exploited Memcached Servers Lead to Record-Setting 1.3Tbps DDoS Attack

blog / 3 02, 2018 (MODIFIED: 4 12, 2018)

by Sara Boddy

Memcached is just one of many application infrastructure systems that could launch the same types of attacks if they were also misconfigured.

rTorrent Client Exploited In The Wild To Deploy Monero Crypto-Miner

article / 3 01, 2018 (MODIFIED: 4 17, 2018)

by Andrey Shalnev

A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.

User Experience and Security Should be Complementary, Not Contradictory

/ 2 24, 2018 (MODIFIED: 4 19, 2018)

by Preston Hogue

When new technology initiatives are approached in the right way, organizations can implement them, mitigate risk, and provide the best user experience.

XMRig Miner Now Targeting Oracle WebLogic and Jenkins Servers to Mine Monero

blog / 2 22, 2018 (MODIFIED: 4 06, 2018)

by Andrey Shalnev

The same drop zone server used last week to mine Monero on compromised Jenkins automation servers is now being used in a new Monero mining campaign targeting Oracle Web Logic servers.

Beware of Attackers Stealing Your Computing Power for their Cryptomining Operations

blog / 2 16, 2018 (MODIFIED: 3 30, 2018)

by Travis Kreikemeier

As the black-market price for stolen data declines, attackers turn to cryptojacking schemes to maximize their profits—all at your expense.

Risky Business (Part 3): The Beauty of Risk Transfer

/ 2 14, 2018 (MODIFIED: 3 30, 2018)

by Preston Hogue

Risk transfer strategies allow you more time to focus on your business.

The Email that Could Steal Your Life Savings and Leave You Homeless

blog / 2 09, 2018 (MODIFIED: 3 22, 2018)

by Debbie Walkowski, David Holmes

Real estate scams are big business for attackers. Be on the lookout for this one, which can leave home buyers destitute if not caught in time.

CISOs Look to Machine Learning to Augment Security Staffing Shortages

blog / 2 07, 2018 (MODIFIED: 3 20, 2018)

by Ray Pompon

As security expertise becomes more scarce, CISOs are turning to machine learning to do more with fewer people.

86 Your Cyber Attackers! Avoid Data Breaches by Protecting Your Most Likely Attack Targets

blog / 2 01, 2018 (MODIFIED: 4 16, 2018)

by Sara Boddy

Critical lessons can be learned from others’ mistakes. Don’t learn the hard way; heed the warnings from our research.

Thingbots and Reapers and CryptoMiners—Oh, My! F5 Labs’ First Year in Review

blog / 1 26, 2018 (MODIFIED: 3 09, 2018)

by Debbie Walkowski

F5 Labs covered a multitude of threats, vulnerabilities, botnets, attackers, and attacks in 2017. Here are just some of the highlights you might have missed.

Risk vs. Reality: Don’t Solve the Wrong Problem

blog / 1 25, 2018 (MODIFIED: 3 02, 2018)

by Ray Pompon

If you’re not evaluating risk in terms of likelihood and impact, you could be focusing your security efforts in all the wrong places.

Everything is Compromised—Now What?

blog / 1 19, 2018 (MODIFIED: 3 15, 2018)

by Jared B. Reimer

Accept that breaches are inevitable in today’s world, then take these steps to reduce the chances of a large-scale, headline-making compromise.

State of App Delivery 2018: Security Again Edges Out Availability as Most Important App Service

blog / 1 16, 2018 (MODIFIED: 2 21, 2018)

by Lori MacVittie

Forty-three percent of organizations say security is essential when deploying apps, and more than two thirds use multiple security solutions to protect clients, infrastructure, and web apps.

Ramnit Goes on a Holiday Shopping Spree, Targeting Retailers and Banks

article / 1 16, 2018 (MODIFIED: 3 02, 2018)

by Doron Voolf

Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.

Risky Business (Part 2): Why You Need a Risk Treatment Plan

/ 1 13, 2018 (MODIFIED: 2 23, 2018)

by Preston Hogue

Performing a risk analysis and taking due care are no longer optional.

A Spectre of Meltdowns Could be in Store for 2018, Including Fileless Malware Attacks and More Costly Bots

blog / 1 11, 2018 (MODIFIED: 3 01, 2018)

by Lori MacVittie

Every week another bug, vulnerability, or exploit is released - we need a multi-layered security strategy (beyond our standard patch “spin cycles”) to deal with threats like Spectre and Meltdown.

Global Consultancy Overcomes Cloud Security Risks

blog / 1 10, 2018 (MODIFIED: 2 13, 2018)

by Ray Pompon

How moving application into the cloud can make your organization stronger and more valuable to your customers.

Mirai is Attacking Again, So We’re Outing its Hilarious, Explicit C&C Hostnames

blog / 1 05, 2018 (MODIFIED: 2 21, 2018)

by David Holmes

With Mirai rearing its ugly head again, we’re revealing its C&C hostnames so organizations can update their blacklists and protect themselves.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.