Tag: Education
In the beginning, attackers built their own botnets by scanning the Internet for vulnerable devices and then compromising them with malware that enabled attackers to remotely control the bots. Sadly, attackers don’t even need to build botnets anymore; they can rent DDoS-for-hire botnets from operators who charge very little money for short-term (but effective) attacks.…
Read MoreTogether, these three principles form the cornerstone of any organization’s security infrastructure; in fact, they (should) function as goals and objectives for every security program. The CIA triad is so foundational to information security that anytime data is leaked, a system is attacked, a user takes a phishing bait, an account is hijacked, a website…
Read MoreOne wrinkle in the wide-load trucks-on-the-freeway analogy is that at a certain size, UDP packets are too large to transmit without being broken up. So, while the attacker is successful in significantly amplifying the DNS responses, when the packets reach a certain size, they will get fragmented into smaller ones. Either way, the net result…
Read MoreIntroduction F5 Labs attack series education articles help you understand common attacks, how they work, and how to defend against them. What is a Trojan? A trojan is any type of malicious program disguised as a legitimate one. Often, they are designed to steal sensitive information (login credentials, account numbers, financial information, credit card…
Read MoreIntroduction F5 Labs education articles help you understand basic threat-related security topics. At the most fundamental level, IT security is about protecting things that are of value to an organization. That generally includes people, property, and data—in other words, the organization’s assets. Security controls exist to reduce or mitigate the risk to those assets. They…
Read MoreSo How Good Are Sectors for Predicting Risk? Based on these analyses, it appears that the answer is “not bad, but it depends.” On one hand, we can identify specific patterns that seem to map to characteristics about those sectors. We already knew that the Retail Trade sector is heavily targeted by attacks that are…
Read MoreWhat Is SQL Injection? SQL injection is a technique used by attackers to gain unauthorized access to one of an organization’s most critical assets: the database that supports its website. In most cases, it is website vulnerabilities that allow an attacker to insert (or inject) instructions where the application is expecting only data. SQL injection…
Read MoreIntroduction F5 Labs attack series articles help you understand common attacks, how they work, and how to guard against them. What Is Cross-Site Scripting? Cross-site scripting, commonly referred to as XSS, is one of many types of insertion attacks that affect web-based applications and, by extension, their users. It occurs when a vulnerability in an…
Read MoreAPIs Power Applications—and Pose Security Challenges Application programming interfaces (APIs) form the chassis for modern applications. They are interfaces to software components that developers use to integrate valuable information into their applications (like Google Maps in a rideshare app or YouTube videos into a webpage) and they are everywhere—even in security products. APIs are key…
Read MoreFraudulent unemployment claims filed by attackers against residents of the state of Washington and at least six other U.S. states are sending worried consumers into panic. Many are caught completely off guard by letters they’ve received from their states’ employment security departments notifying them that their unemployment claim is being processed. The problem? They didn’t…
Read More