Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all

Attackers are bypassing a mitigation for the BIG-IP TMUI RCE vulnerability (CVE-2020-5902) originally provided by F5 Networks, NCC Group’s Research and Intelligence Fusion Team has discovered. On CVE-2020-5902 (K52145254) @TeamAresSec reported publicly at 18:24 the mitigation could be bypassed, we saw it used in the wild at 12:39 for the first time – upgrade don’t mitigate – https://t.co/sSr4JIZwu3 pic.twitter.com/PMfG0rCpyQ — NCC Group Infosec (@NCCGroupInfosec) July 7, 2020 “Early data made available to us, as of … More

The post Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all appeared first on Help Net Security.

Continue reading Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all

F5 Silverline Shape Defense: Protecting websites from the rising tide of fake internet traffic

F5 unveiled Silverline Shape Defense, a security solution that protects websites from the rising tide of fake internet traffic. With this new fully managed service, customers can better focus on their users and safeguard businesses against bots, creden… Continue reading F5 Silverline Shape Defense: Protecting websites from the rising tide of fake internet traffic

Cyber Command backs ‘urgent’ patch for F5 security vulnerability

One of the largest providers of enterprise networking equipment in the world, F5 Networks, has issued a security fix for a major vulnerability that, if exploited, could result in a “complete system compromise.” F5’s BIG-IP is among the most popular networking gear in use today, with adoption through government networks, internet service providers, and cloud computing data centers. If security administrators fail to patch the new vulnerability, though, attackers could wreak havoc on their systems, according to a information security specialists. Mikhail Klyuchnikov, the senior web application security researcher at Positive Technologies who uncovered the flaw, estimated that there are approximately 8,000 vulnerable devices exposed to the internet. The remote code execution vulnerability, called CVE-2020-5902, affects the BIG-IP products’ Traffic Management User Interface (TMIU), which can function as load balancers, firewalls, rate limiters, and web traffic shaping systems. Attackers who exploit the weakness can execute arbitrary system commands, create files, delete files, or disable services, according to […]

The post Cyber Command backs ‘urgent’ patch for F5 security vulnerability appeared first on CyberScoop.

Continue reading Cyber Command backs ‘urgent’ patch for F5 security vulnerability

Attackers are breaching F5 BIG-IP devices, check whether you’ve been hit

Attackers are actively trying to exploit CVE-2020-5902, a critical vulnerability affecting F5 Networks‘ BIG-IP multi-purpose networking devices, to install coin-miners, IoT malware, or to scrape administrator credentials from the hacked devices. … Continue reading Attackers are breaching F5 BIG-IP devices, check whether you’ve been hit

F5 delivers multi-cloud security solutions for apps, services

F5 introduced at RSA Conference 2020 its customer-focused approach to Application Protection, bolstered by new offerings and the company’s recent acquisition of Shape Security. Informed by customer use cases, prominent industry attack practices, and th… Continue reading F5 delivers multi-cloud security solutions for apps, services

IT and business process automation growing with cloud architectures

Many organizations are starting to realize the benefits of increased scale and velocity of application deployment in their businesses, according to F5 Networks. This value, however, can bring significant complexity as organizations maintain legacy infr… Continue reading IT and business process automation growing with cloud architectures

F5’s NGINX Controller enhanced with configuration API, self-service, and app-centric capabilities

F5 Networks introduced NGINX Controller 3.0, a cloud-native application delivery solution to help organizations increase business agility, mitigate risk, and enhance their customers’ digital experiences. Built to unleash productivity and efficiency, th… Continue reading F5’s NGINX Controller enhanced with configuration API, self-service, and app-centric capabilities