Blogs

Russian Attacks Against Singapore Spike During Trump-Kim Summit

Blog / Jun 15, 2018

By sara boddy justin shattuck

Singapore saw a sharp rise in attacks targeting a variety of ports, from SIP clear-text (5060), Telnet, SQL, and host-to-host ports to those used for remote router management and proxy servers and caching.

The Little Mistake That Causes a Breach

Blog / Jun 5, 2018

By ray pompon

A little mistake in security controls can have disastrous consequences. How common are they and how do you prevent them?

Advanced Attackers: Stealthy, Patient, Dangerous

Blog / May 31, 2018

By ray pompon

Advanced attackers are considered a top threat by CISOs. Although they are rare, their stealthy determination to learn everything about a target before they strike makes them especially dangerous.

Hacker Fashion Review

Blog / May 30, 2018

By ray pompon

It’s important for the fashion-conscious hacker to know what’s on trend! Here’s a preview of APT Group Purple Aardvark’s summer line—a few hits, some misses.

Managing Compliance Issues within the Value Chain

Blog / May 17, 2018

By kip boyle

Align your compliance requirements with your other business requirements so you can distinguish what you must do from what’s nice to do.

Drupalgeddon 2 Highlights the Need for AppSecOps

Blog / May 11, 2018

By lori macvittie

If you aren’t aware of Drupalgeddon 2, then you’ve either been living off the grid or don’t use the popular content management system (CMS).

Russia Attacks Global Network Infrastructure Through Vulnerabilities That Extend Far Beyond Their Targets

Blog / May 4, 2018

By sara boddy

US-CERT TL18-106A alert underscores how insecure Internet systems really are and that ignoring the problem only increases the collateral damage.

Breach Costs Are Rising with the Prevalence of Lawsuits

Blog / May 2, 2018

By ray pompon

When it comes to tallying the total cost of a data breach, lawsuits figure prominently, alongside repair costs, loss of reputation and sales, compliance penalties, and operational downtime.

How Secure Are Your Third-Party Web Apps?

Blog / Apr 26, 2018

By ray pompon

You can’t assume that your third-party web apps are secure! You need to assess them yourself using this multi-step process.

Extend Your Security Program’s Influence with Adjuvants

Blog / Apr 17, 2018

By ray pompon

Savvy CISOs don’t go it alone; they rely on in-house collaborators (outside of the security team) to help achieve the organization’s security objectives.

Know the Risks to Your Critical Apps and Defend Against Them

Blog / Apr 10, 2018

By ray pompon

Critical apps are the ones that must never go down or be hacked. They are also the hardest to defend because they are often massive, ancient, and touch everything.

When Information Security is a Matter of Public Safety

Blog / Mar 22, 2018

By ray pompon sara boddy debbie walkowski

Seven steps for improving the security of critical infrastructure systems—and protecting the public from unnecessary risk.

Twelve Tips to Help Employees Keep Devices Secure When Away from the Office

Blog / Mar 20, 2018

By mike levin

Laptops full of confidential data are still getting stolen, and public Wi-Fi hotspots are being booby-trapped. CISOs need to make users aware of the threat to prevent this from happening.

Exploited Memcached Servers Lead to Record-Setting 1.3Tbps DDoS Attack

Blog / Mar 2, 2018

By sara boddy

Memcached is just one of many application infrastructure systems that could launch the same types of attacks if they were also misconfigured.

Beware of Attackers Stealing Your Computing Power for their Cryptomining Operations

Blog / Feb 15, 2018

By travis kreikemeier

As the black-market price for stolen data declines, attackers turn to cryptojacking schemes to maximize their profits—all at your expense.

The Email that Could Steal Your Life Savings and Leave You Homeless

Blog / Feb 8, 2018

By debbie walkowski david holmes

Real estate scams are big business for attackers. Be on the lookout for this one, which can leave home buyers destitute if not caught in time.

CISOs Look to Machine Learning to Augment Security Staffing Shortages

Blog / Feb 6, 2018

By ray pompon

As security expertise becomes more scarce, CISOs are turning to machine learning to do more with fewer people.

86 Your Cyber Attackers! Avoid Data Breaches by Protecting Your Most Likely Attack Targets

Blog / Jan 31, 2018

By sara boddy

Critical lessons can be learned from others’ mistakes. Don’t learn the hard way; heed the warnings from our research.

Thingbots and Reapers and Cryptominers—Oh, My! F5 Labs’ First Year in Review

Blog / Jan 25, 2018 (MODIFIED: Jan 31, 2018)

By debbie walkowski

F5 Labs covered a multitude of threats, vulnerabilities, botnets, attackers, and attacks in 2017. Here are just some of the highlights you might have missed.

Risk vs. Reality: Don’t Solve the Wrong Problem

Blog / Jan 24, 2018 (MODIFIED: Feb 6, 2018)

By ray pompon

If you’re not evaluating risk in terms of likelihood and impact, you could be focusing your security efforts in all the wrong places.

Everything Is Compromised—Now What?

Blog / Jan 18, 2018

By jared b reimer

Accept that breaches are inevitable in today’s world, then take these steps to reduce the chances of a large-scale, headline-making compromise.

State of App Delivery 2018: Security Again Edges Out Availability As Most Important App Service

Blog / Jan 16, 2018 (MODIFIED: Jan 12, 2018)

By lori macvittie

Forty-three percent of organizations say security is essential when deploying apps, and more than two thirds use multiple security solutions to protect clients, infrastructure, and web apps.

A Spectre of Meltdowns Could be in Store for 2018, Including Fileless Malware Attacks and More Costly Bots

Blog / Jan 10, 2018 (MODIFIED: Jan 15, 2018)

By lori macvittie

Every week, another bug, vulnerability, or exploit is released—we need a multi-layered security strategy to deal with threats like Spectre and Meltdown.

Global Consultancy Overcomes Cloud Security Risks

Blog / Jan 9, 2018 (MODIFIED: Jan 18, 2018)

By ray pompon

How moving application into the cloud can make your organization stronger and more valuable to your customers.

Mirai is Attacking Again, So We’re Outing its Hilarious, Explicit C&C Hostnames

Blog / Jan 4, 2018 (MODIFIED: Jan 18, 2018)

By david holmes

With Mirai rearing its ugly head again, we’re revealing its C&C hostnames so organizations can update their blacklists and protect themselves.

Liability in an Assume Breach World

Blog / Jan 2, 2018 (MODIFIED: Jan 18, 2018)

By ray pompon sara boddy

The safest way to run a network is to assume it’s going to breached, but that also means minimizing your liability and ensuring the executive team is fully aware of what is going on.

BrickerBot: Do “Good Intentions” Justify the Means—or Deliver Meaningful Results?

Blog / Dec 28, 2017 (MODIFIED: Jan 16, 2018)

By justin shattuck

Most security researchers have good intentions, but ethics must play a central role in the decisions they make.

Bleichenbacher Rears Its Head Again with the ROBOT Attack

Blog / Dec 27, 2017 (MODIFIED: Jan 15, 2018)

By david holmes

Bleichenbacher attacks will likely continue to pop up until TLS 1.3 is fully adopted, which could take years.

Achieving Multi-Dimensional Security Through Information Modeling—Modeling Inversion Part 5

Blog / Dec 26, 2017 (MODIFIED: Jan 12, 2018)

By ravila white

In Part 5 of this blog series, we use inversion modeling techniques to develop a high-level protection strategy.

The Credential Crisis: It’s Really Happening

Blog / Dec 14, 2017 (MODIFIED: Jan 10, 2018)

By lori macvittie

With billions of data records compromised, it’s time to reconsider whether passwords are our best means for authenticating users.

Follow us on social media.