Among security professionals specifically, the gap is even more significant: 47% chose security and only 26% said availability. This isn’t a surprise—security has been steadily ascendant for the past three years. In 2015, availability was the clear leader at 40% over security’s 32%. But the next year the two categories were neck and neck…
Read More“The digital economy is firmly entrenched, and has an appearance that promises prosperity; but in this world, nothing can be said to be certain, except death, taxes, and vulnerabilities.” With many apologies to Benjamin Franklin, to whom the original, unaltered quote on which this one relies is typically attributed. Unlike the forecasts for snow in…
Read MoreAccept that breaches are inevitable in today’s world, then take these steps to reduce the chances of a large-scale, headline-making compromise. Source link lol
Read MoreIf you’re not evaluating risk in terms of likelihood and impact, you could be focusing your security efforts in all the wrong places. Source link lol
Read MoreF5 security researchers analyzed the Ramnit banking trojan campaign that was active over the holiday season and discovered it’s not much of a banking trojan anymore. 64% of its targets were retail eCommerce sites, including Amazon.com, Best Buy, Forever 21, Gap, Zara, Carter’s, OshKosh B’gosh, Macy’s, Victoria’s Secret, H&M, Overstock.com, Toys“R”Us, Zappos, and many others.…
Read More
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. Researchers believe that behind the campaign is CoralRaider, a financially motivated threat actor focused on stealing credentials, financial data, and social media accounts. The hackers deliver LummaC2, Rhadamanthys, and Cryptbot…
Read MoreThe obvious takeaway here is that these two most commonly breached application vulnerabilities represent low hanging fruit for attackers. Forum software is a favorite target for attackers because they consume user content that if not sanitized properly could be a crafty little malicious script that injects a PHP backdoor. Forum makers (as well as CMS providers…
Read MoreWe’re celebrating our one-year anniversary here at F5 Labs, the application threat intelligence division of F5! Although F5 researchers have been providing threat-related, F5-specific guidance to our customers for many years through DevCentral, the time was right a year ago today to launch a dedicated website that provides the general public with vendor-neutral, application-focused, actionable…
Read MoreWe’re in an exciting time in our profession. There is a lot of new technology, a huge demand for our skills, and a bright future that promises only more work for us. Yet, this excitement is a two-edged blade. We often hear from peers about how hard it is to hire good security folks. My…
Read MorePreviously, I’ve talked about four primary risk treatment options: mitigate, avoid, accept, and transfer. Over the history of the security industry, we’ve tended to focus on mitigation. Implementing controls is where the action is. As IT has largely become a consumption model, I would argue that risk transfer is catching up with mitigation and becoming…
Read More