F5 Labs

Preston Hogue writes for Security Week, explaining the fifth element of risk transfer: Sec-aaS.

US-CERT TL18-106A alert underscores how insecure Internet systems really are and that ignoring the problem only increases the collateral damage.

When it comes to tallying the total cost of a data breach, lawsuits figure prominently, alongside repair costs, loss of reputation and sales, compliance penalties, and operational downtime.

You can’t assume that your third-party web apps are secure! You need to assess them yourself using this multi-step process.

Privacy today isn’t just about staying away from prying eyes. The very act of communicating across the Internet with open, non-confidential protocols invites exposure to multiple threat types.

Fun Fact #2: the author is looking forward to being a card-carrying Singaporean crime fighter (temporarily) someday.

Savvy CISOs don’t go it alone; they rely on in-house collaborators (outside of the security team) to help achieve the organization’s security objectives.

Attacks are back to targeting a Windows IIS vulnerability first disclosed a year ago to mine Electroneum.

Critical apps are the ones that must never go down or be hacked. They are also the hardest to defend because they are often massive, ancient, and touch everything.

The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.

People are mining coins all over the place-all it costs is money for the power bill. So, of course, clever people are figuring out how to use other people’s power to mine cryptocurrency.

Apache Struts 2 Jakarta Multipart Parser RCE crypto-mining campaign is now targeting Windows, not just Linux systems.

With device developers rushing to build IoT as fast as they can, security can suffer.

Seven steps for improving the security of critical infrastructure systems—and protecting the public from unnecessary risk.

Laptops full of confidential data are still getting stolen, and public Wi-Fi hotspots are being booby-trapped. CISOs need to make users aware of the threat to prevent this from happening.

A big public breach is a teachable moment for both you and your organization.

IoT attacks show no signs of decreasing while infected IoT devices go un-remediated, and discovery of new thingbots is at a decade-long high.

Reaper is just one more blinking light in the faces of the InfoSec community reminding us that we need to get ahead of IOT madness.

F5 Labs' David Holmes writes for Security Week, discussing the adoption and barriers of Perfect Forward Secrecy.

The same rTorrent XML-RPC function configuration error that was targeted to mine Monero in February was also targeted in January in a campaign apparently spoofing user-agents for RIAA and NYU.