"An unidentified nation-state hacking crew targeting vulnerable F5 products to break into US government networks poses an "imminent risk" to federal agencies, American cyber officials warned on Wednesday - while also blaming Democrats for the ongoing government shutdown and insisting that the staffing cuts haven't hurt cyber defenses at all. The US Cybersecurity and Infrastructure Agency (CISA) warning and related emergency directive followed a breach disclosure, during which security vendor F5"
"Neither F5 nor CISA has attributed the attack to a particular group or country, but Google's Mandiant threat hunters last year accused Chinese spies of exploiting a couple of critical-severity bugs in F5 BIG-IP products to sell access to compromised US defense organizations and UK government agencies. The emergency directive requires all US federal agencies to take inventory and update instances of F5's BIG-IP hardware"
An unidentified nation-state hacking crew exploited vulnerabilities in F5 BIG-IP products, posing an imminent risk to federal agencies and other organizations. F5 disclosed that government-backed attackers accessed its network and stole BIG-IP source code, undisclosed vulnerability details, and some customer configuration data, and released patches for 45 flaws. CISA issued an emergency directive requiring federal agencies to inventory and update BIG-IP instances by October 22. CISA and the UK's NCSC urged all F5 customers to apply patches immediately. Prior reports linked exploitation of critical BIG-IP bugs to groups selling access to compromised US defense and UK government networks.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]