CISA confirms hackers are exploiting F5 flaw on federal and private networks

Written by Sean Lyngaas

The Department of Homeland Security’s cybersecurity division said Friday it had responded to at least two hacking incidents at U.S. government and private-sector organizations that exploited a critical vulnerability in enterprise software to take control of the victim’s computer systems.

DHS’s Cybersecurity and Infrastructure Security Agency said the unidentified malicious hackers had for weeks been scanning federal agencies’ networks for a flaw in a popular software made by F5 Networks, which was revealed earlier this month. CISA said it was working with multiple sectors to investigate possible breaches related to the vulnerability, with two compromises confirmed as of Friday.

The vulnerability allows hackers to execute code remotely on target systems, opening up a pathway to deleting files or disabling services. Hackers will continue to exploit the bug, CISA warned. The agency “strongly urg[ed] users and administrators to upgrade their software to the fixed versions.”

The disclosure shows how, once a high-profile software flaw is revealed, the race is on between hackers eager to exploit it and organizations trying to fortify their defenses. In this case, there were confirmed breaches within days of F5 releasing a fix for the flaw, according to CISA.

“If you didn’t patch by this morning, assume [you are] compromised,” CISA Director Chris Krebs said in early July when the F5 vulnerability was revealed.

It has been a torrid few weeks for critical bugs in widely used software. On July 14, researchers revealed a vulnerability in applications made by software giant SAP could affect up to 40,000 SAP customers. In late June, CISA and U.S. Cyber Command urged users to address a vulnerability in another popular operating system on firewalls and corporate virtual private network products.

Source link

Recent articles

Ohio Governor Says His Flawed Virus Test Shouldn’t Undercut New, Rapid Methods

Gov. Mike DeWine of Ohio, who last week tested positive for the coronavirus, then negative and then negative again, said on CNN on...

Egypt extends detention of Al Jazeera journalist Mahmoud Hussein | News

Egyptian authorities have extended the detention of Al Jazeera journalist Mahmoud Hussein by another 45 days. The extension on Sunday came more than 1,300...

Created with Blender 2.8: ‘Take on me’ cover: Arrangement for Flute orchestras

PiDi writes: 'Take on me' cover: Arrangement for Flute orchestras (Cover) Similar to the original video, it looks like a comic book. All image effects were...

Looks Like AT&T Cancelled Plans for WB Interactive Sale

Following months of reports about its sale, Warner Bros. Interactive Entertainment seems to be resting safely with AT&T for now, if comments by...

Leave a reply

Please enter your comment!
Please enter your name here