Security News

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation comes on the heels of a proof-of-concept exploit code that surfaced online earlier this week by reverse-engineering the Java software patch in BIG-IP. The mass scans are said to have spiked since March 18.

The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning system. Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs an "Unsafe deserialization" as an attack vector to permit unauthorized remote attackers to execute arbitrary code on a server directly.

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported to the MyBB Team on February 22, following which it released an update on March 10 addressing the issues.

Attackers are exploiting a recently-patched, critical vulnerability in F5 devices that have not yet been updated. The unauthenticated remote command execution flaw exists in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure, and could allow attackers to take full control over a vulnerable system.

On Thursday, cybersecurity firm NCC Group said that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices. The security vulnerability these attackers attempt to exploit is an unauthenticated remote command execution tracked as CVE-2021-22986, and it affects most F5 BIG-IP and BIG-IQ software versions.

With this acquisition, SailPoint unites identity security with separation of duties access controls monitoring for an organization's most critical applications, like SAP. This integrated approach addresses the growing risk of over-permissioned, excessive or conflicting access to business-critical systems and the sensitive financial, business and operational data within. "ERP Maestro brings an experienced team with a rich heritage in ERP-focused audit and compliance, coupled with a SaaS access control solution that will help us to extend identity security to wrap in SoD monitoring and access controls for our customers' most critical systems, including SAP and others," said Grady Summers, SailPoint's EVP of Products.

Authors of a new botnet are targeting connected devices affected by critical-level vulnerabilities, some of them impacting network security devices. Successfully compromised devices end up with a variant of the Mirai botnet malware specific to the architecture of the device.

The first "Quad summit" of leaders from Australia, India, Japan, and the USA has announced the group will create a "Critical and Emerging Technology Working Group". The joint "Spirit of the Quad" statment said the group will: "Respond to the economic and health impacts of COVID-19, combat climate change, and address shared challenges, including in cyber space, critical technologies, counterterrorism, quality infrastructure investment, and humanitarian-assistance and disaster-relief as well as maritime domains."

Critical security vulnerabilities in Schneider Electric smart meters could allow an attacker a path to remote code execution, or to reboot the meter causing a denial-of-service condition on the device. Schneider Electric's PowerLogic ION/PM smart meter product line, like other smart meters, is used by consumers in their homes, but also by utility companies that deploy these meters in order to monitor and bill customers for their services.

On Wednesday, shortly after security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier this month, GitHub, which is owned by Microsoft, removed code, to the alarm of security researchers. The bug, referred to as ProxyLogon, was one of four Microsoft Exchange zero-days that Microsoft patched in an out-of-band release on March 3, 2021.