ARTICLES

article /5月 09, 2018

Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media

by Doron Voolf

Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.

article /4月 12, 2018

Windows IIS 6.0 CVE-2017-7269 Is Targeted Again to Mine Electroneum

by Andrey Shalnev

Attackers are targeting a Windows IIS vulnerability first disclosed a year ago to mine Electroneum.

article /4月 06, 2018

The Global Playing Field is Leveling Out as Europe and Asia Take on More DDoS Attacks

by Sara Boddy

The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.

article /3月 28, 2018

Old Dog, New Targets: Switching to Windows to Mine Electroneum

by Andrey Shalnev

Apache Struts 2 Jakarta Multipart Parser RCE crypto-mining campaign is now targeting Windows, not just Linux systems.

article /3月 08, 2018

rTorrent Vulnerability Leveraged in Campaign Spoofing RIAA and NYU User-Agents?

by Andrey Shalnev

The same rTorrent XML-RPC function configuration error that was targeted to mine Monero in February was also targeted in January in a campaign apparently spoofing user-agents for RIAA and NYU.

article /2月 28, 2018

rTorrent Client Exploited In The Wild To Deploy Monero Crypto-Miner

by Andrey Shalnev

A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.

article /1月 15, 2018

Ramnit Goes on a Holiday Shopping Spree, Targeting Retailers and Banks

by Doron Voolf

Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.

article /1月 03, 2018

New Python-Based Crypto-Miner Botnet Flying Under the Radar

by Maxim Zavodchik

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.

article /12月 15, 2017

Zealot: New Apache Struts Campaign Uses EternalBlue to Mine Monero on Internal Networks

by Maxim Zavodchik

New Apache Struts campaign, Zealot, targets vulnerabilities in Windows, Linux, and the DotNetNuke CMS, then leverages leaked NSA exploits to move laterally through internal networks and mine Monero.

article /10月 31, 2017

Academic Research: A Survey of Email Attacks

by David Hammerstrom, Sara McGarvey, Russel Parham, Kyle Uecker, Anthony Wade

Email has become such an ordinary part of our daily lives that we can forget how vulnerable it is.

article /10月 10, 2017

Academic Research: Web Application Attacks

by Andrew Cox, Daniel Freese, Matthew Martin, Daniel Massie

Personally identifiable information and user credentials are the primary nuggets attackers are after when they exploit known vulnerabilities in web applications.

article /9月 14, 2017

TrickBot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies

by Sara Boddy

TrickBot kicked into high gear coming into August with the most targeted URLs since its launch. It released a new worm module, shifted its focus towards the US, and soared past the one thousand target URL mark in a single configuration.

article /7月 27, 2017

TrickBot Focuses on Wealth Management Services from its Dyre Core

by Sara Boddy

As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.

article /4月 12, 2017

Doxing, DoS, and Defacement: Today’s Mainstream Hacktivism Tools

by Ray Pompon

Readily available hacking tools provide new ways for civil disobedience groups to antagonize their targets anonymously.

article /4月 07, 2017

Marcher Gets Close to Users by Targeting Mobile Banking, Android Apps, Social Media, and Email

by Doron Voolf

Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.

article /3月 27, 2017

From DDoS to Server Ransomware: APACHE STRUTS 2 - CVE-2017-5638 Campaign

by Maxim Zavodchik

A common infection vector used by botnet creators is scanning the Internet for web vulnerabilities to exploit for malware or back doors. The advantage of hitting servers over personal consumer devices is the ability to leverage powerful hardware that is...

article /3月 10, 2017

DNS Is Still the Achilles’ Heel of the Internet

by Ray Pompon

Since the Internet can’t survive without DNS, let’s make our best effort to defend it.

article /2月 13, 2017

How Three Low-Risk Vulnerabilities Become One High

by Keiron Shepherd

It’s easy to brush off low-risk vulnerabilities as trivial—until they’re combined to create a deep-impact attack.

article /1月 19, 2017

The New Insider Threat: Automation Frameworks

by Lori MacVittie

One of the pillars of DevOps is automation. Along with that comes orchestration, which some might guess to be automation at a higher level of abstraction.

article /1月 18, 2017

Welcome to CISO to CISO

by Mike Convertino

Hi. I’m Mike Convertino, CISO of F5 Networks, and I want to welcome you to an experiment we’re conducting here at F5. We’ve laid the foundation of this CISO to CISO portal on an idea that has traditionally been somewhat controversial in the security community: openness.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.