Author: nlqip

One wrinkle in the wide-load trucks-on-the-freeway analogy is that at a certain size, UDP packets are too large to transmit without being broken up. So, while the attacker is successful in significantly amplifying the DNS responses, when the packets reach a certain size, they will get fragmented into smaller ones. Either way, the net result…

Read More

​Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. APT28 has been using this tool to exploit the CVE-2022-38028 vulnerability “since at least June 2020 and possibly as early as April 2019.” Redmond fixed the vulnerability reported…

Read More

Many companies and organizations around the world have issued mandatory work-from-home policies due to the COVID-19 pandemic. When companies find themselves in a situation like we are in today, going from a zero percent remote workforce to 100 percent in a matter of days, it can be daunting. What used to be safe, thanks to…

Read More

In the fall of 2020, many countries began to require that travelers test negative for the new coronavirus before crossing their borders. As with anything of value, a black market soon emerged. Travelers could illicitly purchase forged negative COVID-19 test results and try to fake their way through the checkpoint. Goodness knows, we’ve already seen…

Read More

MS-ISAC ADVISORY NUMBER: 2023-138 DATE(S) ISSUED: 12/11/2023 OVERVIEW: A vulnerability has been discovered in Apache Struts 2, which could allow for remote code execution. Apache Struts 2 is an open-source web application framework for developing Java EE web applications. Successful exploitation could allow for remote code execution in the context of underlying operating system. Depending…

Read More

Reasons for Credential Spills In some of the incidents, organizations were willing and able to disclose the reason credentials were compromised. While every incident is a little different, we’ve highlighted a few here that are particularly instructive (or just frustrating). In short, there’s no shortage of opportunity, even for unsophisticated threats. A Breach from Beyond…

Read More

This is the third in our series on the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC). Our previous articles introduced the DoD CMMC model and how to prepare for DoD CMMC audits. This final article covers how a CMMC audit is expected to play out for an assessed organization. In an American court…

Read More

F5 Labs in collaboration with Effluxio researches global attack traffic to gain a better understanding of cyberthreat landscape. In this episode of regional threat analysis, F5 Labs researchers break down the data collected by our sensors on attacks targeting India from October 1 through December 31, 2020. Cyberattacks happen in many forms, but it usually…

Read More

Introduction F5 Labs attack series education articles help you understand common attacks, how they work, and how to defend against them.    What is a Trojan? A trojan is any type of malicious program disguised as a legitimate one. Often, they are designed to steal sensitive information (login credentials, account numbers, financial information, credit card…

Read More

Accounting for the slight dip in 2019, password login attacks account for 32% of all reported SIRT incidents over the past three years. We also saw how they jumped in 2020, so we did a deeper dive into how these kinds of cyberattacks ramped up during the pandemic. Credential Stuffing Attacks at Financial Services Organizations…

Read More