F5 Labs

Attackers using IP addresses in Vietnam, China, and Russia focused on attacking applications over Samba, SSH, and HTTP.

Gozi authors, who targeted banks in Canada, France, and the US in January 2019, shifted their targets to Italian banks in February 2019.

SETTINGS frame abuse and Slow POST attacks in HTTP/2 can lead to CPU and memory exhaustion.

Panda malware is back with a March 2019 campaign that targets U.S. companies, and moves from cryptocurrencies to targeting web giants.

Attackers using IP addresses in China, the United States, and the Netherlands focus on attacking applications over SSH, SMB and HTTP.

Ramnit’s latest configuration targets Europe leading up to tax season, focusing on Italian banks and international online advertisers.

More stories from CISOs who describe how they would “do it over” again in some of their early security program deployments.

Attackers are using IP addresses in the Netherlands, United States, and China to target systems in Europe over SIP, Microsoft SMB, and SSH.

In March, threat actors focused on targeting vulnerabilities released in the last few months. WordPress Easy SMTP Plugin Authentication Bypass vulnerability attacks had the most impact during that time frame.

Analysis of public breach reports showed a relationship between business models and breach vectors, with injection and phishing the leading causes.

When it comes to perceptions of risk and defense, there’s a measurable gap in some areas between security leadership and lower-level security technicians. This can lead to a misalignment of resources, unnecessary blame-storming, and diluted effectiveness.

F5's Preston Hogue writes for Security Week, weighing in on building trust and reputation in the Digital Era.

F5's Lori MacVittie writes for Tripwire, Inc., sharing five easy steps you can take to help improve security without sacrificing speed.

Analysis of sensor data from 2018 revealed a big focus on PHP generally, and specifically a large, unsophisticated reconnaissance campaign looking for unsecured databases with PHP front ends.

F5 Labs' Ray Pompon writes for Finance Derivative, discussing why hackers will continue targeting cryptocurrency exchanges.

There's often a gap between what we say we need for an effective security posture, and what we actually do. Examining the gaps between "best practices" and reality helps us get to more tangible results.

Attackers continue to exploit old vulnerabilities, use new methods to kill competing crypto-miners, and survive removal by administrators.

Continuing the trend from January, threat actor activity in February focused heavily on exploiting a ThinkPHP remote code execution vulnerability.

Cloud-based breaches that expose our personal data are growing at a surprising rate as organizations intentionally degrade their cloud-based security controls.

Not all bots are bad, but for those that are, you need a multi-pronged strategy for keeping them off your network.