F5 Labs, in collaboration with Effluxio, researches global attack traffic to gain a better understanding of the cyberthreat landscape. Cyberattacks take many forms, but they often start with the hunt for exploitable services. We analyzed scans of global low-interaction honeypot traps across three quarters of 2021, specifically comparing activity from the first two quarters, January through June, against the third quarter, July through September. Peter Silva starts the clock for How Global Cyberthreats Changed Over 2021. Read the article: How Global Cyberthreats Changed Over 2021
How Global Cyberthreats Changed Over 2021
Posted in security | Tags: cyberattack, cyberthreats, ddos, f5, f5labs, phishing
What is Mutual TLS (mTLS)?
Mutual Transport Layer Security (#mTLS) establishes an encrypted TLS connection in which both parties use X.509 digital certificates to authenticate and verify each other. MTLS can help mitigate the risk of moving services to the cloud, and prevent malicious third parties from imitating genuine apps. So, let’s start the clock for What is mTLS?
Read the Article on F5 Labs.
Not only does F5 Labs provide freely available Threat Intelligence, they also have an Educational series covering many types of attacks, threats, and essential security concepts. If you are getting started in cyber security or there’s always been that one topic you’ve never quite understood, #F5Labs will help you learn the basics.
Cyberattacks at Banks and Financial Services Organizations
As part of the 2021 Application Protection Report, we looked at the top reported security incidents to the #F5 SIRT for the years 2018 through 2020. Now we’re taking a deeper dive into the reported security incidents at financial organizations, sometimes referred to as #BFSI for banking, financial services, and insurance institutions. Peter Silva starts the clock for Cyberattacks at Banks and Financial Services Organizations. Read the Report!
DDoS Attack Trends for 2020
Distributed Denial-of-service, or #DDoS, is a persistent threat facing businesses of all types, regardless of geographic location or target market. DDoS tools are becoming easier to use, while the attacks themselves are becoming more complex—frequently combining many different methods in one assault. With attack data from the F5 Silverline Security Operations Center and incidents logged by the F5 Security Incident Response Team (SIRT), I start the clock to check out DDoS Attack Trends for #2020 and read the article.
2021 Application Protection Report: Of Ransom and Redemption
Now in its 4th year, the #F5Labs 2021 Application Protection Report (https://www.f5.com/labs/articles/thre…) is our effort to boil the application security risk landscape down to put the initiative back into the hands of defenders. We analyzed more than 700 data breaches from 2020. Peter Silva starts the clock for an extended edition of some the highlights from F5Labs 2021 #APR in this episode of 90 Seconds of Security. Get your copy of the 2021 APR.
Posted in security | Tags: application protection report, apr, cyberattack, ddos, f5, f5 labs, malware, phishing, ransomware, video
Credential Stuffing Tools and Techniques
Credential stuffing is a type of cyberattack that uses credentials obtained from previous breaches to take over accounts on other web or mobile applications. This type of brute force attack relies on the fact that many people use the same usernames and passwords on multiple sites. See how attackers use #OpenBullet to create a Credential Stuffing attack. Let’s start the clock for #CredentialStuffing Tools and Techniques including #OpenBullet in this 90 Seconds of Security episode. And learn more at F5Labs.com
Posted in security | Tags: credential stuffing, f5, f5 labs, openbullet, phishing
F5 SIRT’s Top Reported Security Incidents, 2018-2020
The F5 Security Incident Response Team helps customers tackle security incidents in real time. In 2020, we talked about what happened in the beginning of the pandemic based on #F5 #SIRT cases. Now we’re looking back at all F5 SIRT cases from the beginning of 2018 to the end of 2020 and break down what changed and what didn’t in the cyberthreat landscape because of the pandemic. So, let’s start the clock to look at SIRT’s Top Reported Security Incidents, 2018-2020.
Credential Stuffing: Why It’s Here to Stay
Over the last few years, #F5 security researchers have identified credential stuffing as one of today’s foremost threats. The value of stolen credentials has created a vicious circle: organizations suffer network intrusions in pursuit of credentials, and credential stuffing in pursuit of profits. Understanding both the supply and demand sides of the market for stolen credentials is, therefore, key to understanding the risk that cybercriminals pose to organizations today. With 5 years of data, it is definitive: credential spills are here to stay. So, let’s start the clock for some harrowing data from the 2021 Credential Stuffing Report.
Get your copy: https://www.f5.com/labs/articles/threat-intelligence/2021-credential-stuffing-report
Posted in security | Tags: 90 seconds of security, credential stuffing, devcentral, f5, f5 labs, identity, identity theft, malware, phishing, shape security, silva, video
Key Trends from F5 State of Application Strategy Report
Get your copy: http://www.f5.com/stateofappstrategy
We all know how much the world has changed in the last year. And, the results of the most recent #F5 State of Application Strategy survey make it clear, the pandemic has vastly accelerated a global digital transformation that was already underway. Progress that might normally have taken a decade has leapt forward in a single year—with respondents maturing in their journeys toward digital expansion. So let’s start the clock and take a look at the astonishing progress apparent through several key markers revealed in our seventh annual survey. #SOAS
Posted in security | Tags: 90 seconds of security, api, cloud, devcentral, f5, multi-cloud, report, saas, soas, state of application services, telemetry
How Ransomware Has Evolved to Be Faster, Stealthier, and Strike Harder
Ransomware attacks have reached the boiling point. They’ve gone from nuisance to significant financial burden—as well as a mortal threat to critical infrastructure. Financial damage from ransomware attacks is in the hundreds of millions of dollars for some organizations. And, of course, our F5 Labs threat researchers have something to say about it. So, let’s start the clock to explore How Ransomware Has Evolved to Be Faster, Stealthier, and Strike Harder. Full article: https://www.f5.com/labs/articles/threat-intelligence/ransomware-how-it-has-evolved-to-be-faster-stealthier-and-strike-harder
Posted in application attacks, attacks, brute force, f5, f5 labs, ransomware | Tags: attacks, devcentral, f5, f5 labs, malware, phishing, ransomware, research, silva, video
Categories
- #f5agility15
- #F5Agility18
- #iamf5
- $491Billion
- 0day
- 12c
- 2010
- 2011
- 2012
- 2013
- 2014
- 2015
- 2016
- 2017
- 2018
- 2fa
- 3g
- AAA
- aam
- acceleration
- access
- account takeover
- aci
- acting
- adc
- adf
- adn
- ado
- adventure
- adware
- afm
- agility
- agility summit
- airwatch
- alliance
- aloha
- amazon
- analog
- analytics
- android
- annaversary
- anti-fraud
- anti-malware
- ap
- apac
- apache
- api
- apm
- apple
- Apple iOS
- application attacks
- application delivery
- application layer
- application services
- apps
- arguements
- arm
- arts
- arx
- asm
- attacks
- audio
- authentication
- automation
- automobile
- availability
- aws
- azure
- back yard
- badges
- baitphone
- banking
- barcelona
- baseball
- basics
- betsson
- big data
- big switch
- big-ip
- BIG-IP LTM VE
- big-iq
- biometrics
- blackhat
- blacklist
- blog
- blog series
- blog traffic
- blogging
- bloopers
- blue medora
- body
- boston
- botnets
- bots
- brainprint
- breach
- browser
- brute force
- Business Challenges
- byod
- cache
- california
- cano
- car
- carfax
- carrier
- castle
- ceo
- certificates
- certification
- ces
- channel
- chicago
- chinese
- chopsticks
- chromebook
- chronicles
- cisco
- citrix
- clothes
- cloud
- cloud computing
- cloud research
- cloud security
- cloud stats
- cloudexpo
- cloudnow
- code
- community
- compliance
- compression
- compute engine
- conference
- confucius
- connected-car
- consolidation
- consumer
- context
- converged
- costs
- courts
- credential stuffing
- credit
- credit cards
- credit report
- crime
- csa
- customer
- cve
- cvss
- cybersecurity
- darknet
- darkweb
- data center
- data loss
- data traffic
- database
- dbir
- dccloud17
- ddos
- deflate-gate
- demo
- desktop
- devcentral
- devcentral basics
- devices
- devops
- diamond head
- digital
- disaster recovery
- dlp
- dna
- dns
- dns attack
- dnssec
- doctors
- driverless
- dyi
- e-skin
- e-waste
- eating
- economics
- edge client
- edinburgh
- ediscovery
- education
- eicc
- em
- emea
- emergency preparedness
- emotions
- employment
- encryption
- end point security
- enterprise manager
- entertainment
- espionage
- euc
- events
- exchange
- exploits
- f5
- f5 day
- f5 labs
- f5 networks
- f5 ready
- f5access
- f5agility15
- failover
- family
- fashion
- fear
- featured
- federation
- fedramp
- feelings
- financial
- find f5
- fips
- fireeye
- firemon
- firepass
- firewall
- fireworks
- fitness
- food
- football
- fraud
- friend
- fud
- full-proxy
- fun
- future
- games
- gaming
- gangnam style
- gartner
- gartnerdc
- gdpr
- giacomoni
- github
- goldengate
- googlecloud
- government
- gps
- grateful
- grossman
- guardium
- hacking
- hagroups
- hawaii
- health care
- heartbleed
- high availability
- history
- holiday
- holmes
- home
- honolulu
- horizon view
- hospital
- house
- hp
- http
- http 2.0
- https
- human behavior
- humor
- hybrid
- hype
- hypecycle
- hyper-v
- iam
- iApps
- ibm
- icontrol
- icsa
- id analytics
- id theft
- idc
- identity
- identity theft
- image
- in 5 minutes
- industrial
- infoblox
- infographic
- information
- infosec
- infrastructure
- injury
- insecure
- insider
- integrated systems
- integration
- intellectual property
- internet
- interop
- interoperability
- interview
- intrusion
- ios
- iot
- ip intelligence
- ipexpo
- iPhone
- IPS
- ipsec
- ipv6
- irules
- it
- it style
- italy
- itc
- iworkflow
- journey
- july 4
- jumptheshark
- kaminsky
- king robert the bruce
- knowledge
- language
- law
- learning
- legacy
- legal
- license
- life
- lightboard
- linerate
- load balance
- login
- london
- lost
- loyalty
- lte
- ltm
- LTM Virtual Edition
- m2m
- mac os
- macvittie
- magecart
- mahea
- malware
- mam
- managment
- mangement
- maui
- maximo
- mcadam
- mcafee
- mdm
- mec
- media
- medical
- meditation
- meltdown
- memo
- memory
- microsoft
- milestone
- minnesota
- mirai
- mitigation
- mitre
- mobi
- mobile
- mobile apps
- mobile device
- monkey
- moore's law
- moving
- mqtt
- mTLS
- multi-tenancy
- multimedia
- music
- mvp
- mwc
- mwc15
- nature
- ncaa
- network security
- network virtualization
- new orleans
- new york
- nfl
- nfv
- nist
- noc
- node.js
- nouns
- nsx
- nttsecurity
- nutanix
- nvgre
- oahu
- oam
- oauth
- obsolete
- octagon
- office 365
- okta
- online games
- online threats
- oow
- oow14
- open source
- openssl
- openworld
- optimization
- oracle
- orchestration
- orlando
- outtakes
- owa
- owasp
- pandemic
- parody
- partner
- passwords
- patents
- pci
- pci-dss
- pcoip
- pd
- pearl harbor
- people
- peoplesoft
- performance
- performing
- perimeter
- persception
- personal device
- perspective
- pets
- pex
- phishing
- pii
- pindell
- pki
- play
- point of sale
- police
- policy
- pop-up
- pos
- practice
- predictions
- privacy
- profiles
- programmable
- proxy
- pulse
- punchbowl
- puppy
- q1 labs
- quarri
- rackspace
- ransomware
- rce
- rdp
- re:invent
- readyforany
- redtunnel
- reference_architecture
- refridgerator
- regulations
- remote access
- reports
- research
- resolutions
- retail
- rfid
- risk
- rivelo
- roaming
- robots
- rooster
- rowland
- rsa
- rsac
- rush
- s3
- saas
- saml
- san francisco
- scale
- scams
- scanner
- school
- scotland
- scripting
- sdas
- sdc
- sddc
- sdn
- seattle
- secure-24
- secure_web_gateway
- security
- security series
- senses
- sensors
- service provider
- services
- SGi
- shellshock
- shopping
- siem
- signaling
- signals
- silva
- silverline
- simplivity
- sir william wallace
- sirt
- skin
- smart
- smart city
- smart grid
- smartphone
- smarttv
- soad
- social media
- social networks
- social security
- society
- sony
- spc12
- spdy
- speaking
- splunk
- spoof
- sports
- springcm
- ssl
- ssl offload
- ssl orchestrator
- ssl protocol
- ssl vpn
- ssn
- sso
- stadium
- stadiums
- staffing
- standards
- stats
- storage
- stress
- subscriber
- summer
- superbowl
- supernetops
- survey
- swg
- synthesis
- synthetic ID theft
- sys-con
- tablet
- target
- tcl
- tco
- tcp
- teched
- technology
- testing
- thanks
- the analog kid
- theatre
- things
- thinkables
- threat
- throwback
- tla
- tls
- tmg
- tmos
- top 10
- tour
- toys
- trade show
- train
- training
- travel
- trends
- trojan
- tv
- two-factor
- Uncategorized
- universal
- unplug
- uptime
- utensils
- v11.3
- v12
- vbulletin
- vcenter
- vcloud
- vcmp
- vegas
- velocity
- verizon
- video
- view
- viprion
- virtual
- virtualization
- vmware
- vmware pex
- vmworld
- vulnerabilities
- waf
- wan optimization
- washington DC
- Wearables
- web based training
- web content
- web scraping
- webinar
- websafe
- whiteboard
- whitehat security
- whitepaper
- wi-fi
- windows
- words
- workplace
- wrap
- x-forwarded-for
- xenapp
- xml
- youtube
- zero day