article /Mar 08, 2018

rTorrent Vulnerability Leveraged in Campaign Spoofing RIAA and NYU User-Agents?

by Andrey Shalnev

The same rTorrent XML-RPC function configuration error that was targeted to mine Monero in February was also targeted in January in a campaign apparently spoofing user-agents for RIAA and NYU.

article /Feb 28, 2018

rTorrent Client Exploited In The Wild To Deploy Monero Crypto-Miner

by Andrey Shalnev

A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.

article /Jan 15, 2018

Ramnit Goes on a Holiday Shopping Spree, Targeting Retailers and Banks

by Doron Voolf

Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.

article /Jan 03, 2018

New Python-Based Crypto-Miner Botnet Flying Under the Radar

by Maxim Zavodchik

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.

article /Dec 15, 2017

Zealot: New Apache Struts Campaign Uses EternalBlue to Mine Monero on Internal Networks

by Maxim Zavodchik

New Apache Struts campaign, Zealot, targets vulnerabilities in Windows, Linux, and the DotNetNuke CMS, then leverages leaked NSA exploits to move laterally through internal networks and mine Monero.

article /Oct 31, 2017

Academic Research: A Survey of Email Attacks

by David Hammerstrom, Sara McGarvey, Russel Parham, Kyle Uecker, Anthony Wade

Email has become such an ordinary part of our daily lives that we can forget how vulnerable it is.

article /Oct 10, 2017

Academic Research: Web Application Attacks

by Andrew Cox, Daniel Freese, Matthew Martin, Daniel Massie

Personally identifiable information and user credentials are the primary nuggets attackers are after when they exploit known vulnerabilities in web applications.

article /Sept 14, 2017

TrickBot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies

by Sara Boddy

TrickBot kicked into high gear coming into August with the most targeted URLs since its launch. It released a new worm module, shifted its focus towards the US, and soared past the one thousand target URL mark in a single configuration.

article /Jul 27, 2017

TrickBot Focuses on Wealth Management Services from its Dyre Core

by Sara Boddy

As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.

article /Apr 12, 2017

Doxing, DoS, and Defacement: Today’s Mainstream Hacktivism Tools

by Ray Pompon

Readily available hacking tools provide new ways for civil disobedience groups to antagonize their targets anonymously.

article /Apr 07, 2017

Marcher Gets Close to Users by Targeting Mobile Banking, Android Apps, Social Media, and Email

by Doron Voolf

Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.

article /Mar 27, 2017

From DDoS to Server Ransomware: APACHE STRUTS 2 - CVE-2017-5638 Campaign

by Maxim Zavodchik

A common infection vector used by botnet creators is scanning the Internet for web vulnerabilities to exploit for malware or back doors. The advantage of hitting servers over personal consumer devices is the ability to leverage powerful hardware that is...

article /Mar 10, 2017

DNS Is Still the Achilles’ Heel of the Internet

by Ray Pompon

Since the Internet can’t survive without DNS, let’s make our best effort to defend it.

article /Feb 13, 2017

How Three Low-Risk Vulnerabilities Become One High

by Keiron Shepherd

It’s easy to brush off low-risk vulnerabilities as trivial—until they’re combined to create a deep-impact attack.

article /Jan 19, 2017

The New Insider Threat: Automation Frameworks

by Lori MacVittie

One of the pillars of DevOps is automation. Along with that comes orchestration, which some might guess to be automation at a higher level of abstraction.

article /Jan 18, 2017

Welcome to CISO to CISO

by Mike Convertino

Hi. I’m Mike Convertino, CISO of F5 Networks, and I want to welcome you to an experiment we’re conducting here at F5. We’ve laid the foundation of this CISO to CISO portal on an idea that has traditionally been somewhat controversial in the security community: openness.

article /Nov 15, 2016

Old Protocols, New Exploits: LDAP Unwittingly Serves DDoS Amplification Attacks

by Liron Segal

A new DDoS attack vector that leverages LDAP for reflection-amplification attacks is seeing increased usage.

article /Oct 23, 2016

DARPA Proves Automated Systems Can Detect, Patch Software Flaws at Machine Speed

by Debbie Walkowski

According to DARPA, it takes an average of 312 days for security pros to discover software vulnerabilities such as viruses, malware, and other attacks. In hacker time, that’s a virtual eternity in which bad actors can wreak havoc.

article /Oct 06, 2016

Mirai: The IoT Bot that Took Down Krebs and Launched a Tbps Attack on OVH

by Liron Segal

The Mirai botnet has infected hundreds of thousands of Internet of Things (IoT) devices, specifically security cameras, by using vendor default passwords for Telnet access.

article /Sept 01, 2016

Malware Targeting Bank Accounts Has a Swapping Pattern

by Doron Voolf

F5 Labs analysts discovered a target pattern in the IBAN number formats as well as weekly changes to the script injection content. In May 2016, the F5 Security Operations Center (SOC) detected a generic form grabber and IBAN (International Bank...

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.