Security News

Researchers uncover URL spoofing flaws on Zoom, Box, Google DocsResearchers have discovered several URL spoofing bugs in Box, Zoom and Google Docs that would allow phishers to generate links to malicious content and make it look like it's hosted by an organization's SaaS account. A 10-point plan to improve the security of open source softwareThe Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a 10-point plan to broadly address open source and software supply chain security, by securing open source security production, improving vulnerability discovery and remediation, and shortening the patching response time of the ecosystem.

The U.S. Cybersecurity and Infrastructure Security Agency has added the recently disclosed F5 BIG-IP flaw to its Known Exploited Vulnerabilities Catalog following reports of active abuse in the wild. "An attacker can use this vulnerability to do just about anything they want to on the vulnerable server," Horizon3.

The U.S. Cybersecurity and Infrastructure Security Agency has added a new security vulnerability to its list of actively exploited bugs, the critical severity CVE-2022-1388 affecting BIG-IP network devices. After info F5 BIG-IP exploits used in attacks to brick devices surfaced, CISA added the flaw to the Known Exploited Vulnerabilities Catalog.

A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable. Last week, F5 disclosed a vulnerability tracked as CVE-2022-1388 that allows remote attackers to execute commands on BIG-IP network devices as 'root' without authentication.

A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable. Last week, F5 disclosed a vulnerability tracked as CVE-2022-1388 that allows remote attackers to execute commands on BIG-IP network devices as 'root' without authentication.

Threat actors have started exploiting a critical bug in the application service provider F5's BIG-IP modules after a working exploit of the vulnerability was publicly made available. A shodan query shared by security researcher Jacob Baines revealed thousands of exposed BIG-IP systems on the internet, which an attacker can leverage to exploit remotely.

Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, security researchers are warning that they were able to create an exploit for the shortcoming. The critical security vulnerability impacts the following versions of BIG-IP products -.

Threat actors have started massively exploiting the critical vulnerability tracked as CVE-2022-1388, which affects multiple versions of all F5 BIG-IP modules, to drop malicious payloads. F5 last week released patches for the security issue, which affects the BIG-IP iControl REST authentication component.

Threat actors have started massively exploiting the critical vulnerability tracked as CVE-2022-1388, which affects multiple versions of all F5 BIG-IP modules, to drop malicious payloads. F5 last week released patches for the security issue, which affects the BIG-IP iControl REST authentication component.

Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. We have reproduced the fresh CVE-2022-1388 in F5's BIG-IP. Successful exploitation could lead to RCE from an unauthenticated user.