F5 Labs

A veteran auditor walks through where he’s seen organizations fail during audit.

Recent NSA and CIA leaks exposed advanced new techniques for building automated malware factories that churn out threats like SambaCry and Petya/NotPetya, which deploy over untraceable networks.

Understanding the customer segment of your organization is critical to developing a strategy that ensures regulatory compliance.

An undercover interview of two infamous Russian hackers speak volumes about skills, passion, and motivation of some of the world’s most dangerous cybercriminals.

TrickBot shows no signs of slowing down as new targets are added and command and control servers hide within web hosting providers’ networks.

Sometimes, CISOs spin their wheels doing useless security activity that only looks productive from the outside.

Facing data breach disclosure requirements across the globe, organizations need to be prepare in advance to respond well.

Providers and manufacturers could go a long way toward reducing the very real threat of IoT.

Learn to recognize different types of CISOs so you can ensure you’re hiring the right one.

How a token-based authorization model can help organizations dramatically reduce credential stuffing attacks.

With simple exploits plaguing Windows and Linux SMB week over week, do yourself a favor and patch for CVE-2017-7494 now to avoid having to do it in panic mode.

Cyber security can be a difficult and thankless job, but you can learn to love it when you know how to go about it.

More and more CISOs are finding themselves pulled into the sales cycle to defend and sell their security programs. Here’s how to do it right.

Cloud sprawl isn’t just a budget sinkhole; it’s quickly becoming a security blind spot and potential attack vector for data theft.

Is the Intel AMT vulnerability as bad as we all first thought? Either way, here are some suggestions for protecting yourself.

The new EternalBlue NSA exploit is powering a wave of virulent ransomware sweeping across Europe.

With a growth rate of 1,473% in 2016, the hunt for vulnerable IoT devices rages on...

Risk assessments are a key part of a security program, but their execution and format are highly variable. Regulators can sanction organizations that perform improper or inadequate risk assessments.

Information modeling blends lateral thinking and deductive logic. Applied to information security, it’s a powerful technique for designing a security architecture with multi-dimensional controls that minimizes risk and achieves continuous compliance.

New information sheds light on Sabu’s activities following the revelation of his identity.