F5 Labs

F5's Lori MacVittie writes for Tripwire, Inc., sharing five easy steps you can take to help improve security without sacrificing speed.

Analysis of sensor data from 2018 revealed a big focus on PHP generally, and specifically a large, unsophisticated reconnaissance campaign looking for unsecured databases with PHP front ends.

F5 Labs' Ray Pompon writes for Finance Derivative, discussing why hackers will continue targeting cryptocurrency exchanges.

There's often a gap between what we say we need for an effective security posture, and what we actually do. Examining the gaps between "best practices" and reality helps us get to more tangible results.

Attackers continue to exploit old vulnerabilities, use new methods to kill competing crypto-miners, and survive removal by administrators.

Continuing the trend from January, threat actor activity in February focused heavily on exploiting a ThinkPHP remote code execution vulnerability.

Cloud-based breaches that expose our personal data are growing at a surprising rate as organizations intentionally degrade their cloud-based security controls.

Not all bots are bad, but for those that are, you need a multi-pronged strategy for keeping them off your network.

January threat actor activity focused heavily on exploiting a ThinkPHP remote code execution vulnerability and infecting vulnerable Oracle WebLogic systems with a Mirai variant.

F5 Labs' Preston Hogue writes for Security Week, explaining how to manage the personal data you have spread across the internet in an assume breach world.

Key lessons from martial arts translate to cyber-defense, including preparation, taking falls, proper stance, diligent practice, sparring, and continuous growth.

F5 Labs' David Warburton writes for Professional Security, discussing how your stereotypical perception of cybercrime is all wrong - and what to do about it.

More lessons learned from CISOs about “fire and forget,” physical security, the human factor, and audit logging.

How certificate transparency can help you spot fraudulently registered TLS certificates that exploit your domain or brand name.

Gozi “banking” trojan continues to shift its targets beyond banking as it employs client-side and server-side evasion techniques via time-tested web injection.

Don’t just check a box - done right, security awareness training can turn your users into your greatest asset.

F5 Lab's Ray Pompon writes for Help Net Security, discussing how many of our security "solutions" actually just create more work and shift the burden for actually addressing the problem farther down the line.

Using existing protocols and tools to begin building a robust phishing and fraud mitigation strategy.

Learn from CISOs who describe how they would “do it over” again in some of their early security program deployments.

Patching is a tedious and relentless task, but like brushing your teeth to prevent cavities, it keeps holes from forming in your infrastructure.