F5 Labs

F5 Labs' Preston Hogue writes for SecurityWeek, discussing the CHEW framework for assessing the motives behind attacks.

Our systems are under constant attack, so why not try some deception to hack back at attackers? Delaying and diverting are effective methods—and easier to pull off than you might think.

If configured incorrectly, cellular IoT gateways can give attackers access to critical infrastructure, threatening human life in ways only Hollywood has conceived.

It’s critical for security professionals to understand all the components of modern web apps so they can be prepared to fend off attacks at multiple tiers.

Rental scams are getting more sophisticated and are making it harder for legitimate landlords and renters to find each other.

In this report, we demystify the complexities of apps, explore how and where they’re attacked, and provide practical steps to take now to start winning the app protection battle.

Cyber attackers seem to follow President Trump to every important international meeting, but Russia was not the main source of cyber attacks during the recent Trump-Putin meeting, China was.

F5 Labs' Ray Pompon writes for HelpNetSecurity, discussing the grey areas of threat research and some common issues researchers encounter.

Gootkit malware uses misleading code to hinder manual research and automated analysis.

Threat actors continue to find creative yet relatively unsophisticated ways to launch new campaigns to reap profits from crypto-mining operations.

F5 Labs' Preston Hogue writes for SecurityWeek, discussing how the trend towards digital transformation is bringing data together in a way that provides intelligence to malicious actors.

An F5 Labs researcher snoops on Tor exit node traffic from a load balancer. What he finds will shock you. SHOCK YOU.

BackSwap demonstrates unique behavior in its manipulation of user input fields and its handling of International Bank Account Numbers (IBANs).

Prioritizing speed over security can jeopardize the safety of your applications and data.

Attackers continue to find new and creative ways to carry out malicious crypto-mining operations, employing multiple exploits in a single campaign.

With the vast availability of new exploits and the competition for victims’ resources, the multi-exploit trend continues to be popular among attackers.

David Holmes writes for Security Week, discussing how 90-day password expirations could be making it easier for attackers to brute-force your network.

Singapore saw a sharp rise in attacks targeting a variety of ports, from SIP clear-text (5060), Telnet, SQL, and host-to-host ports to those used for remote router management and proxy servers and caching.

Don’t think your company is immune from nation-state APTs going after your intellectual property. Take these essential steps to protect yourself.

F5 Labs writes for Help Net Security, explaining how to deal with the often-adversarial relationship between security professionals and the users they support.