Just two weeks ago a new Apache Struts 2 critical remote code execution vulnerability was published,1 and F5 researchers have already detected known threat actors exploiting it in a new crypto-mining campaign: CVE-2018-11776 Apache Struts 2 namespace vulnerability allows unauthenticated remote code execution. In this Monero crypto-mining campaign, the injection point is within the URL.…
Read More“These access points have a role in not only networking for AI, but also AI for networking,” said HPE Aruba’s VP of product and community marketing Larry Lunetta, in reference to HPE Aruba’s acquisition target Juniper Networks’ CEO Rami Rahim’s own take that the industry is just scratching the surface with AI networking. HPE Aruba…
Read MoreIn July 2018, F5 released its first annual Application Protection Report. As part of the report, F5 commissioned Ponemon to survey of 3,135 IT security practitioners across the world. The survey collected information about respondent’s application security processes. A key question asked for respondents to name their organization’s primary owner of application risk. In theory,…
Read More“I’m excited to work with a team that has built a truly differentiated approach to helping customers cut through the noise to detect hybrid cyber-attacks quickly and at scale,” said Jeff Reed, Vectra AI’s new chief product officer. Cybersecurity all-star Jeff Reed has left Google Cloud to join security firm Vectra AI with the goal…
Read MoreFigure 4: Dynamically resolving Windows API functions In conclusion, sometimes changes, even minor ones such as this one, are enough to break a working automation process, and they require some time to investigate. That’s how the malware’s authors gain precious time to defraud unsuspecting victims before security vendors can denylist their servers. As a reminder,…
Read More‘This isn’t a feature that will allow partners to steal other customers,’ Microsoft program manager Brent Serbus said on a call Wednesday. A Microsoft partner program manager says the tech giant’s upcoming partner-to-partner new commerce experience license transfer policy for the Cloud Solution Provider program is not designed to encourage solution providers to poach customers…
Read MoreThe UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. The attack led to an outage that impacted the Change Healthcare payment, affecting a range of critical services used by healthcare providers and pharmacies across the U.S., including payment processing, prescription…
Read MoreAs the world’s ongoing conversion to the digital realm continues, the risks involved with protecting sensitive information will only intensify. For security teams, this means expanding your view of risk and considering factors outside your company when evaluating potential motivations for a breach. Companies have to keep an eye on current events in ways that…
Read MoreF5 Labs continually tracks DDoS trends based on data from various sources. Among the most important are the F5 Security Operations Center (SOC), the front line for mitigating DDoS attacks on behalf of F5 Silverline customers, and F5’s Security Incident Response Team (SIRT), which assists F5 customers who are under attack. This article is a…
Read MorePart 3 of CRN’s 2024 Big Data 100 includes a look at the vendors solution providers should know in the big data system and cloud platform space. All Systems Go Today’s “big data stack” includes databases, data management software and data analytics tools – all critical components of an effective operational or analytical data system.…
Read More