F5 Labs

Performing a risk analysis and taking due care are no longer optional.

Every week another bug, vulnerability, or exploit is released - we need a multi-layered security strategy (beyond our standard patch “spin cycles”) to deal with threats like Spectre and Meltdown.

How moving application into the cloud can make your organization stronger and more valuable to your customers.

With Mirai rearing its ugly head again, we’re revealing its C&C hostnames so organizations can update their denylists and protect themselves.

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.

The safest way to run a network is to assume it’s going to breached, but that also means minimizing your liability and ensuring the executive team is fully aware of what is going on.

Most security researchers have good intentions, but ethics must play a central role in the decisions they make.

Bleichenbacher attacks will likely continue to pop up until TLS 1.3 is fully adopted, which could take years.

In Part 5 of this blog series, we use inversion modeling techniques to develop a high-level protection strategy.

Security teams can fulfill the CISOs responsibilities and help business groups become more security-savvy by working through the due diligence and due care process together.

New Apache Struts campaign, Zealot, targets vulnerabilities in Windows, Linux, and the DotNetNuke CMS, then leverages leaked NSA exploits to move laterally through internal networks and mine Monero.

With billions of data records compromised, it’s time to reconsider whether passwords are our best means for authenticating users.

Strong security starts with understanding exactly what you need to protect and where it resides within your organization.

F5 Labs researched 433 breach cases spanning 12 years, 37 industries, and 27 countries to discover patterns in the initial attacks that lead to the breach.

Good security is highly dependent on hospital staff being well trained and having the discipline to follow security processes—manual and otherwise—to the letter.

F5 Labs' David Holmes writes for LinkedIn, discussing whether cryptocurrencies are a scam or a revolution.

How this cloud startup met its goals for security and availability right out of the gate by setting goals, doing a risk analysis, and examining tradeoffs.

In Part 3 of this blog series, we demonstrated modeling the threat landscape along with executive threat-modeling. In this blog, we discuss the importance of defining controls.

Seriously, how many colors are there? And how many of us share the same love of one of those limited choices?

Learn about the tricks attackers use to dupe unsuspecting users and how you can help protect them—and your organization.