F5 Labs has released a new open-source tool to check for HTTPS misconfigurations of public and internally hosted HTTPS websites. Source link lol

Read More

The rush to deploy remote access solutions can bring unexpected risks to light. Source link lol

Read More

There is no cease-fire in the continuing battle against malware. Qbot, a banking trojan malware active since 2008, is back in business with new functions and new stealth capabilities. In the past 12 years, this malware has gone by a handful of names, including Qakbot and Pinkslipbot. Despite all the variations and evolutions, Qbot’s main…

Read More

Difficult security incidents are unique and valuable opportunities. They are the sort of testing you can’t buy: real-world, un-simulated, and direct. No pen-test or code review is going to do what a serious incident will. They are priceless jewels, but only if you use them for all they’re worth. Capturing that value is only possible…

Read More

This is the first in a three-part series on the new Department of Defense (DoD) audit requirement called Cybersecurity Maturity Model Certification (CMMC). This first part introduces CMMC and what it means for the future of U.S. government suppliers of cybersecurity. Part two will discuss how to prepare for a CMMC audit. Part 3 will…

Read More

The Application Protection Research Series is an ongoing project at F5 Labs that provides an overarching view of the application security landscape. While detailed analyses of specific attacks are critical for defenders to adapt to emerging techniques, it is easy to overemphasize tactics over strategy if those kinds of analyses are the only thing we…

Read More

Editor’s Note: F5 Labs is a threat research and analysis team within F5 Networks. As a relatively small team of researchers, evangelists, and writers who produce vendor-neutral threat-related content, we look forward every summer to the opportunity to bring in a college intern to help us with special research and data analysis projects. In the…

Read More

Ransomware is not the hottest topic around right now. But that may be deceptive as to its proliferation, because figures show it is still very much alive and kicking. It only takes a quick glance at the rest of the world to see the devastating effects ransomware attacks can have on public and private sector…

Read More

These kinds of incidents make it clear that the development teams behind these applications assumed that APIs were difficult to find. In all likelihood, they were prioritizing both application functionality and development speed over security. In other words, they “just had to get it to work.” This is a practical illustration of our thesis from…

Read More