F5 Labs

F5 Labs' Ray Pompon writes for HelpNetSecurity, discussing the grey areas of threat research and some common issues researchers encounter.

Gootkit malware uses misleading code to hinder manual research and automated analysis.

Threat actors continue to find creative yet relatively unsophisticated ways to launch new campaigns to reap profits from crypto-mining operations.

F5 Labs' Preston Hogue writes for SecurityWeek, discussing how the trend towards digital transformation is bringing data together in a way that provides intelligence to malicious actors.

An F5 Labs researcher snoops on Tor exit node traffic from a load balancer. What he finds will shock you. SHOCK YOU.

BackSwap demonstrates unique behavior in its manipulation of user input fields and its handling of International Bank Account Numbers (IBANs).

Prioritizing speed over security can jeopardize the safety of your applications and data.

Attackers continue to find new and creative ways to carry out malicious crypto-mining operations, employing multiple exploits in a single campaign.

With the vast availability of new exploits and the competition for victims’ resources, the multi-exploit trend continues to be popular among attackers.

David Holmes writes for Security Week, discussing how 90-day password expirations could be making it easier for attackers to brute-force your network.

Singapore saw a sharp rise in attacks targeting a variety of ports, from SIP clear-text (5060), Telnet, SQL, and host-to-host ports to those used for remote router management and proxy servers and caching.

Don’t think your company is immune from nation-state APTs going after your intellectual property. Take these essential steps to protect yourself.

F5 Labs writes for Help Net Security, explaining how to deal with the often-adversarial relationship between security professionals and the users they support.

A little mistake in security controls can have disastrous consequences. How common are they and how do you prevent them?

Advanced attackers are considered a top threat by CISOs. Although they are rare, their stealthy determination to learn everything about a target before they strike makes them especially dangerous.

It’s important for the fashion-conscious hacker to know what’s on trend! Here’s a preview of APT Group Purple Aardvark’s summer line—a few hits, some misses.

Align your compliance requirements with your other business requirements so you can distinguish what you must do from what’s nice to do.

If you aren’t aware of Drupalgeddon 2, then you’ve either been living off the grid or don’t use the popular content management system (CMS).

Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.

Preston Hogue writes for Security Week, explaining the fifth element of risk transfer: Sec-aaS.