F5 Labs

How platform business models are at an increased risk of fraud when two or more separate parties collude.

We dig into the credential stuffing attack tool OpenBullet and look at configuring combolists, proxies, parse tokens, and check blocks for launching attacks.

Even with 99.95% efficacy of network security controls, bad actors can still monetize fraud. Security convergence is the way forward in surviving digital fraud.

Three years of reported security incidents shows continued growth in denial-of-service and password login attacks such as brute force and credential stuffing.

Passwords are inherently flawed, and not just because of credential stuffing. The future of authentication looks very different, but there are steps you can take now to control risk.

TA551 (AKA Shathak) deploys the IcedID banking trojan using COVID-19 in Microsoft Word documents containing a malicious macro that drops an installer.

The tale of The Three Little Pigs can teach us more than you think about cybersecurity risk.

Using Zero Trust for Microservices with DevSecOps: Advice from USAF’s Nicolas Chaillan

India’s attack landscape saw focus on Port 5900 and the highest number of scans from the UK.

Credential stuffing is a multifaceted and enduring risk to organizations of all types and sizes. This report is a comprehensive examination of the entire life cycle of stolen credentials—from their theft, to their resale, and their repeated use in credential stuffing attacks.

A detailed look at the cybersecurity threats to the COVID-19 vaccine rollout pipeline

Privacy by Design is key to ethical app design and includes anticipating for all possible uses of collected data.

FireEye tools show attackers aren’t worried about your defenses.

Data manipulation is a real threat to data-driven approaches at enterprises. We tested one of our own assets to see the possibilities.

We considered the shape of the coming year in cybersecurity. Phishing, APTs, malware, old vulnerabilities… it’s not all bad … well, actually, it is.

AI and Machine Learning can find the optimal cyberattack strategy by analyzing all possible vectors of attack.

Least privilege reduces risk to organizations by granting users only the privileges they need to do their jobs—and nothing more.

Cyberattacks in Q3 2020 targeted WordPress and other content management systems, IoT devices, and the State of Israel.

We explore the three general job roles and skill sets in cybersecurity: engineering defenses, testing security, and responding to cyberattacks.

Exploring OAuth exchanges for financial-grade API security in banking and financial services applications and the threat of authorization code interception attacks