Windows IIS 6.0 CVE-2017-7269 Is Targeted Again to Mine Electroneum

article / Apr 12, 2018 (MODIFIED: Apr 17, 2018)

by Andrey Shalnev

Attackers are targeting a Windows IIS vulnerability first disclosed a year ago to mine Electroneum.

Know the Risks to Your Critical Apps and Defend Against Them

blog / Apr 10, 2018 (MODIFIED: Apr 12, 2018)

by Ray Pompon

Critical apps are the ones that must never go down or be hacked. They are also the hardest to defend because they are often massive, ancient, and touch everything.

The Global Playing Field is Leveling Out as Europe and Asia Take on More DDoS Attacks

article / Apr 06, 2018 (MODIFIED: Apr 17, 2018)

by Sara Boddy, Ilan Meller, Justin Shattuck, Damien Rocha

The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.

Avoid Becoming a Crypto-Mining Bot: Where to Look for Mining Malware and How to Respond

/ Apr 03, 2018

by David Holmes

People are mining coins all over the place-all it costs is money for the power bill. So, of course, clever people are figuring out how to use other people’s power to mine cryptocurrency.

Old Dog, New Targets: Switching to Windows to Mine Electroneum

article / Mar 28, 2018 (MODIFIED: Apr 10, 2018)

by Andrey Shalnev

Apache Struts 2 Jakarta Multipart Parser RCE crypto-mining campaign is now targeting Windows, not just Linux systems.

When Information Security is a Matter of Public Safety

blog / Mar 22, 2018 (MODIFIED: Apr 17, 2018)

by Ray Pompon, Sara Boddy, Debbie Walkowski

Seven steps for improving the security of critical infrastructure systems—and protecting the public from unnecessary risk.

The Hunt for IoT: The Growth and Evolution of Thingbots Ensures Chaos

report / Mar 13, 2018 (MODIFIED: Mar 30, 2018)

by Sara Boddy, Justin Shattuck

IoT attacks show no signs of decreasing while infected IoT devices go un-remediated, and discovery of new thingbots is at a decade-long high.

Threat Modeling the Internet of Things: Modeling Reaper

/ Mar 09, 2018 (MODIFIED: Apr 10, 2018)

by David Holmes

Reaper is just one more blinking light in the faces of the InfoSec community reminding us that we need to get ahead of IOT madness.

rTorrent Vulnerability Leveraged in Campaign Spoofing RIAA and NYU User-Agents?

article / Mar 08, 2018 (MODIFIED: Apr 10, 2018)

by Andrey Shalnev

The same rTorrent XML-RPC function configuration error that was targeted to mine Monero in February was also targeted in January in a campaign apparently spoofing user-agents for RIAA and NYU.

Exploited Memcached Servers Lead to Record-Setting 1.3Tbps DDoS Attack

blog / Mar 02, 2018 (MODIFIED: Apr 12, 2018)

by Sara Boddy

Memcached is just one of many application infrastructure systems that could launch the same types of attacks if they were also misconfigured.

rTorrent Client Exploited In The Wild To Deploy Monero Crypto-Miner

article / Feb 28, 2018 (MODIFIED: Apr 17, 2018)

by Andrey Shalnev

A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.

XMRig Miner Now Targeting Oracle WebLogic and Jenkins Servers to Mine Monero

blog / Feb 21, 2018 (MODIFIED: Apr 06, 2018)

by Andrey Shalnev

The same drop zone server used last week to mine Monero on compromised Jenkins automation servers is now being used in a new Monero mining campaign targeting Oracle Web Logic servers.

Beware of Attackers Stealing Your Computing Power for their Cryptomining Operations

blog / Feb 15, 2018 (MODIFIED: Mar 30, 2018)

by Travis Kreikemeier

As the black-market price for stolen data declines, attackers turn to cryptojacking schemes to maximize their profits—all at your expense.

The Email that Could Steal Your Life Savings and Leave You Homeless

blog / Feb 08, 2018 (MODIFIED: Mar 22, 2018)

by Debbie Walkowski, David Holmes

Real estate scams are big business for attackers. Be on the lookout for this one, which can leave home buyers destitute if not caught in time.

Thingbots and Reapers and CryptoMiners—Oh, My! F5 Labs’ First Year in Review

blog / Jan 25, 2018 (MODIFIED: Mar 09, 2018)

by Debbie Walkowski

F5 Labs covered a multitude of threats, vulnerabilities, botnets, attackers, and attacks in 2017. Here are just some of the highlights you might have missed.

Ramnit Goes on a Holiday Shopping Spree, Targeting Retailers and Banks

article / Jan 15, 2018 (MODIFIED: Mar 02, 2018)

by Doron Voolf

Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.

A Spectre of Meltdowns Could be in Store for 2018, Including Fileless Malware Attacks and More Costly Bots

blog / Jan 10, 2018 (MODIFIED: Mar 01, 2018)

by Lori MacVittie

Every week another bug, vulnerability, or exploit is released - we need a multi-layered security strategy (beyond our standard patch “spin cycles”) to deal with threats like Spectre and Meltdown.

Mirai is Attacking Again, So We’re Outing its Hilarious, Explicit C&C Hostnames

blog / Jan 04, 2018 (MODIFIED: Feb 21, 2018)

by David Holmes

With Mirai rearing its ugly head again, we’re revealing its C&C hostnames so organizations can update their blacklists and protect themselves.

New Python-Based Crypto-Miner Botnet Flying Under the Radar

article / Jan 03, 2018 (MODIFIED: Mar 08, 2018)

by Maxim Zavodchik, Liron Segal, Aaron Brailsford

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.

BrickerBot: Do “Good Intentions” Justify the Means—or Deliver Meaningful Results?

blog / Dec 28, 2017 (MODIFIED: Jan 23, 2018)

by Justin Shattuck

Most security researchers have good intentions, but ethics must play a central role in the decisions they make.

Bleichenbacher Rears its Head Again with the ROBOT Attack

blog / Dec 27, 2017 (MODIFIED: Jan 15, 2018)

by David Holmes

Bleichenbacher attacks will likely continue to pop up until TLS 1.3 is fully adopted, which could take years.

Zealot: New Apache Struts Campaign Uses EternalBlue and EternalSynergy to Mine Monero on Internal Networks

article / Dec 15, 2017 (MODIFIED: Mar 08, 2018)

by Maxim Zavodchik, Liron Segal

New Apache Struts campaign, Zealot, targets vulnerabilities in Windows, Linux, and the DotNetNuke CMS, then leverages leaked NSA exploits to move laterally through internal networks and mine Monero.

The Credential Crisis: It’s Really Happening

blog / Dec 14, 2017 (MODIFIED: Jan 10, 2018)

by Lori MacVittie

With billions of data records compromised, it’s time to reconsider whether passwords are our best means for authenticating users.

Lessons Learned from a Decade of Data Breaches

report / Dec 07, 2017 (MODIFIED: Mar 13, 2018)

by Sara Boddy, Ray Pompon

F5 Labs researched 433 breach cases spanning 12 years, 37 industries, and 27 countries to discover patterns in the initial attacks that lead to the breach.

The Startup Security Challenge: Safe in the Cloud from Day One

blog / Nov 30, 2017 (MODIFIED: Jan 03, 2018)

by Ray Pompon

How this cloud startup met its goals for security and availability right out of the gate by setting goals, doing a risk analysis, and examining tradeoffs.

If Your Security Question List Looks like a Facebook Favorite List, Start Over Now

blog / Nov 21, 2017 (MODIFIED: Dec 27, 2017)

by Lori MacVittie

Seriously, how many colors are there? And how many of us share the same love of one of those limited choices?

Phishing: The Secret of its Success and What You Can Do to Stop It

report / Nov 16, 2017 (MODIFIED: Jan 04, 2018)

by Ray Pompon

Learn about the tricks attackers use to dupe unsuspecting users and how you can help protect them—and your organization.

What Happens to Encryption in a Post-Quantum Computing World?

blog / Nov 07, 2017 (MODIFIED: Dec 15, 2017)

by Debbie Walkowski

As the possibility of quantum computing draws nearer, changes to today’s TLS key exchange algorithms will be required.

Academic Research: A Survey of Email Attacks

article / Oct 31, 2017 (MODIFIED: Dec 14, 2017)

by David Hammerstrom, Sara McGarvey, Russel Parham, Kyle Uecker, Anthony Wade

Email has become such an ordinary part of our daily lives that we can forget how vulnerable it is.

Reaper: The Professional Bot Herder’s Thingbot

blog / Oct 26, 2017 (MODIFIED: Dec 18, 2017)

by David Holmes, Justin Shattuck

While Reaper might be considered an “object lesson” today, it should serve as a blistering warning that IoT security needs to be fixed now.

Help Guide the Future of Apps – Ultimately your Threat Landscape – by Responding to our SOAD Survey!

blog / Oct 24, 2017 (MODIFIED: Nov 02, 2017)

by Lori MacVittie

Assessing the State of Application Delivery depends on getting information from you about your applications!

Interview with the Experts: The Future of IoT Security through the Eyes of F5 Threat Researchers

blog / Oct 19, 2017 (MODIFIED: Nov 30, 2017)

by Debbie Walkowski

When it comes to IoT threats, we’re nowhere near being out of the woods yet; we’ve just barely entered the forest.

New Threat May Slip through the KRACK in BYOD Policies

blog / Oct 17, 2017 (MODIFIED: Nov 16, 2017)

by Lori MacVittie

Combating this vulnerability might mean you have to force updates on employees’ personal devices or deny them access altogether.

Joining Forces with Criminals, Deviants, and Spies to Defend Privacy

blog / Oct 12, 2017 (MODIFIED: Nov 07, 2017)

by Jennifer Chermoshnyuk, Matt Beland

Organizations need to provide clear and specific guidance to employees who travel across national borders when it comes to giving up passwords and surrendering devices.

Academic Research: Web Application Attacks

article / Oct 10, 2017 (MODIFIED: Nov 09, 2017)

by Andrew Cox, Daniel Freese, Matthew Martin, Daniel Massie

Personally identifiable information and user credentials are the primary nuggets attackers are after when they exploit known vulnerabilities in web applications.

The Good News about Breaches

blog / Oct 04, 2017 (MODIFIED: Oct 31, 2017)

by Lori MacVittie

Security breaches in the news serve as a good reminder to check and make sure you have a solid application protection strategy in place, starting with never trusting user input.

Phishing for Information, Part 5: How Attackers Pull It All Together, and How You Can Fight Back

blog / Sept 28, 2017 (MODIFIED: Oct 24, 2017)

by Ray Pompon

Stop feeding attackers every piece of the puzzle they need to pull off their scams.

TrickBot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies

article / Sept 14, 2017 (MODIFIED: Oct 17, 2017)

by Sara Boddy, Jesse Smith, Doron Voolf

TrickBot kicked into high gear coming into August with the most targeted URLs since its launch. It released a new worm module, shifted its focus towards the US, and soared past the one thousand target URL mark in a single configuration.

Phishing for Information, Part 4: Beware of Data Leaking Out of Your Equipment

blog / Sept 07, 2017 (MODIFIED: Dec 29, 2017)

by Ray Pompon

Organizations often overlook the many ways in which their own systems put useful information right into the hands of attackers building cyber scams.

WireX Android DDoS Malware Adds UDP Flood

blog / Sept 01, 2017 (MODIFIED: Oct 04, 2017)

by Julia Karpin, Liron Segal, Maxim Zavodchik

As quickly as attackers commandeer IoT devices to build more “thingbots,” they continue to evolve their attack types and functionality.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.