Security News > 2023 > November > Hackers exploit recent F5 BIG-IP flaws in stealthy attacks
2023-11-01 14:52
F5 is warning BIG-IP admins that devices are being breached by "Skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution.
F5 has observed threat actors using the two flaws in combination, so even applying the mitigation for CVE-2023-46747 could be enough to stop most attacks.
F5 fixes BIG-IP auth bypass allowing remote code execution attacks.
Roid October security update fixes zero-days exploited in attacks.
Hackers exploit MinIO storage system to breach corporate networks.
Critical RCE flaws found in SolarWinds access audit solution.
News URL
Related news
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-46747 | Missing Authentication for Critical Function vulnerability in F5 products Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 9.8 |