Author: nlqip
While investigating a recent threat campaign, F5 researchers encountered a strange behaviour where malicious requests were originating from legitimate Googlebot servers. This relatively infrequent behavior could potentially have serious consequences in environments where the trust level given to Googlebot influences an organization’s security decisions. The Trust Paradox Google’s official support site advises to “make sure…
Read MoreIn my year-long research project, the F5 Labs’ 2018 Application Protection Report, I asked if security professionals used storage encryption for data and applications. About 19% of survey respondents said they didn’t do any while 39% said they used encryption most of the time and 42% said they used it some of the time. What…
Read MoreIn simpler times, cybersecurity was a fairly straightforward proposition. You had your firewall, your gateway. You monitored traffic and scanned for viruses. The bad guys weren’t even always that bad, per se. Sometimes they were just there for kicks. But these are not simpler times. In today’s world of sophisticated criminals, hacktivism, espionage and cyber…
Read MoreOverall, the dollar losses are mounting, but the number of incidents has stayed pretty much the same, averaging 9 per year. During the uptick that occurred around 2013, the average jumped from three incidents per annum in previous years to 11 afterwards. What happened in 2013? Well, it was the Year of Bitcoin, per Forbes…
Read MoreStep 3: Investigate the State of IoT Usage within Your Organization Never believe what you’ve been told or your own assumptions. You need to find out for yourself what IoT devices are already in use within your environment. It’s dangerously naïve to assume there aren’t any in place already. Just like standard IT security risk…
Read MoreIt’s always interesting to watch how the ongoing digital transformation of our lives is changing the world in ways we never would have anticipated years ago. Financial information, social interactions, even our physical locations may be up for grabs in cyberspace, with real-world ramifications. For a few weeks this fall, the U.S. was fixated on…
Read MoreData from the Retail Cyber Intelligence Sharing Center (R-CISC) echoes the F5 SOC findings and shows that dramatic increases in shopping activity actually continue into January, making retailers a likely target of attackers.1 In a 2018 survey of R-CISC members, respondents expressed their concern, identifying phishing, credential compromise, and account takeover (ATO) among their top…
Read MoreWe who live risk management know there are four responses when confronted with a credible risk to our organizations. We can treat the risk to reduce it. We can avoid the risk by altering our organization’s behavior. We can transfer the risk with insurance or outsourcing, though the transfer is rarely complete. Lastly, we can…
Read MoreThe National Cyber Security Centre (NCSC) was formed in 2016 to help protect the UK’s critical services from cyber attacks and help providers of those services manage major cyber incidents. NCSC has repeatedly warned that a major attack on critical national infrastructure is a matter of when, not if. Despite this, a recent cyber security…
Read MoreIntroduction In the 2018 Application Protection Report, we mentioned the potential vulnerabilities associated with application programming interfaces (APIs). These APIs specify how various application components and clients should autonomously interact with each other to deliver the application experience. Through APIs, software services exchange commands and data. Because of this, APIs are tantalizing morsels for predators…
Read MoreRecent Posts
- IBM VP On Power11 Release: ‘It’s More Tools In Our Partners’ Belts’
- The Dark Side of Domain-Specific Languages: Uncovering New Attack Techniques in OPA and Terraform
- Microsoft 365 Admin portal abused to send sextortion emails
- Everything That You Need to Know About the Dark Web and Cybercrime | BlackFog
- Security plugin flaw in millions of WordPress sites gives admin access