F5 Labs

@[email protected]
49 Followers
24 Following
29 Posts
We process application threat data from F5 and our partners into actionable intelligence. We analyze and share information to benefit the security community.
F5 LabsApr 17, 2023
Tikka Nagi is back as your editor for This Week's, This Week in Security. A lot has happened in the past week and he starts with the biggest story of the Discord Leaks, plus SwaaS: Swatting as a Service and the OpenAI Bug Bounty Program. @F5 SIRT. https://community.f5.com/t5/technical-articles/us-intelligence-leaks-swaas-and-openai-bug-bounty-april-8th-14th/ta-p/313812
US Intelligence Leaks, SwaaS, and OpenAI bug bounty - April 8th - 14th - This Week in Security

  Tikka is back as your editor for this week in security. A lot has happened in the past week and I will start with the biggest story of Discord Leaks. US Intelligence Leaks   A recent leak of sensitive U.S. defense documents that originated from the messaging platform Discord and eventually found ...

DevCentral - an F5 Community
F5 LabsApr 17, 2023
Search our Extensive Threat Research for the latest trends. Check it out! https://www.f5.com/labs
F5 Labs

Secure your applications by making informed decisions with the latest threat research from F5 Labs. Designed for cyber security professionals of all levels.

F5 Labs
F5 LabsApr 14, 2023
F5 DevCentralApr 14, 2023
This week your editor is Dharminder for @F5 SIRT's This Week in Security! He looks at AI’s ability to crack passwords, Microsoft's Strike on Cybercriminals and the SFX backdoor. https://community.f5.com/t5/technical-articles/microsoft-s-strike-on-cybercriminals-and-sfx-backdoor-april-1st/ta-p/313396
Microsoft's Strike on Cybercriminals and SFX backdoor- April 1st-April 7th - This Week in Security

Hello Everyone, this week your editor is Dharminder. I am back again with another edition of This Week in Security, This week I have looked at a study on how fast AI powered tool can crack any password, hackers using SFX for stealthy backdoor and Microsoft's strike on cyber criminals.  We in F5 SIRT...

DevCentral - an F5 Community
F5 LabsApr 14, 2023
F5 DevCentralApr 14, 2023

@psilvas Buu Lam and @aubreykingf5 preview their visit to San Francisco for RSA Conference 2023 at the Moscone Center! Visit @f5 in #Booth #N5435

Info: https://www.f5.com/company/events/f5-at-rsa-conference-2023

F5 at RSA Conference 2023

F5 LabsApr 13, 2023
HTTP Request Smuggling is a big topic if we want to discuss all the many ways it can be exploited. @aaronjb gives you a primer on HTTP Request Smuggling, What it is, How to find it and How to stop it. https://community.f5.com/t5/technical-articles/http-request-smuggling-what-it-is-how-to-find-it-and-how-to-stop/ta-p/312537
HTTP Request Smuggling, what it is, how to find it and how to stop it

This is a complex topic filled with nuance and... wait, that will put you all off. Let me start again:   HTTP Request Smuggling is a big topic if we want to discuss all the many ways it can be exploited, but if we stick to first principles it can be broken down quite simply and that’s what I’d like ...

DevCentral - an F5 Community
F5 LabsApr 13, 2023
We've had quite a flurry of look-alike vulnerabilities recently around how various frameworks parse input. @aaronjb wants you to Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise https://community.f5.com/t5/technical-articles/beware-your-logs-how-blocked-log4shell-spring4shell-etc-requests/ta-p/305384
Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

We've had quite a flurry of look-alike vulnerabilities recently - log4shell, Spring4Shell, Apache Commons Configuration CVE-2022-33980 - all of which center around how various frameworks parse input and allow the input to be considered executable code. In the case of log4shell the impact was quickly...

DevCentral - an F5 Community
F5 LabsApr 12, 2023
#AI algorithms can be smart enough to understand how to analyze all possible vectors of attack, select the best option, execute successfully, and remain undetected. Learn more: https://www.f5.com/labs/articles/cisotociso/ai-powered-cyber-attacks
AI-powered Cyber Attacks

AI and Machine Learning can find the optimal cyberattack strategy by analyzing all possible vectors of attack.

F5 Labs
F5 LabsApr 11, 2023
F5 DevCentralApr 6, 2023
The Drift Episode 1 with Jason Rahm - Alerting on System Failover. Source Material: https://community.f5.com/t5/technical-forum/send-email-when-failover-ocurrs/td-p/299999
Send email when failover ocurrs

I want to implement a Script to send an email or SMS when a failover ocurrs, I have checked it and I think the best option is create it based on this command  egrep -i 'cmd_sod go standby|sys failover standby' /var/log/audit But I wondering if there is a better option, maybe some name in the alert ...

DevCentral - an F5 Community
F5 LabsApr 11, 2023
F5 DevCentralApr 6, 2023
In this episode of The Drift, Jason walks you through the CLI steps necessary to upgrade your @F5 BIG-IP devices.
F5 LabsApr 6, 2023
Special guest, Ben Edwards, from The @cyentiainst, joins Aubrey King, Aaron Brailsford and Sander Vinberg on This Month In Security for March, 2023. In addition to some of the latest security news, we focus on CVE, CVSS and the future of threat prediction research, plus we get to hear a tease on Ben and Sander's forthcoming RSA talk. https://youtu.be/cFj2Tzbu4r4
This Month In Security Episode 09: March, 2023 w/ Ben Edwards

YouTube