美诱直播

The Cybersecurity & Infrastructure Security Agency (CISA) published alerting that a nation-state affiliated cyber threat actor has compromised F5’s systems and exfiltrated files, which included portion of its BIG-IP source code and vulnerability information. The threat actor’s access to F5’s proprietary source code could provide them with technical advantage to exploit F5 devices and software. This exposure impacts the following F5 products:

• Hardware: BIG-IP iSeries, rSeries, or any other F5 device that has reached end of support.
• Software: All devices running BIG-IP (F5OS), BIG-IP (TMOS), Virtual Edition (VE), BIG-IP Next, BIG-IQ, and BIG-IP Next for Kubernetes (BNK)/Cloud-Native Network Functions (CNF)

The cyber threat actor presents an imminent threat to a company’s network by exploiting vulnerable F5 devices and software. Successful exploitation can expose embedded credentials and API keys, enabling lateral movement, data exfiltration, persistent access, and potentially a full compromise of the target information system. Immediate action is required to mitigate this significant security risk.

Mitigation Actions

• Patch and monitor – Immediately install the latest updates for BIG?IP, F5OS, BIG?IP?Next, BIG?IQ and APM clients, and enable BIG?IP event streaming to feed logs into your SIEM for real?time visibility of admin logins, failed authentications and configuration changes.
• Harden and validate – Follow F5’s hardening best?practice guide and run the automated checks in the iHealth Diagnostic Tool to identify gaps; use the threat?hunting guide to improve detection and monitoring of suspicious activity in your environment.
• Get support – Open a MyF5 support case or contact F5 directly for assistance with patching, hardening, SIEM integration, or any questions.???????????

Additional guidance:

• – Vendor Alert and Mitigation Recommendations

Recommended Mitigation Actions:
To address these vulnerabilities and enhance the security of your systems, we strongly recommend that you take the following actions:

• Review and immediately apply vendor recommended mitigations provided .
• Patch systems with the latest software updates to address the vulnerability.

Securing the defense industrial base is a team sport. Consider joining the National Defense Information Sharing and Analysis Center (ND-ISAC) to better understand the latest threats.

• ND-ISAC is the official ISAC for the DIB Critical Infrastructure Sector recognized by DOD and DHS. The ND-ISAC is a private sector self-organized and self-governing entity and a trusted partner providing exceptional technical solutions and support to its members. Email ND-ISAC to contact the team or visit ND-ISAC’s public-facing website.