Phishing for Information, Part 2: How Attackers Collect Data About Your Employees

blog / Jul 20, 2017

by Ray Pompon

The personal and job-related information that employees often innocently post on various websites makes it easy for phishers to pull off their scams.

How to Avoid the Six Most Common Audit Failures

blog / Jul 18, 2017 (MODIFIED: Jul 20, 2017)

by Ray Pompon

A veteran auditor told us how organizations fail audits. Here are six detailed strategies to help you achieve success.

How Quantum Computing Will Change Browser Encryption

report / Jul 13, 2017 (MODIFIED: Jul 18, 2017)

by David Holmes

Safeguarding TLS against attack in the quantum computing age will require changes to today’s TLS key exchange algorithms.

Who Should the CISO Report To?

blog / Jul 11, 2017 (MODIFIED: Jul 20, 2017)

by Ray Pompon

Savvy organizations that understand the gravity of cyber security are giving CISOs a voice at the executive table.

Phishing for Information, Part 1: How Phishers Bait Their Hooks with Information You Volunteer

blog / Jul 06, 2017 (MODIFIED: Jul 20, 2017)

by Ray Pompon

In this five-part blog series, we look at how cyber scammers vacuum up information across the Internet to build profiles for phishing and other kinds of social engineering attacks.

The Six Most Common Audit Failures

blog / Jun 29, 2017 (MODIFIED: Jul 20, 2017)

by Kyle Robinson, Senior Manager at Grant Thornton

A veteran auditor walks through where he’s seen organizations fail during audit.

NSA, CIA Leaks Provide a Roadmap to Stealthier, Faster, More Powerful Malware Like SambaCry and NotPetya

blog / Jun 27, 2017 (MODIFIED: Jul 13, 2017)

by Mike Convertino

Recent NSA and CIA leaks exposed advanced new techniques for building automated malware factories that churn out threats like SambaCry and Petya/NotPetya, which deploy over untraceable networks.

Achieving Multi-Dimensional Security through Information Modeling—The Master Model Part 2

blog / Jun 22, 2017 (MODIFIED: Jul 20, 2017)

by Ravila White

Understanding the customer segment of your organization is critical to developing a strategy that ensures regulatory compliance.

Russian Hackers, Face to Face

blog / Jun 21, 2017 (MODIFIED: Jul 18, 2017)

by Ray Pompon

An undercover interview of two infamous Russian hackers speak volumes about skills, passion, and motivation of some of the world’s most dangerous cybercriminals.

TrickBot Expands Global Targets Beyond Banks and Payment Processors to CRMs

blog / Jun 15, 2017 (MODIFIED: Jul 11, 2017)

by Sara Boddy, Jesse Smith, Doron Voolf

TrickBot shows no signs of slowing down as new targets are added and command and control servers hide within web hosting providers’ networks.

Yak Shaving: CISOs Aren’t Immune

blog / Jun 14, 2017 (MODIFIED: Jul 18, 2017)

by Ray Pompon

Sometimes, CISOs spin their wheels doing useless security activity that only looks productive from the outside.

10 Ways Organizations Can Get Ready for Breach Disclosure

blog / Jun 08, 2017 (MODIFIED: Jul 20, 2017)

by Ray Pompon

Facing data breach disclosure requirements across the globe, organizations need to be prepare in advance to respond well.

Default Passwords Are Not the Biggest Part of the IoT Botnet Problem

blog / Jun 06, 2017 (MODIFIED: Jul 20, 2017)

by Lori MacVittie

Providers and manufacturers could go a long way toward reducing the very real threat of IoT.

The CISO: A Field Guide

blog / Jun 01, 2017 (MODIFIED: Jul 18, 2017)

by Bill Hughes

Learn to recognize different types of CISOs so you can ensure you’re hiring the right one.

Fight Credential Stuffing by Taking a New Approach to Authorization

blog / May 31, 2017 (MODIFIED: Jul 06, 2017)

by Michael Koyfman

How a token-based authorization model can help organizations dramatically reduce credential stuffing attacks.

SambaCry: The Linux Sequel to WannaCry

blog / May 26, 2017 (MODIFIED: Jul 11, 2017)

by Malcolm Heath, Ray Pompon

With simple exploits plaguing Windows and Linux SMB week over week, do yourself a favor and patch for CVE-2017-7494 now to avoid having to do it in panic mode.

How I Learned to Love Cyber Security

blog / May 25, 2017 (MODIFIED: Jul 18, 2017)

by Todd Plesco, CISO of Prescribe Wellness

Cyber security can be a difficult and thankless job, but you can learn to love it when you know how to go about it.

How a CISO Can Play a Role in Selling Security

blog / May 23, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

More and more CISOs are finding themselves pulled into the sales cycle to defend and sell their security programs. Here’s how to do it right.

Why Cloud Sprawl is a Security Risk

blog / May 18, 2017 (MODIFIED: Jul 06, 2017)

by Lori MacVittie

Cloud sprawl isn’t just a budget sinkhole; it’s quickly becoming a security blind spot and potential attack vector for data theft.

Strike Back at Silent Bob: Scan and Block Ports Used by Intel AMT

blog / May 16, 2017 (MODIFIED: Jul 06, 2017)

by David Holmes

Is the Intel AMT vulnerability as bad as we all first thought? Either way, here are some suggestions for protecting yourself.

From NSA Exploit to Widespread Ransomware: WannaCry is on the Loose

blog / May 12, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

The new EternalBlue NSA exploit is powering a wave of virulent ransomware sweeping across Europe.

THE HUNT FOR IoT: The Networks Building Death Star-Sized Botnets

report / May 10, 2017 (MODIFIED: Jul 13, 2017)

by Sara Boddy, Justin Shattuck

With a growth rate of 1,473% in 2016, the hunt for vulnerable IoT devices rages on...

Can Your Risk Assessment Stand Up Under Scrutiny?

blog / May 09, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

Risk assessments are a key part of a security program, but their execution and format are highly variable. Regulators can sanction organizations that perform improper or inadequate risk assessments.

Achieving Multi-Dimensional Security through Information Modeling – Part 1

blog / May 04, 2017 (MODIFIED: Jul 18, 2017)

by Ravila White

Information modeling blends lateral thinking and deductive logic. Applied to information security, it’s a powerful technique for designing a security architecture with multi-dimensional controls that minimizes risk and achieves continuous compliance.

Profile of a Hacker: The Real Sabu, Part 2 of 2

blog / May 02, 2017 (MODIFIED: Jul 06, 2017)

by David Holmes

One simple error led to the capture of notorious hacker Sabu—and the revelation of his identity.

7 Upgrades to Level Up Your Security Program Experience

blog / Apr 28, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

When you feel like you’re losing the security battle, try one, a few, or all of these tips to re-invigorate your program and stay on a positive track.

Internet, We (Still) Have a Problem with Internationalized Domain Names

blog / Apr 25, 2017 (MODIFIED: Jul 06, 2017)

by Lori MacVittie

Even URLs that look legitimate can be fake, so train, train, train your users to verify links before they click.

Executive Impersonation Fraud Is on the Rise—and It Is Working

blog / Apr 20, 2017 (MODIFIED: Jul 18, 2017)

by Mike Levin, Center for Information Security Awareness

Your company could lose hundreds of thousands in an impersonation scam, but here are eight things you can do to protect yourself.

Profile of a Hacker: The Real Sabu, Part 1 of 2

blog / Apr 18, 2017 (MODIFIED: Jul 06, 2017)

by David Holmes

Notorious hacker of Anonymous and LulzSec fame is challenged by rival hacker, The Jester, to reveal his identity.

Stalking in the Workplace: What CISOs Can Do

blog / Apr 14, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

Cyberstalking will rise as hacking tools become more powerful and easier to use, but there’s much you can do to help protect victims.

Doxing, DoS, and Defacement: Today’s Mainstream Hacktivism Tools

article / Apr 12, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

Readily available hacking tools provide new ways for civil disobedience groups to antagonize their targets anonymously.

Marcher Gets Close to Users by Targeting Mobile Banking, Android Apps, Social Media, and Email

article / Apr 07, 2017 (MODIFIED: Jul 06, 2017)

by Doron Voolf

Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.

Wait, Don’t Throw Out Your Firewalls!

blog / Apr 04, 2017 (MODIFIED: Jul 06, 2017)

by Wendy Nather, Duo Security

Yes, the perimeter has shifted, but firewalls still have a place in your network. They’re just not alone anymore.

How to Talk Cyber Risk with Executives

blog / Mar 30, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon, Sara Boddy

Board level interest in your cyber risk posture is growing, in fact it might be required soon for publicly traded companies. Presenting cyber risk to your board – effectively – means talking in their terms.

Virtual Kidnapping: The Latest in an Endless Stream of Scams

blog / Mar 30, 2017 (MODIFIED: Jul 06, 2017)

by Mike Levin, Center for Information Security Awareness

The virtual kidnapping scam is on the rise because of the excessive amount of personal information people volunteer on social media.

From DDoS to Server Ransomware: APACHE STRUTS 2 - CVE-2017-5638 Campaign

article / Mar 27, 2017 (MODIFIED: Jul 06, 2017)

by Maxim Zavodchik, Julia Karpin, Ilya Chernyakov, Dylan Syme

A common infection vector used by botnet creators is scanning the Internet for web vulnerabilities to exploit for malware or back doors. The advantage of hitting servers over personal consumer devices is the ability to leverage powerful hardware that is...

Cyber Insurance: Read the Fine Print!

blog / Mar 24, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon, Sara Boddy

Purchasing cyber insurance can be useful, but claims are often denied due to policy exclusions or lapses in controls.

Can Audits Help Us Trust Third Parties?

blog / Mar 20, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

Organizations who outsource need to measure the risk of entrusting their data to someone else. They aren’t easy or cheap, but audits are really the best tool we have.

Will Deception as a Defense Become Mainstream?

blog / Mar 13, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

Defensive deception works well, but needs championing before we’ll see it as a best practice or compliance requirement.

DNS Is Still the Achilles’ Heel of the Internet

article / Mar 10, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

Since the Internet can’t survive without DNS, let’s make our best effort to defend it.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.