Author: nlqip
What Is Cybersecurity, Anyway? Another issue in our field is that many organizations seem to build security staffing requirements around a bachelor’s degree in computer science. It is possible that this was a good strategy once, but computer science degrees and security are increasingly mismatched, for several reasons. Most people in computer science programs want…
Read MoreF5 Labs was honored to host two Howard University undergraduate students, Malaya Moon and Akosua Wordie, as part of a Summer Security Practicum program. These two students assisted F5 Labs staff with analyzing and classifying web sensor data, and they dived deep into attacks against South Africa from the first part of 2021. By doing…
Read MoreFraudulent Unemployment Claims Signal Consumers to Step Up Personal Identity Protection | F5 Labs
- by nlqip
Fraudulent unemployment claims filed by attackers against residents of the state of Washington and at least six other U.S. states are sending worried consumers into panic. Many are caught completely off guard by letters they’ve received from their states’ employment security departments notifying them that their unemployment claim is being processed. The problem? They didn’t…
Read MoreIt’s that special time of year again! In perhaps the most festive of all end-of-the-year traditions, the cyber security community tries to predict the next big scary incident which will make headlines in the new year. At the risk of sounding cynical, building strategies to respond to cyber security threats are a bit like New…
Read MoreFive Key Cybersecurity Skills In part one, we explained why it’s better to grow your own cybersecurity experts than shop on the open market. If CISOs can find people who are inspired by security, and who are willing and humble enough to go the distance, they should hold on to them—these are the people to…
Read MoreCreating an encrypted HTTPS website depends on a lot more than simply throwing a digital certificate at it and hoping for the best. In fact, Transport Layer Security (TLS) and HTTPS misconfigurations are now so commonplace that in the 2021 OWASP Top 10, Cryptographic Failures now comes in second place…. Source link lol
Read MoreMS-ISAC ADVISORY NUMBER: 2023-144 DATE(S) ISSUED: 12/20/2023 OVERVIEW: Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.…
Read MoreAnother interesting aspect of Figure 3 is identifying when vulnerabilities drop off for periods of time. In October we identified two recently released vulnerabilities, CVE-2022-40684 and CVE-2022-41040, in our logs. Both are severe vulnerabilities; CVE-2022-40684, an authentication bypass vulnerability in various Fortinet security appliances, has a CVSS 3.1 score of 9.8, and CVE-2022-41040, an escalation…
Read MoreRegulators are increasing enforcement actions and penalties against the big banks for failures in cyber risk management, and the rest better take notice. Between August and October of 2020, the Office of the Comptroller of the Currency (OCC), an independent bureau of the U.S. Department of the Treasury, imposed $625 million in fines on major…
Read MoreAlthough the attack scan traffic into the United States is in line with the proportion of the assigned IP addresses, most of the other countries are not. The extreme outlier that stands out is Malaysia, rising to second place in Q3 2021. Examining Attacks on Malaysia from China Since this is so unusual, we examined…
Read MoreRecent Posts
- Bob Sullivan Discovers a Scam That Strikes Twice
- A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA