F5 Labs

The same rTorrent XML-RPC function configuration error that was targeted to mine Monero in February was also targeted in January in a campaign apparently spoofing user-agents for RIAA and NYU.

Memcached is just one of many application infrastructure systems that could launch the same types of attacks if they were also misconfigured.

A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.

When new technology initiatives are approached in the right way, organizations can implement them, mitigate risk, and provide the best user experience.

The same drop zone server used last week to mine Monero on compromised Jenkins automation servers is now being used in a new Monero mining campaign targeting Oracle Web Logic servers.

As the black-market price for stolen data declines, attackers turn to cryptojacking schemes to maximize their profits—all at your expense.

Risk transfer strategies allow you more time to focus on your business.

Real estate scams are big business for attackers. Be on the lookout for this one, which can leave home buyers destitute if not caught in time.

As security expertise becomes more scarce, CISOs are turning to machine learning to do more with fewer people.

Critical lessons can be learned from others’ mistakes. Don’t learn the hard way; heed the warnings from our research.

F5 Labs covered a multitude of threats, vulnerabilities, botnets, attackers, and attacks in 2017. Here are just some of the highlights you might have missed.

If you’re not evaluating risk in terms of likelihood and impact, you could be focusing your security efforts in all the wrong places.

Accept that breaches are inevitable in today’s world, then take these steps to reduce the chances of a large-scale, headline-making compromise.

Forty-three percent of organizations say security is essential when deploying apps, and more than two thirds use multiple security solutions to protect clients, infrastructure, and web apps.

Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.

Performing a risk analysis and taking due care are no longer optional.

Every week another bug, vulnerability, or exploit is released - we need a multi-layered security strategy (beyond our standard patch “spin cycles”) to deal with threats like Spectre and Meltdown.

How moving application into the cloud can make your organization stronger and more valuable to your customers.

With Mirai rearing its ugly head again, we’re revealing its C&C hostnames so organizations can update their denylists and protect themselves.

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.