NCC Group – Page 2 – WindowsTechs.com

Hackers are exploiting new F5 bug in the wild

Posted on March 22, 2021 by Sean Lyngaas

That didn’t take long. Just days after enterprise IT provider F5 Networks disclosed critical vulnerabilities in its software, researchers say hackers have exploited one of the bugs in attempted intrusions. “Starting this week and especially in the last 24 hours … we have observed multiple exploitation attempts against our honeypot infrastructure,” researchers from security firm wrote in a blog post Thursday. The situation escalated over the weekend, with proof-of-concept exploits posted to Twitter that make it easier to take advantage of the bug. Government agencies and big corporations alike use the F5 software, known as BIG-IP, to manage data on their networks. The vulnerability documented by NCC Group could allow an attacker to execute code remotely on a system and delete data. It is one of a slew of BIG-IP flaws that F5 revealed on March 10. Security fixes are available. It was unclear whether the exploitation NCC Group observed went […]

The post Hackers are exploiting new F5 bug in the wild appeared first on CyberScoop.

Continue reading Hackers are exploiting new F5 bug in the wild→

Most decision makers plan to increase spending on cybersecurity this year

Posted on March 10, 2021 by Help Net Security

Budget cuts, redundancies, delays to cyber resilience projects and increased remote working in the last 12 months could all have increased organizations’ risk of a cyber attack in 2021, according to new research into cybersecurity decision makers from … Continue reading Most decision makers plan to increase spending on cybersecurity this year→

SonicWall issues patch for firmware zero-day used to attack the company and its customers

Posted on February 4, 2021 by Joe Warminsky

Network security company SonicWall is offering a patch for a serious bug in one of its product lines that had attracted public warnings from cybersecurity researchers over the past week. The patch fixes a flaw that had put the Silicon Valley firm in the headlines of late. SonicWall on Jan. 22 said attackers had exploited a zero-day vulnerability in its own products to gain access to its corporate network. Then, on Jan. 31, researchers from NCC Group then said the bug was being exploited elsewhere in the wild. The bug is in SonicWall’s line of SMA 100 mobile networking gear, which is designed to add a layer of security for companies that allow employees to use their own devices to access corporate networks. SonicWall said the vulnerability allowed hackers to gain administrator-level privileges and then subsequently use a remote-code execution (RCE) on networks. The patch, posted Wednesday, applies to the […]

The post SonicWall issues patch for firmware zero-day used to attack the company and its customers appeared first on CyberScoop.

Continue reading SonicWall issues patch for firmware zero-day used to attack the company and its customers→

Actively exploited SonicWall zero-day affects SMA 100 series appliances

Posted on February 2, 2021 by Zeljka Zorz

SonicWall has confirmed that the actively exploited zero-day vulnerability spotted by the NCC Group on Sunday affects its Secure Mobile Access (SMA) 100 series appliances. They firm did not outright state it, but it’s likely the same one “h… Continue reading Actively exploited SonicWall zero-day affects SMA 100 series appliances→

NCC Group Remediate: Providing remedial action and support to strenghten clients’ security postures

Posted on October 16, 2020 by Industry News

NCC Group has officially launched its new Remediate service, which provides immediate remedial action and long-term strategic support to strengthen organizations’ security postures and reduce their cyber risk. The global cyber security and risk m… Continue reading NCC Group Remediate: Providing remedial action and support to strenghten clients’ security postures→

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

Posted on July 28, 2020 by Ben Reardon

By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor attempts and/or succeeds in compr… Continue reading Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)→

Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all

Posted on July 8, 2020 by Zeljka Zorz

Attackers are bypassing a mitigation for the BIG-IP TMUI RCE vulnerability (CVE-2020-5902) originally provided by F5 Networks, NCC Group’s Research and Intelligence Fusion Team has discovered. On CVE-2020-5902 (K52145254) @TeamAresSec reported publicly at 18:24 the mitigation could be bypassed, we saw it used in the wild at 12:39 for the first time – upgrade don’t mitigate – https://t.co/sSr4JIZwu3 pic.twitter.com/PMfG0rCpyQ — NCC Group Infosec (@NCCGroupInfosec) July 7, 2020 “Early data made available to us, as of … More →

The post Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all appeared first on Help Net Security.

Continue reading Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all→

Cyber Command backs ‘urgent’ patch for F5 security vulnerability

Posted on July 6, 2020 by Shannon Vavra

One of the largest providers of enterprise networking equipment in the world, F5 Networks, has issued a security fix for a major vulnerability that, if exploited, could result in a “complete system compromise.” F5’s BIG-IP is among the most popular networking gear in use today, with adoption through government networks, internet service providers, and cloud computing data centers. If security administrators fail to patch the new vulnerability, though, attackers could wreak havoc on their systems, according to a information security specialists. Mikhail Klyuchnikov, the senior web application security researcher at Positive Technologies who uncovered the flaw, estimated that there are approximately 8,000 vulnerable devices exposed to the internet. The remote code execution vulnerability, called CVE-2020-5902, affects the BIG-IP products’ Traffic Management User Interface (TMIU), which can function as load balancers, firewalls, rate limiters, and web traffic shaping systems. Attackers who exploit the weakness can execute arbitrary system commands, create files, delete files, or disable services, according to […]

The post Cyber Command backs ‘urgent’ patch for F5 security vulnerability appeared first on CyberScoop.

Continue reading Cyber Command backs ‘urgent’ patch for F5 security vulnerability→

GitHub Security Lab aims to make open source software more secure

Posted on November 15, 2019 by Zeljka Zorz

GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab. “Our team will lead by example, dedicating full-time resources to finding and reporting vulnerabilities in … Continue reading GitHub Security Lab aims to make open source software more secure→

Operational Technology Cyber Security Alliance aims to tackle OT threats

Posted on October 22, 2019 by Industry News

Cyber attacks on critical and industrial infrastructure are on the rise, impacting operational reliability and business risk across all industries, including utilities, manufacturing and oil & gas. Threats to operational technology (OT) can disrup… Continue reading Operational Technology Cyber Security Alliance aims to tackle OT threats→