Security News

F5 Releases Critical Security Patch for BIG-IP and BIG-IQ Devices
2021-08-27 00:48

Enterprise security and network appliance vendor F5 has released patches for more than two dozen security vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ devices that could potentially allow an attacker to perform a wide range of malicious actions, including accessing arbitrary files, escalating privileges, and executing JavaScript code. Chief among them is CVE-2021-23031, a vulnerability affecting BIG-IP Advanced Web Application Firewall and BIG-IP Application Security Manager that allows an authenticated user to perform a privilege escalation.

F5 Releases Critical Security Patch for BIG-IP and BIG-IQ Devices
2021-08-27 00:48

Enterprise security and network appliance vendor F5 has released patches for more than two dozen security vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ devices that could potentially allow an attacker to perform a wide range of malicious actions, including accessing arbitrary files, escalating privileges, and executing JavaScript code. Chief among them is CVE-2021-23031, a vulnerability affecting BIG-IP Advanced Web Application Firewall and BIG-IP Application Security Manager that allows an authenticated user to perform a privilege escalation.

F5 Bug Could Lead to Complete System Takeover
2021-08-26 16:40

Application delivery and networking firm F5 released a baker's dozen of 13 fixes for high-severity bugs, including one that could lead to complete system takeover and hence is boosted to "Critical" for customers in "Especially sensitive sectors." F5 - maker of near-ubiquitously installed enterprise networking gear - released nearly 30 vulnerabilities for multiple devices in its August security updates.

Critical F5 BIG-IP bug impacts customers in sensitive sectors
2021-08-25 18:58

BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions. The issues are part of this month's delivery of security updates, which addresses almost 30 vulnerabilities for multiple F5 devices.

F5 Big-IP Vulnerable to Security-Bypass Bug
2021-04-29 20:04

F5 Networks' Big-IP Application Delivery Services appliance contains a Key Distribution Center spoofing vulnerability, researchers disclosed - which an attacker could use to get past the security measures that protect sensitive workloads. In some cases, the bug can be used to bypass authentication to the Big-IP admin console as well, they added.

Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks
2021-04-29 15:04

F5 Networks this week released patches to address an authentication bypass vulnerability affecting BIG-IP Access Policy Manager, but fixes are not available for all impacted versions. Tracked as CVE-2021-23008, the high-severity vulnerability allows for the bypass of BIG-IP APM AD authentication if the attacker can hijack a Kerberos KDC connection using a spoofed AS-REP. Authentication bypass is also possible from an AD server that the attacker has already compromised, F5 explains.

F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability
2021-04-28 19:35

Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability in the Kerberos Key Distribution Center security feature impacting F5 Big-IP application delivery services. "The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to Big-IP Access Policy Manager, bypass security policies and gain unfettered access to sensitive workloads," Silverfort researchers Yaron Kassner and Rotem Zach said in a report.

F5 enhances its application security portfolio to help protect customers against fraud and evolving threats
2021-04-22 00:00

F5 announced enhancements to its application security portfolio. "To help today's customers succeed, security must be native to applications and APIs, continuous, applied in real time, and powered by data and AI.".

F5 appoints two senior executives to boost business transformation and cybersecurity
2021-03-22 23:15

F5 announced the appointment of two senior executives as the company bolsters its focus on customer success, business transformation, and cybersecurity. Yvette Smith joins the company today as Senior Vice President of Customer Success and Business Transformation, where she will lead a newly formed group combining both functions and multiple other teams into a single organization committed to delighting customers.

Researchers Raise Alarm for F5 BIG-IP Malware Attacks
2021-03-22 14:00

The urgency to patch gaping security holes in F5 Networks BIG-IP and BIG-IQ products escalated over the weekend after researchers spotted malicious in-the-wild attack activity. Malware hunters at U.K.-based NCC Group are raising the alarm for mass scanning and "Multiple exploitation attempts" with exploits targeting critical security flaws in the F5 enterprise networking infrastructure products.