F5 Labs

Risk assessments are a key part of a security program, but their execution and format are highly variable. Regulators can sanction organizations that perform improper or inadequate risk assessments.

Information modeling blends lateral thinking and deductive logic. Applied to information security, it’s a powerful technique for designing a security architecture with multi-dimensional controls that minimizes risk and achieves continuous compliance.

New information sheds light on Sabu’s activities following the revelation of his identity.

When you feel like you’re losing the security battle, try one, a few, or all of these tips to re-invigorate your program and stay on a positive track.

Even URLs that look legitimate can be fake, so train, train, train your users to verify links before they click.

Your company could lose hundreds of thousands in an impersonation scam, but here are eight things you can do to protect yourself.

Notorious hacker of Anonymous and LulzSec fame is challenged by rival hacker, The Jester, to reveal his identity.

Cyberstalking will rise as hacking tools become more powerful and easier to use, but there’s much you can do to help protect victims.

Readily available hacking tools provide new ways for civil disobedience groups to antagonize their targets anonymously.

Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.

Yes, the perimeter has shifted, but firewalls still have a place in your network. They’re just not alone anymore.

The virtual kidnapping scam is on the rise because of the excessive amount of personal information people volunteer on social media.

Board level interest in your cyber risk posture is growing, in fact it might be required soon for publicly traded companies. Presenting cyber risk to your board – effectively – means talking in their terms.

A common infection vector used by botnet creators is scanning the Internet for web vulnerabilities to exploit for malware or back doors. The advantage of hitting servers over personal consumer devices is the ability to leverage powerful hardware that is...

Purchasing cyber insurance can be useful, but claims are often denied due to policy exclusions or lapses in controls.

Organizations who outsource need to measure the risk of entrusting their data to someone else. They aren’t easy or cheap, but audits are really the best tool we have

Defensive deception works well, but needs championing before we’ll see it as a best practice or compliance requirement.

Since the Internet can’t survive without DNS, let’s make our best effort to defend it.

If you’re running Apache Struts 2 and the vulnerable component, stop reading and update now.

Security awareness training can significantly curb users' dissemination of fake news.