F5 Labs

@[email protected]
49 Followers
24 Following
29 Posts
We process application threat data from F5 and our partners into actionable intelligence. We analyze and share information to benefit the security community.
F5 LabsApr 17, 2023
Tikka Nagi is back as your editor for This Week's, This Week in Security. A lot has happened in the past week and he starts with the biggest story of the Discord Leaks, plus SwaaS: Swatting as a Service and the OpenAI Bug Bounty Program. @F5 SIRT. https://community.f5.com/t5/technical-articles/us-intelligence-leaks-swaas-and-openai-bug-bounty-april-8th-14th/ta-p/313812
US Intelligence Leaks, SwaaS, and OpenAI bug bounty - April 8th - 14th - This Week in Security

  Tikka is back as your editor for this week in security. A lot has happened in the past week and I will start with the biggest story of Discord Leaks. US Intelligence Leaks   A recent leak of sensitive U.S. defense documents that originated from the messaging platform Discord and eventually found ...

DevCentral - an F5 Community
F5 LabsApr 17, 2023
Search our Extensive Threat Research for the latest trends. Check it out! https://www.f5.com/labs
F5 Labs

Secure your applications by making informed decisions with the latest threat research from F5 Labs. Designed for cyber security professionals of all levels.

F5 Labs
F5 LabsApr 13, 2023
HTTP Request Smuggling is a big topic if we want to discuss all the many ways it can be exploited. @aaronjb gives you a primer on HTTP Request Smuggling, What it is, How to find it and How to stop it. https://community.f5.com/t5/technical-articles/http-request-smuggling-what-it-is-how-to-find-it-and-how-to-stop/ta-p/312537
HTTP Request Smuggling, what it is, how to find it and how to stop it

This is a complex topic filled with nuance and... wait, that will put you all off. Let me start again:   HTTP Request Smuggling is a big topic if we want to discuss all the many ways it can be exploited, but if we stick to first principles it can be broken down quite simply and that’s what I’d like ...

DevCentral - an F5 Community
F5 LabsApr 13, 2023
We've had quite a flurry of look-alike vulnerabilities recently around how various frameworks parse input. @aaronjb wants you to Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise https://community.f5.com/t5/technical-articles/beware-your-logs-how-blocked-log4shell-spring4shell-etc-requests/ta-p/305384
Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

We've had quite a flurry of look-alike vulnerabilities recently - log4shell, Spring4Shell, Apache Commons Configuration CVE-2022-33980 - all of which center around how various frameworks parse input and allow the input to be considered executable code. In the case of log4shell the impact was quickly...

DevCentral - an F5 Community
F5 LabsApr 12, 2023
#AI algorithms can be smart enough to understand how to analyze all possible vectors of attack, select the best option, execute successfully, and remain undetected. Learn more: https://www.f5.com/labs/articles/cisotociso/ai-powered-cyber-attacks
AI-powered Cyber Attacks

AI and Machine Learning can find the optimal cyberattack strategy by analyzing all possible vectors of attack.

F5 Labs
F5 LabsApr 4, 2023
We are excited to announce that F5 Labs is now a data partner to FIRST’s Exploit Prediction Scoring System! Learn how EPSS works, why it’s important, and how we fit into the picture. Sander Vinberg explains https://www.f5.com/labs/articles/cisotociso/f5-labs-joins-the-exploit-prediction-scoring-system-as-a-data-partner
F5 Labs Joins the Exploit Prediction Scoring System as a Data Partner | F5 Labs

As of March we are contributing our vulnerability targeting intelligence to FIRST’s Exploit Prediction Scoring System.

F5 Labs
F5 LabsMar 28, 2023
The @F5 SIRT's Koichi Toriumi does a Detailed Introduction of #IDS and #WAF! https://community.f5.com/t5/technical-articles/introduction-of-ids-and-waf/ta-p/312065
Introduction of IDS and WAF

This is a beginner's guide of IDS and WAF. It explains the problem of Firewall and how the IDS and WAF covers those problems. To understand the merit of WAF, let’s discuss Firewall and IDS first. Firewall To protect from attack/intrude/breach/compromise via a network, Firewall is a key element of ne...

DevCentral - an F5 Community
F5 LabsMar 28, 2023
The @F5 SIRT's Koichi Toriumi does an Introduction of Incident Response! https://community.f5.com/t5/technical-articles/introduction-of-incident-response/ta-p/312042
Introduction of Incident Response

In this post, I am going to explain Incident Response. This is my personal opinion and does not reflect the views of F5. First I am going to discuss what the term "incident" means. Incident Here I discuss Computer Security incidents, or Information Security incidents. A security incident refers to, ...

DevCentral - an F5 Community
F5 LabsMar 27, 2023
Just as CVE-2020-8958 stops growing, a vuln in wi-fi cameras (CVE-2020-25078) explodes upwards in attacker popularity to keep the IoT pressure up. Patch those things and change your default passwords. #threatintel from @malcolmheath and Sander Vinberg. https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-february-2023
Sensor Intel Series: Top CVEs in February 2023 | F5 Labs

One IoT vulnerability stops growing, and another one starts. See what attackers are up to this month.

F5 Labs
F5 LabsMar 20, 2023
This is why you could not get your hands on the @playstation #PS5; F5 Labs deep dives into reseller bot attacks targeting the launch of the PS5 at a large US retailer. Tafara Muwandi, with contributions from David Warburton. https://www.f5.com/labs/articles/cisotociso/how-bots-ruined-the-playstation-5-launch-for-millions-of-gamers
How Bots Ruined the PlayStation 5 Launch for Millions of Gamers

A deep dive into a sustained attack by reseller bots aimed at snatching every available PlayStation 5 during the console's big launch at a large US retailer.

F5 Labs