Tag: CISO
Even Strong Defenses May Contain Weaknesses One could argue that fraudsters’ tactics are not novel and that investing in specialized products with machine learning and artificial intelligence should solve the issue of fraud. But somehow fraudsters still manage to outsmart security defenses. In a recent discussion that F5 Labs had with the head of the…
Read MoreAs Figures 5 and 6 illustrate, CAPTCHA solver services have made it possible for attackers to completely circumvent CAPTCHAs, including Google’s latest version called CAPTCHA Enterprise (not shown here). The Business of Human CAPTCHA Solvers In many respects, CAPTCHA solver services operate like any legitimate enterprise, and they are clearly in business to make a…
Read MoreHeadlines about breaches and compliance penalties give us a strong idea of what we do not want for our security programs. Of the breaches in 2020, the financial sector had the highest percentage at 17 percent, as noted in the 2021 Application Protection Report. With breaches, come regulator attention. In 2017, New York’s Department of…
Read MoreUpdate, June 22, 2022: In light of the root cause analysis published by Cloudflare for their recent outage, we thought we’d refresh this article since it remains relevant. Much as was the case with Facebook back in October 2021, the downtime was the result of a misconfiguration of BGP – in the case of Cloudflare,…
Read MoreSingle points of failure are the bane of engineering, and engineers put great effort into eliminating them from the systems they design. Increasingly, however, companies are handing over large amounts of their IT infrastructure and application portfolios to third-party providers. This reveals an interesting form of the single point of failure. If an organization uses…
Read MoreTo find the correct password, attackers must check word after word until they find one which outputs the same hash value as the one they have stolen. While this sounds tedious, password cracking tool, such as Hashcat, are capable of calculating billions of hashes per second on a single computer. Renting cloud computing services allows…
Read MoreThe 2021 Application Protection report notes that ransomware was a factor in roughly 30 percent of U.S. breaches in 2020. Looking at the breach analyses, we found some of the most important controls were user account management, network segmentation, and data backup. We realize that implementing these controls can be difficult, so this article goes…
Read MoreBanking has undergone some huge transformations over the last decade as it becomes more embedded in consumers’ everyday lives. In the last year alone, technology adoption in banking has accelerated at an unprecedented rate due to the COVID-19 pandemic. A testament to this India, where digital payments over the unified payment interface (UPI) increased from…
Read MoreYou also need to restrict administrative access at the application level. This can mean that only certain individuals have administrative privileges in the app, or it can mean that administrators can only access the control surfaces from specific subnets. Data sources for the application, whether internal or external, need to be treated to the same…
Read MoreF5’s executive leadership got an urgent message: a malicious actor within the company was sending confidential information to a third party that could put customers at serious risk. We immediately formed a combined response team of technical cybersecurity experts, executives, and business process stakeholders. Working together, we began to gather information about the nature and…
Read More