Security News

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

A hacking group believed to be linked to the Iranian government was observed targeting a critical vulnerability that F5 Networks addressed in its BIG-IP application delivery controller in early July. Tracked as CVE-2020-5902 and featuring a CVSS score of 10, the vulnerability allows remote attackers to take complete control of a targeted system.

About 8,000 users of F5 Networks' BIG-IP family of networking devices are still vulnerable to full system access and remote code-execution, despite a patch for a critical flaw being available for two weeks. Public exploits were made available for it, leading to mass scanning for vulnerable devices by attackers, and ultimately active exploits.

Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. According to Mikhail Klyuchnikov, a security researcher at Positive Technologies who discovered the flaw and reported it to F5 Networks, the issue resides in a configuration utility called Traffic Management User Interface for BIG-IP application delivery controller.

Attackers are probing Citrix controllers and gateways through recently patched flawsSANS ISC's Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on his F5 BigIP honeypot. Exposing the privacy risks of home security camerasAn international study has used data from a major provider of home IP security cameras to evaluate potential privacy risks for users.

Security experts are urging companies to deploy an urgent patch for a critical vulnerability in F5 Networks' networking devices, which is being actively exploited by attackers to scrape credentials, launch malware and more. Last week, F5 Networks issued urgent patches for the critical remote code-execution flaw, which has a CVSS score of 10 out of 10.

Attackers are actively trying to exploit CVE-2020-5902, a critical vulnerability affecting F5 Networks' BIG-IP multi-purpose networking devices, to install coin-miners, IoT malware, or to scrape administrator credentials from the hacked devices. CVE-2020-5902 is a critical remote code execution vulnerability in the configuration interface of BIG-IP devices used by some of the world's biggest companies.

Exploit code for a nasty vulnerability in F5 Networks' BIG-IP application delivery controllers is now doing the rounds, so make sure you're all patched up. Now exploit code is being merged into the Metasploit framework for anyone to use, and proof-of-concept code to extract files or execute arbitrary commands, which neatly fits into a tweet, is being shared all over the web.... F5 Big-IP CVE-2020-5902 LFI and RCE. LFI https:///tmui/login.

Network administrators are urged to patch their F5 BIG-IP application delivery controllers following the disclosure of a pair of critical remote takeover bugs. The flaws in question, CVE-2020-5902 and CVE-2020-5903, lie within in a configuration tool known as the Traffic Management User Interface.

Critical and high-severity vulnerabilities discovered by researchers in F5 Networks' BIG-IP application delivery controller allow a remote attacker to take complete control of the targeted system. The vulnerabilities were identified by researchers at cybersecurity firm Positive Technologies, which disclosed its findings this week after the vendor released advisories and announced the availability of patches.