“Quantity has a quality all its own”—a quote apocryphally attributed to Joseph Stalin. As part of the research that went into F5 Labs’ 2018 Application Protection Report, we surveyed information security professionals. We found that 37% of respondents were from organizations with more than 5,000 people. Here’s how the percentages broke down: What is the…
Read MoreF5 Labs' David Warburton writes for Venafi, explaining one of the key strategies for improving the use of OCSP for certificate revocation. Source link lol
Read MoreFirst detected in May 2018, DanaBot is a fraud trojan that has since shifted its targets from banks in Australia to banks in Europe, as well as global email providers such as Google, Microsoft and Yahoo for the holiday phishing season. Source link lol
Read More
Apr 23, 2024The Hacker NewsThreat Hunting / Software Security In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and third-party dependencies to breach even the most formidable defenses. But what if you could turn the tables and proactively…
Read MoreThose of us at a certain age (ahem) grew up in a simpler time. Email was largely unheard of. There was no social media, no Facebook, Twitter or Instagram. There was no e-commerce, no Amazon, Alibaba or Taobao. No online banking. No online dating. Credit card transactions were processed manually. Local businesses accepted personal checks.…
Read MoreThere is an unspoken assumption that pervades the information security industry. It is a vestige from the days when system administrators were the security staff, and the ways in which customers and organizations interacted with the Internet were markedly different from how they are now. This assumption is that the boundary that separates our network…
Read MoreKey Points Only a few days after the ThinkPHP vulnerability was discovered, it is already being exploited on the Internet. Almost 46,000 servers, most of which are located in China, are potential targets for this exploit. Multiple campaigns have been launched simultaneously by different threat actors, which might suggest the infection potential. Campaigns vary from…
Read MoreAt F5, we dedicate a lot of time to identifying and validating vulnerabilities. We use a variety of vulnerability scanning tools at a regular, frequent tempo to give us an up-to-date picture of our risk footprint. On top of that, we pay attention to user reporting, information we get from various threat intelligence sources, and…
Read More
A concerted effort by global law enforcement agencies has successfully dismantled LabHost, a notorious online platform specializing in phishing kits. Since its inception in 2021, LabHost accrued over $1 million in profits by providing cybercriminals with the tools to impersonate trusted websites and steal sensitive user data. The coordinated operation against LabHost resulted in 37…
Read More(The fifth entry on the list, “12345,” inevitably brings to mind the excellent Spaceballs: “1-2-3-4-5? That’s the stupidest combination I’ve ever heard of in my life! That’s the kinda thing an idiot would have on his luggage!)” Top Attacked Username and Password Pairs: Credentials Every security team should make it a priority to ensure that…
Read More