F5 Labs

F5's Tristan Liverpool writes for TechRadar, explaining why some companies hire ethical hackers and where to find them.

Europe was Canada’s primary source of attack traffic targeting VoIP systems and web applications.

F5 Labs' Preston Hogue writes for Security Week, discussing how the shift to DevSecOps brings a massive shift in the application landscape with real cultural impact on security teams.

There are gaps in security programs between what we think is going on, and what’s really going on. In this final part in our trilogy, we examine the possible causes for this—and solutions to close these gaps.

Web injection represents an even greater risk than it did previously, thanks to the growth of third-party content and increasingly complex attack surfaces.

In April, threat actors focused on targeting vulnerabilities that had the highest impact: this month it was a recently released deserialization vulnerability in Oracle WebLogic Server.

F5 Labs' Preston Hogue gives a video interview to Bank Info Security, discussing the importance of application threat intelligence to DevSecOps professionals.

Attackers using IP addresses in Vietnam, China, and Russia focused on attacking applications over Samba, SSH, and HTTP.

Gozi authors, who targeted banks in Canada, France, and the US in January 2019, shifted their targets to Italian banks in February 2019.

SETTINGS frame abuse and Slow POST attacks in HTTP/2 can lead to CPU and memory exhaustion.

Panda malware is back with a March 2019 campaign that targets U.S. companies, and moves from cryptocurrencies to targeting web giants.

Attackers using IP addresses in China, the United States, and the Netherlands focus on attacking applications over SSH, SMB and HTTP.

Ramnit’s latest configuration targets Europe leading up to tax season, focusing on Italian banks and international online advertisers.

More stories from CISOs who describe how they would “do it over” again in some of their early security program deployments.

Attackers are using IP addresses in the Netherlands, United States, and China to target systems in Europe over SIP, Microsoft SMB, and SSH.

In March, threat actors focused on targeting vulnerabilities released in the last few months. WordPress Easy SMTP Plugin Authentication Bypass vulnerability attacks had the most impact during that time frame.

Analysis of public breach reports showed a relationship between business models and breach vectors, with injection and phishing the leading causes.

When it comes to perceptions of risk and defense, there’s a measurable gap in some areas between security leadership and lower-level security technicians. This can lead to a misalignment of resources, unnecessary blame-storming, and diluted effectiveness.

F5's Preston Hogue writes for Security Week, weighing in on building trust and reputation in the Digital Era.

F5's Lori MacVittie writes for Tripwire, Inc., sharing five easy steps you can take to help improve security without sacrificing speed.