Security News

A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux...

The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. In November, a new data wiper called BiBi Wiper was discovered that targeted both Linux and Windows devices and is believed to have been created by pro-Hamas hacktivists.

The cybersecurity biz confirmed in an update to its advisory for CVE-2023-46747 that it has evidence of active exploitation in the wild, less than five days after the initial limited-detail research was published by Praetorian. This critical Apache JServ Protocol smuggling vulnerability was what attracted much of the attention to F5's BIG-IP configuration utility last week.

F5 is warning BIG-IP admins that devices are being breached by "Skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution. F5 has observed threat actors using the two flaws in combination, so even applying the mitigation for CVE-2023-46747 could be enough to stop most attacks.

F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure that could result in the execution of arbitrary system commands as part of an...

F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability that could lead to unauthenticated remote code execution. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands," F5 confirmed.

F5 has issued a fix for a remote code execution bug in its BIG-IP suite carrying a near-maximum severity score. Researchers at Praetorian first discovered the authentication bypass flaw in BIG-IP's configuration utility and published their findings this week of what is the third major RCE bug to impact BIG-IP since 2020.

A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution."This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands," reads F5's security bulletin.

F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component,...

Experts from security firm F5 have argued that cyber criminals are unlikely to send new armies of generative AI-driven bots into battle with enterprise security defences in the near future because proven social engineering attack methods will be easier to mount using generative AI. The release of generative AI tools, such as ChatGPT, have caused widespread fears that democratization of powerful large language models could help bad actors around the world supercharge their efforts to hack businesses and steal or hold sensitive data hostage. F5, a multicloud security and application delivery provider, tells TechRepublic that generative AI will result in a growth in social engineering attack volumes and capacity in Australia, as threat actors deliver a higher volume of better quality attacks to trick IT gatekeepers.