Month: April 2024
One thing to consider about the Q1 2018 data is that it’s only one quarter in comparison to the annual averages of 2016 and 2017, and that Q1 typically receives the least number of attacks of any quarter. If attacks against North America decline in Q2, as they have done the past 2 years, the…
Read MoreWith the explosive growth of the Internet of Things, and the increasing threat posed by botnets that leverage IoT, more must be done to ensure IoT devices include security by design, says David Holmes, principal threat researcher at F5 Networks. The Named Data Networking project can play a critical role, Holmes says in an interview with…
Read MoreF5 threat researchers detected attackers actively exploiting the rTorrent client through a previously undisclosed misconfiguration vulnerability and deploying a Monero (XMR) crypto-miner operation. The rTorrent client misconfiguration vulnerabilities include: No authentication required for XML-RPC communication Sensitive XML-RPC method is allowed (direct OS command execution) Attackers are actively exploiting this vulnerability in the wild by scanning…
Read MoreCISOs could always use more help, it’s as simple as that. As part of an upcoming report on protecting applications, F5 engaged Ponemon to survey security professionals. The survey found that 44% of respondents reported “lack of skilled or expert personnel” as the “main barrier to achieving a strong application security posture.” Our previous F5…
Read More
Hypothesis-driven threat hunting is a tailored, proactive, and deeply analytical approach to cybersecurity. It leverages the acumen of seasoned security experts to predict and pre-empt potential attack vectors, delivering a dynamic and robust defense against the sophisticated threats that modern enterprises face. What Is Hypothesis-Driven Threat Hunting? Hypothesis-driven threat hunting is a proactive cybersecurity program…
Read MoreThe security community was just taking a breather because we hadn’t seen a massive DDoS attack since the Mirai thingbot took down Dyn in October 2016 with a 1.2 terabit per second DDoS attack. Yesterday, that world record attack was broken when GitHub was hit with a 1.3 terabit per second DDoS attack.1 This attack…
Read MoreAn orchard of cybersecurity law is growing in Asia. Now based in Singapore, your intrepid reporter is bumping into these cyber laws not as a participant (yet) but as an interested observer. Like the data-protection laws recently passed throughout the region, these cybersecurity regulations have a lot in common with each other. Singaporeans are known…
Read MoreIt’s inevitable. Every organization needs externally-developed applications to some degree or another. Increasingly, these apps are web-based and accessed over the Internet. As part of a forthcoming report on protecting applications, F5 commissioned a survey with Ponemon. In it, we asked security professionals what percentage of their applications (by category) were outsourced. The top answers…
Read MoreLast week, F5 threat researchers spotted a Monero (XMR) crypto-mining campaign that was taking advantage of a user configuration vulnerability in the rTorrent client, specifically misconfigured XML-RPC functionality. This misconfiguration vulnerability in rTorrent allows an unauthenticated user to execute methods in the rTorrent client using HTTP requests. After deeper analysis of the attack logs, F5…
Read MoreFigure 1: Cost of confidential data breach – F5 Ponemon security survey What do breach costs consist of? They can include anything from incident response investigation costs, remediation costs, reputation damage, loss of sales, operational downtime, and compliance penalties. Another significant cost that hasn’t historically been a major contributor to breach costs but is…
Read More