Over the years, I’ve seen articles comparing cybersecurity to martial arts, so I’ve been reluctant to write one. I’ll be the first to admit, I’m no Jeremiah Grossman, black belt in Brazilian Jiu-Jitsu, but I have done martial arts on and off since I was in elementary school. Now that my son has begun that…
Read MoreF5 Labs published the first edition of our annual Application Protection Report in July 2018. For that report, we collaborated with Whitehat Security, Loryka, the Ponemon Institute, and Whatcom Community College’s Cybersecurity Center to analyze a wide range of data from 2017, and offer a comprehensive breakdown on the threats, tactics, vulnerabilities and impacts facing…
Read MoreIntroduction This year we are releasing our 2019 Application Protection Report as a series of short, tightly focused episodes. This helps ensure we provide timely threat intelligence that our readers can add to their own threat models and use to prepare appropriate defenses and responses. Last episode, we focused on PHP’s continuing run as one…
Read MoreThere’s no doubt your information is out there. And at a certain point, you have to assume it’ll be exposed. So now what? With everything that’s happened in cybersecurity over the past few years and in the wake of so many high profile breaches all over the world, it’s time for a shift in mindset.…
Read More
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In an era where technology and transportation converge, the fusion of vehicles with IoT technologies heralds a new dawn of mobility. This leap…
Read MoreAs we can see in Figure 8, the developers for SG Optimizer added a permission_callback command to the newly registered REST API routes. This indicates that prior to version 5.0.13, the SG Optimizer plugin had various privilege escalation vulnerabilities. Those vulnerabilities allowed any threat actor to send a malicious request to these registered REST API…
Read MoreF5 Labs researchers combed through lists of organizations whose cloud resources have been exposed since 2017 due to intentional insecurity. The growth rate from 2017 to 2018 was an alarming 200%. So far in 2019, with an average of 2.5 breaches per month, we would expect to see a total of 30 breaches by the…
Read MoreConclusion Organizations should continually run external vulnerability scans to discover what systems are exposed publicly, and on which specific ports. Any systems exposed publicly with the top attacked ports open should be prioritized for vulnerability management. A lot of the attacks we see on ports supporting access services like SSH are brute force, so any…
Read MoreIn the Ramnit configuration, there were a number of targets that didn’t belong to a particular company or website: Instead, there were several words in French, Italian, and English. This is an innovation we have not seen in previous Ramnit configurations. It appears as though the Ramnit authors cast a wider net in hopes of…
Read MoreThere's often a gap between what we say we need for an effective security posture, and what we actually do. Examining the gaps between "best practices" and reality helps us get to more tangible results. Source link lol
Read More