F5 Labs

Using Zero Trust for Microservices with DevSecOps: Advice from USAF’s Nicolas Chaillan

India’s attack landscape saw focus on Port 5900 and the highest number of scans from the UK.

Credential stuffing is a multifaceted and enduring risk to organizations of all types and sizes. This report is a comprehensive examination of the entire life cycle of stolen credentials—from their theft, to their resale, and their repeated use in credential stuffing attacks.

A detailed look at the cybersecurity threats to the COVID-19 vaccine rollout pipeline

Privacy by Design is key to ethical app design and includes anticipating for all possible uses of collected data.

FireEye tools show attackers aren’t worried about your defenses.

Data manipulation is a real threat to data-driven approaches at enterprises. We tested one of our own assets to see the possibilities.

We considered the shape of the coming year in cybersecurity. Phishing, APTs, malware, old vulnerabilities… it’s not all bad … well, actually, it is.

AI and Machine Learning can find the optimal cyberattack strategy by analyzing all possible vectors of attack.

Least privilege reduces risk to organizations by granting users only the privileges they need to do their jobs—and nothing more.

Cyberattacks in Q3 2020 targeted WordPress and other content management systems, IoT devices, and the State of Israel.

We explore the three general job roles and skill sets in cybersecurity: engineering defenses, testing security, and responding to cyberattacks.

Exploring OAuth exchanges for financial-grade API security in banking and financial services applications and the threat of authorization code interception attacks

Digital platforms are increasingly essential for banking, which means access control is an increasing focus for security. F5 Labs' Shahnawaz Backer writes for CXOtoday, describing some of the current thinking towards balancing access and convenience for users.

Insights into Genesis Marketplace, a black market trading in digital identity.

Vulnerability assessment of IoT devices in Ireland detailing the biggest threats, most at-risk and highly exposed devices.

In our 2020 edition of the Phishing and Fraud Report, we focus on how cybercriminals build and host phishing sites, the tactics they use to avoid detection, and how they’ve capitalized this year on the COVID-19 pandemic.

"What is phishing" is still a relevant question we're answering as the attack type and techniques evolve, victimizing even the most tech-savvy users.

The sheer scale of cybercrime attacks makes automated defenses a necessity. Shape's Shuman Ghosemajumder writes for VentureBeat, describing how the bad guys are also embracing automation, and what we can do about it.

Cybersecurity regulators have recently levied huge fines against financial institutions and healthcare organizations. Is this the new normal?