F5 Labs

Attackers continue to exploit old vulnerabilities, use new methods to kill competing crypto-miners, and survive removal by administrators.

Continuing the trend from January, threat actor activity in February focused heavily on exploiting a ThinkPHP remote code execution vulnerability.

Continuing the trend from January, threat actor activity in February focused heavily on exploiting a ThinkPHP remote code execution vulnerability.

Cloud-based breaches that expose our personal data are growing at a surprising rate as organizations intentionally degrade their cloud-based security controls.

Cloud-based breaches that expose our personal data are growing at a surprising rate as organizations intentionally degrade their cloud-based security controls.

Not all bots are bad, but for those that are, you need a multi-pronged strategy for keeping them off your network.

Not all bots are bad, but for those that are, you need a multi-pronged strategy for keeping them off your network.

January threat actor activity focused heavily on exploiting a ThinkPHP remote code execution vulnerability and infecting vulnerable Oracle WebLogic systems with a Mirai variant.

January threat actor activity focused heavily on exploiting a ThinkPHP remote code execution vulnerability and infecting vulnerable Oracle WebLogic systems with a Mirai variant.

F5 Labs' Preston Hogue writes for Security Week, explaining how to manage the personal data you have spread across the internet in an assume breach world.

Key lessons from martial arts translate to cyber-defense, including preparation, taking falls, proper stance, diligent practice, sparring, and continuous growth.

Key lessons from martial arts translate to cyber-defense, including preparation, taking falls, proper stance, diligent practice, sparring, and continuous growth.

F5 Labs' David Warburton writes for Professional Security, discussing how your stereotypical perception of cybercrime is all wrong - and what to do about it.

More lessons learned from CISOs about “fire and forget,” physical security, the human factor, and audit logging.

More lessons learned from CISOs about “fire and forget,” physical security, the human factor, and audit logging.

How certificate transparency can help you spot fraudulently registered TLS certificates that exploit your domain or brand name.

How certificate transparency can help you spot fraudulently registered TLS certificates that exploit your domain or brand name.

Gozi “banking” trojan continues to shift its targets beyond banking as it employs client-side and server-side evasion techniques via time-tested web injection.

Gozi “banking” trojan continues to shift its targets beyond banking as it employs client-side and server-side evasion techniques via time-tested web injection.

Don’t just check a box - done right, security awareness training can turn your users into your greatest asset.