Cyber Attacks Spike in Finland Before Trump-Putin Meeting

Article / Jul 19, 2018

By sara boddy justin shattuck

Cyber attackers seem to follow President Trump to every important international meeting, but Russia was not the main source of cyber attacks during the recent Trump-Putin meeting, China was.

New Jenkins Campaign Hides Malware, Kills Competing Crypto-Miners

Article / Jul 16, 2018

By liron segal

Threat actors continue to find creative yet relatively unsophisticated ways to launch new campaigns to reap profits from crypto-mining operations.

The Ethical and Legal Dilemmas of Threat Researchers

/ Jul 12, 2018

By ray pompon

F5 Labs' Ray Pompon writes for HelpNetSecurity, discussing the grey areas of threat research and some common issues researchers encounter.

Tackling Gootkit's Traps

Article / Jul 11, 2018

By julia karpin

Gootkit malware uses misleading code to hinder manual research and automated analysis.

How Digital Transformation is Making the Anonymous Personal

/ Jul 5, 2018

By preston hogue

F5 Labs' Preston Hogue writes for SecurityWeek, discussing how the trend towards digital transformation is bringing data together in a way that provides intelligence to malicious actors.

Snooping on Tor from Your Load Balancer

Blog / Jul 3, 2018

By david holmes

An F5 Labs researcher snoops on Tor exit node traffic from a load balancer. What he finds will shock you. SHOCK YOU.

BackSwap Defrauds Online Banking Customers Using Hidden Input Fields

Article / Jun 29, 2018

By ruby cohen doron voolf

BackSwap demonstrates unique behavior in its manipulation of user input fields and its handling of International Bank Account Numbers (IBANs).

The Biggest Risk to Application Security May be the Business

Blog / Jun 26, 2018

By lori macvittie

Prioritizing speed over security can jeopardize the safety of your applications and data.

New Struts 2 Campaign Compiles Its Own C# Downloader, Leverages a User Profile Page as Its C&C Server

Article / Jun 23, 2018

By liron segal

Attackers continue to find new and creative ways to carry out malicious crypto-mining operations, employing multiple exploits in a single campaign.

New Campaign Targeting Apache Struts 2, WebLogic Deploys Malware Using VBScript

Article / Jun 21, 2018

By liron segal

With the vast availability of new exploits and the competition for victims’ resources, the multi-exploit trend continues to be popular among attackers.

Spring 2018 Password Attacks

/ Jun 20, 2018

By david holmes

David Holmes writes for Security Week, discussing how 90-day password expirations could be making it easier for attackers to brute-force your network.

Russian Attacks Against Singapore Spike During Trump-Kim Summit

Blog / Jun 15, 2018

By sara boddy justin shattuck

Singapore saw a sharp rise in attacks targeting a variety of ports, from SIP clear-text (5060), Telnet, SQL, and host-to-host ports to those used for remote router management and proxy servers and…

Economic Espionage: How Nation-State-Funded APTs Steal Billions in Secrets

Blog / Jun 12, 2018

By ray pompon

Don’t think your company is immune from nation-state APTs going after your intellectual property. Take these essential steps to protect yourself.

The Eternal Struggle: Security Versus Users

/ Jun 7, 2018

By ray pompon

F5 Labs writes for Help Net Security, explaining how to deal with the often-adversarial relationship between security professionals and the users they support.

The Little Mistake That Causes a Breach

Blog / Jun 5, 2018

By ray pompon

A little mistake in security controls can have disastrous consequences. How common are they and how do you prevent them?

Advanced Attackers: Stealthy, Patient, Dangerous

Blog / May 31, 2018

By ray pompon

Advanced attackers are considered a top threat by CISOs. Although they are rare, their stealthy determination to learn everything about a target before they strike makes them especially dangerous.

Hacker Fashion Review

Blog / May 30, 2018

By ray pompon

It’s important for the fashion-conscious hacker to know what’s on trend! Here’s a preview of APT Group Purple Aardvark’s summer line—a few hits, some misses.

Managing Compliance Issues within the Value Chain

Blog / May 17, 2018

By kip boyle

Align your compliance requirements with your other business requirements so you can distinguish what you must do from what’s nice to do.

Drupalgeddon 2 Highlights the Need for AppSecOps

Blog / May 11, 2018

By lori macvittie

If you aren’t aware of Drupalgeddon 2, then you’ve either been living off the grid or don’t use the popular content management system (CMS).

Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media

Article / May 9, 2018

By doron voolf

Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.

Risky Business: The Fifth Element

/ May 8, 2018

By preston hogue

Preston Hogue writes for Security Week, explaining the fifth element of risk transfer: Sec-aaS.

Russia Attacks Global Network Infrastructure Through Vulnerabilities That Extend Far Beyond Their Targets

Blog / May 4, 2018

By sara boddy

US-CERT TL18-106A alert underscores how insecure Internet systems really are and that ignoring the problem only increases the collateral damage.

Breach Costs Are Rising with the Prevalence of Lawsuits

Blog / May 2, 2018

By ray pompon

When it comes to tallying the total cost of a data breach, lawsuits figure prominently, alongside repair costs, loss of reputation and sales, compliance penalties, and operational downtime.

How Secure Are Your Third-Party Web Apps?

Blog / Apr 26, 2018

By ray pompon

You can’t assume that your third-party web apps are secure! You need to assess them yourself using this multi-step process.

The 2017 TLS Telemetry Report

Report / Apr 23, 2018

By david holmes

Privacy today isn’t just about staying away from prying eyes. The very act of communicating across the Internet with open, non-confidential protocols invites exposure to multiple threat types.

5 Fun Facts About the 2018 Singapore Cybersecurity Statute

/ Apr 19, 2018

By david holmes

Fun Fact #2: the author is looking forward to being a card-carrying Singaporean crime fighter (temporarily) someday.

Extend Your Security Program’s Influence with Adjuvants

Blog / Apr 17, 2018

By ray pompon

Savvy CISOs don’t go it alone; they rely on in-house collaborators (outside of the security team) to help achieve the organization’s security objectives.

Windows IIS 6.0 CVE-2017-7269 Is Targeted Again to Mine Electroneum

Article / Apr 12, 2018

By andrey shalnev

Attackers are targeting a Windows IIS vulnerability first disclosed a year ago to mine Electroneum.

Know the Risks to Your Critical Apps and Defend Against Them

Blog / Apr 10, 2018

By ray pompon

Critical apps are the ones that must never go down or be hacked. They are also the hardest to defend because they are often massive, ancient, and touch everything.

The Global Playing Field is Leveling Out as Europe and Asia Take on More DDoS Attacks

Article / Apr 6, 2018

By sara boddy justin shattuck ilan meller damien rocha

The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.

Follow us on social media.