Security News > 2022 > May

F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. The vulnerability is tracked as CVE-2022-1388 and has a CVSS v3 severity rating of 9.8, categorized as critical. According to F5's security advisory, the flaw lies in the iControl REST component and allows a malicious actor to send undisclosed requests to bypass the iControl REST authentication in BIG-IP. Due to the severity of the vulnerability and the widespread deployment of BIG-IP products in critical environments, CISA has also issued an alert today.

Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software that could permit an attacker to fully compromise and take control over the hosts. The networking equipment company said the flaws affect Cisco Enterprise NFVIS in the default configuration.

Two of them, rated critical and high severity, can be exploited by attackers to run commands with root privileges or to escape the guest virtual machine and fully compromise NFVIS hosts. CVE-2022-20777 is caused by insufficient guest restrictions and allows authenticated attackers to escape the guest VM and gain root-level access to the host in low complexity attacks without requiring user interaction.

How to install the NordLayer VPN client on Linux and connect it to a virtual network We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. NordLayer VPN is a VPN-based network security solution that can serve just about any sized business and allows admins to manage connections from a remote, web-based dashboard.

Cloud security and application delivery network provider F5 on Wednesday released patches to contain 43 bugs spanning its products. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 said in an advisory.

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. The findings follow disclosures that a China-linked government-sponsored threat actor known as Mustang Panda may have been targeting Russian government officials with an updated version of a remote access trojan called PlugX. Another set of phishing attacks involved APT28 hackers targeting Ukrainian users with a.NET malware that's capable of stealing cookies and passwords from Chrome, Edge and Firefox browsers.

Ideally, Google wouldn't split the monthly updates apart in this fashion, but would provide a single, unified set of patches and expect all vendors of Android devices to get up-to-date as soon as possible. As the company admits in its bulletins, there are "Two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly."

Users on Pixiv, DeviantArt, and other creator-oriented online platforms report receiving multiple messages from people claiming to be from the "Cyberpunk Ape Executives" NFT project, with the main goal to infect artists' devices with information-stealing malware. As reported by Malwarebytes, threat actors are targeting artists with offers to work with the people behind the project and design a new set of characters to expand the collection with new NFTs, offering compensation of up to $350 per day.

For about half a year, work email accounts belonging to over 100 employees of the National Health System in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins. Attackers started using legitimate NHS email accounts in October last year after hijacking them and continued to use them in phishing activity through at least April 2022.

Salesforce-owned Heroku is performing a forced password reset on a subset of user accounts in response to last month's security incident while providing no information as to why they are doing so other than vaguely mentioning it is to further secure accounts. Last night, some Heroku users began receiving emails titled 'Heroku security notification - resetting user account passwords on May 4, 2022' stating that passwords would be forcibly reset today in response to last month's security incident.