BLOG

blog /4月 17, 2018

Extend Your Security Program’s Influence with Adjuvants

by Ray Pompon

Savvy CISOs don’t go it alone; they rely on in-house collaborators (outside of the security team) to help achieve the organization’s security objectives.

blog /4月 10, 2018

Know the Risks to Your Critical Apps and Defend Against Them

by Ray Pompon

Critical apps are the ones that must never go down or be hacked. They are also the hardest to defend because they are often massive, ancient, and touch everything.

blog /3月 22, 2018

When Information Security is a Matter of Public Safety

by Ray Pompon

Seven steps for improving the security of critical infrastructure systems—and protecting the public from unnecessary risk.

blog /3月 20, 2018

Twelve Tips to Help Employees Keep Devices Secure When Away from the Office

by Mike Levin, Center for Information Security Awareness

Laptops full of confidential data are still getting stolen, and public Wi-Fi hotspots are being booby-trapped. CISOs need to make users aware of the threat to prevent this from happening.

blog /3月 02, 2018

Exploited Memcached Servers Lead to Record-Setting 1.3Tbps DDoS Attack

by Sara Boddy

Memcached is just one of many application infrastructure systems that could launch the same types of attacks if they were also misconfigured.

blog /2月 21, 2018

XMRig Miner Now Targeting Oracle WebLogic and Jenkins Servers to Mine Monero

by Andrey Shalnev

The same drop zone server used last week to mine Monero on compromised Jenkins automation servers is now being used in a new Monero mining campaign targeting Oracle Web Logic servers.

blog /2月 15, 2018

Beware of Attackers Stealing Your Computing Power for their Cryptomining Operations

by Travis Kreikemeier

As the black-market price for stolen data declines, attackers turn to cryptojacking schemes to maximize their profits—all at your expense.

blog /2月 08, 2018

The Email that Could Steal Your Life Savings and Leave You Homeless

by Debbie Walkowski

Real estate scams are big business for attackers. Be on the lookout for this one, which can leave home buyers destitute if not caught in time.

blog /2月 06, 2018

CISOs Look to Machine Learning to Augment Security Staffing Shortages

by Ray Pompon

As security expertise becomes more scarce, CISOs are turning to machine learning to do more with fewer people.

blog /1月 31, 2018

86 Your Cyber Attackers! Avoid Data Breaches by Protecting Your Most Likely Attack Targets

by Sara Boddy

Critical lessons can be learned from others’ mistakes. Don’t learn the hard way; heed the warnings from our research.

blog /1月 25, 2018

Thingbots and Reapers and CryptoMiners—Oh, My! F5 Labs’ First Year in Review

by Debbie Walkowski

F5 Labs covered a multitude of threats, vulnerabilities, botnets, attackers, and attacks in 2017. Here are just some of the highlights you might have missed.

blog /1月 24, 2018

Risk vs. Reality: Don’t Solve the Wrong Problem

by Ray Pompon

If you’re not evaluating risk in terms of likelihood and impact, you could be focusing your security efforts in all the wrong places.

blog /1月 18, 2018

Everything is Compromised—Now What?

by Jared B. Reimer

Accept that breaches are inevitable in today’s world, then take these steps to reduce the chances of a large-scale, headline-making compromise.

blog /1月 16, 2018

State of App Delivery 2018: Security Again Edges Out Availability as Most Important App Service

by Lori MacVittie

Forty-three percent of organizations say security is essential when deploying apps, and more than two thirds use multiple security solutions to protect clients, infrastructure, and web apps.

blog /1月 10, 2018

A Spectre of Meltdowns Could be in Store for 2018, Including Fileless Malware and More Costly Bots

by Lori MacVittie

Every week another bug, vulnerability, or exploit is released - we need a multi-layered security strategy (beyond our standard patch “spin cycles”) to deal with threats like Spectre and Meltdown.

blog /1月 09, 2018

Global Consultancy Overcomes Cloud Security Risks

by Ray Pompon

How moving application into the cloud can make your organization stronger and more valuable to your customers.

blog /1月 04, 2018

Mirai is Attacking Again, So We’re Outing its Hilarious, Explicit C&C Hostnames

by David Holmes

With Mirai rearing its ugly head again, we’re revealing its C&C hostnames so organizations can update their blacklists and protect themselves.

blog /1月 02, 2018

Liability in an Assume Breach World

by Ray Pompon

The safest way to run a network is to assume it’s going to breached, but that also means minimizing your liability and ensuring the executive team is fully aware of what is going on.

blog /12月 28, 2017

BrickerBot: Do “Good Intentions” Justify the Means—or Deliver Meaningful Results?

by Justin Shattuck

Most security researchers have good intentions, but ethics must play a central role in the decisions they make.

blog /12月 27, 2017

Bleichenbacher Rears its Head Again with the ROBOT Attack

by David Holmes

Bleichenbacher attacks will likely continue to pop up until TLS 1.3 is fully adopted, which could take years.

blog /12月 26, 2017

Achieving Multi-Dimensional Security through Information Modeling—Modeling Inversion Part 5

by Ravila White

In Part 5 of this blog series, we use inversion modeling techniques to develop a high-level protection strategy.

blog /12月 14, 2017

The Credential Crisis: It’s Really Happening

by Lori MacVittie

With billions of data records compromised, it’s time to reconsider whether passwords are our best means for authenticating users.

blog /12月 05, 2017

Avoiding the Epidemic of Hospital Hacks

by Ray Pompon

Good security is highly dependent on hospital staff being well trained and having the discipline to follow security processes—manual and otherwise—to the letter.

blog /11月 30, 2017

The Startup Security Challenge: Safe in the Cloud from Day One

by Ray Pompon

How this cloud startup met its goals for security and availability right out of the gate by setting goals, doing a risk analysis, and examining tradeoffs.

blog /11月 28, 2017

Achieving Multi-Dimensional Security through Information Modeling—Unwrapping Controls Part 4

by Ravila White

In Part 3 of this blog series, we demonstrated modeling the threat landscape along with executive threat-modeling. In this blog, we discuss the importance of defining controls.

blog /11月 21, 2017

If Your Security Question List Looks like a Facebook Favorite List, Start Over Now

by Lori MacVittie

Seriously, how many colors are there? And how many of us share the same love of one of those limited choices?

blog /11月 14, 2017

A CISO Landmine: No Security Awareness Training

by Mike Levin, Center for Information Security Awareness

CISOs who fail to prioritize security awareness training are putting their business and assets at serious risk.

blog /11月 09, 2017

Is a Good Offense the Best Defense Against Hackers?

by Ray Pompon

Proposed legislation could change existing laws that bars victims of hacking attacks from striking back.

blog /11月 07, 2017

What Happens to Encryption in a Post-Quantum Computing World?

by Debbie Walkowski

As the possibility of quantum computing draws nearer, changes to today’s TLS key exchange algorithms will be required.

blog /11月 02, 2017

Can Engineers Build Networks Too Complicated for Humans to Operate? Part II

by Mike Simon

How to selectively capture packets for further analysis and avoid buying a storage farm.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.