F5 Labs

When security solutions don’t work as planned, embrace the complexity and use Systems Theory tools to adjust, regulate, and redefine.

The Ramnit banking Trojan continues to evolve, this time with the intent of making the malware harder to detect.

Faced with competing pressures, CISOs are ultimately the experts at assessing what’s truly at stake in their organizations.

It’s easy to brush off low-risk vulnerabilities as trivial—until they’re combined to create a deep-impact attack.

Getting the security investments you need often comes down to making your case to management in terms of operational risk.

Nearly 200,000 servers are still vulnerable to Heartbleed—and the organizations who own them might surprise you.

As security professionals, we often feel like we’re fighting a losing battle when it comes to cyber security.

When someone from the IT group gets promoted into security management, a common first lesson is that “geek culture” is ineffective in the boardroom.

In just four short years, encryption estimates have gone from almost non-existent (in the low single digits before 2013) to just over 50% by the end of 2016. How much of a victory is this?

One of the pillars of DevOps is automation. Along with that comes orchestration, which some might guess to be automation at a higher level of abstraction.

Hi. I’m Mike Convertino, CISO of F5 Networks, and I want to welcome you to an experiment we’re conducting here at F5. We’ve laid the foundation of this CISO to CISO portal on an idea that has traditionally been somewhat controversial in the security community: openness.

I’ve mentioned before how important strong risk management is to a CISO. When it comes to risk, the applications our users depend on are a big concern. In F5's 2016 State of Application Security survey, a majority of respondents cited security around applications as an area of great concern.

So far, we’ve seen IoT DDoS attacks on a Death Star scale. What's next for those of us that may be caught in the blast?

TrickBot, the latest arrival to the banking malware scene and successor to the infamous Dyre botnet, is in constant flux.

A new DDoS attack vector that leverages LDAP for reflection-amplification attacks is seeing increased usage.

We’ve all seen after-the-fact security camera footage of a wide variety of crimes splashed across social media and news sites. This visibility is a critical component of any judicial system, as it helps identify who did what and provides crucial, objective evidence of what actually happened.

Recently there have been several reports of a financial malware named TrickBot; this malware's code looks similar to Dyre.

According to DARPA, it takes an average of 312 days for security pros to discover software vulnerabilities such as viruses, malware, and other attacks. In hacker time, that’s a virtual eternity in which bad actors can wreak havoc.

The latest evolution of cyber weapons is brought to you by the default passwords in Internet of Things (IoT) devices.

The Mirai botnet has infected hundreds of thousands of Internet of Things (IoT) devices, specifically security cameras, by using vendor default passwords for Telnet access.