Contributor Sara Boddy

Russian Attacks Against Singapore Spike During Trump-Kim Summit

Blog / Jun 14, 2018

By sara boddy justin shattuck

Singapore saw a sharp rise in attacks targeting a variety of ports, from SIP clear-text (5060), Telnet, SQL, and host-to-host ports to those used for remote router management and proxy servers and caching.

Russia Attacks Global Network Infrastructure Through Vulnerabilities That Extend Far Beyond Their Targets

Blog / May 4, 2018

By sara boddy

US-CERT TL18-106A alert underscores how insecure Internet systems really are and that ignoring the problem only increases the collateral damage.

The Global Playing Field is Leveling Out as Europe and Asia Take on More DDoS Attacks

Article / Apr 6, 2018

By sara boddy justin shattuck ilan meller damien rocha

The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.

When Information Security is a Matter of Public Safety

Blog / Mar 22, 2018

By ray pompon sara boddy debbie walkowski

Seven steps for improving the security of critical infrastructure systems—and protecting the public from unnecessary risk.

The Hunt for IoT: The Growth and Evolution of Thingbots Ensures Chaos

Report / Mar 13, 2018

By sara boddy justin shattuck

IoT attacks show no signs of decreasing while infected IoT devices go un-remediated, and discovery of new thingbots is at a decade-long high.

Exploited Memcached Servers Lead to Record-Setting 1.3Tbps DDoS Attack

Blog / Mar 2, 2018

By sara boddy

Memcached is just one of many application infrastructure systems that could launch the same types of attacks if they were also misconfigured.

86 Your Cyber Attackers! Avoid Data Breaches by Protecting Your Most Likely Attack Targets

Blog / Jan 31, 2018

By sara boddy

Critical lessons can be learned from others’ mistakes. Don’t learn the hard way; heed the warnings from our research.

Liability in an Assume Breach World

Blog / Jan 2, 2018 (MODIFIED: Jan 18, 2018)

By ray pompon sara boddy

The safest way to run a network is to assume it’s going to breached, but that also means minimizing your liability and ensuring the executive team is fully aware of what is going on.

Lessons Learned From a Decade of Data Breaches

Report / Dec 7, 2017 (MODIFIED: Jan 31, 2018)

By sara boddy ray pompon

F5 Labs researched 433 breach cases spanning 12 years, 37 industries, and 27 countries to discover patterns in the initial attacks that lead to the breach.

Trickbot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies

Article / Sep 14, 2017 (MODIFIED: Oct 17, 2017)

By sara boddy jesse smith doron voolf

TrickBot released a new worm module, shifted its focus towards the US, and soared past the one thousand target URLs mark in a single configuration.

The Hunt for IoT: The Rise of Thingbots

Report / Aug 9, 2017 (MODIFIED: Dec 21, 2017)

By sara boddy justin shattuck

“Thingbots” that launch Death Star-sized DDoS attacks, host banking trojans, and cause physical destruction are becoming the attacker infrastructure of the future.

Trickbot Focuses on Wealth Management Services from its Dyre Core

Article / Jul 27, 2017 (MODIFIED: Sep 1, 2017)

By doron voolf sara boddy jesse smith

As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.

Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs

Blog / Jun 15, 2017 (MODIFIED: Aug 1, 2017)

By sara boddy jesse smith doron voolf

TrickBot shows no signs of slowing down as new targets are added and command and control servers hide within web hosting providers’ networks.

The Hunt for IoT: The Networks Building Death Star-Sized Botnets

Report / May 10, 2017 (MODIFIED: Aug 7, 2017)

By sara boddy justin shattuck

With a growth rate of 1,473% in 2016, the hunt for vulnerable IoT devices rages on...

How to Talk Cyber Risk With Executives

Blog / Mar 30, 2017 (MODIFIED: Jul 24, 2017)

By ray pompon sara boddy

Board-level interest in your cyber risk posture is growing and may soon be required for public companies. Here’s how to present cyber risk to your board effectively.

Cyber Insurance: Read the Fine Print!

Blog / Mar 24, 2017 (MODIFIED: Sep 1, 2017)

By ray pompon sara boddy

Purchasing cyber insurance can be useful, but claims are often denied due to policy exclusions or lapses in controls.

Why Managing Low-Severity Vulnerabilities Can’t Be Just a Pipe Dream

Blog / Mar 3, 2017 (MODIFIED: Jul 25, 2017)

By sara boddy

Putting off fixing low-severity vulnerabilities can have high-impact effects.

Using F5 Labs Application Threat Intelligence

Report / Jan 26, 2017 (MODIFIED: Jul 6, 2017)

By sara boddy ray pompon

As security professionals, we often feel like we’re fighting a losing battle when it comes to cyber security.

DDoS’s Newest Minions: IoT Devices (Volume 1)

Report / Oct 8, 2016 (MODIFIED: Jul 6, 2017)

By sara boddy justin shattuck

The latest evolution of cyber weapons is brought to you by the default passwords in Internet of Things (IoT) devices.

Web Injection Threats: The Cost of Community Engagement on Your Site

Article / Jul 22, 2016 (MODIFIED: Jul 6, 2017)

By sara boddy

Customer engagement drives web application design, but user-generated content brings inherent security challenges.

Follow us on social media.