• chevron_right

      2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms

      news.movim.eu / ArsTechnica · Wednesday, 18 May, 2022 - 22:58

    2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms

    Enlarge (credit: Getty Images)

    Malicious hackers, some believed to be state-backed, are actively exploiting two unrelated vulnerabilities—both with severity ratings of 9.8 out of a possible 10—in hopes of infecting sensitive enterprise networks with backdoors, botnet software, and other forms of malware.

    The ongoing attacks target unpatched versions of multiple product lines from VMware and of BIG-IP software from F5, security researchers said. Both vulnerabilities give attackers the ability to remotely execute malicious code or commands that run with unfettered root system privileges. The largely uncoordinated exploits appear to be malicious, as opposed to benign scans that attempt to identify vulnerable servers and quantify their number.

    First up: VMware

    On April 6, VMware disclosed and patched a remote code execution vulnerability tracked as CVE-2022-22954 and a privilege escalation flaw tracked as CVE-2022-22960. According to an advisory published on Wednesday by the Cybersecurity and Infrastructure Security Agency, “malicious cyber actors were able to reverse engineer the updates to develop an exploit within 48 hours and quickly began exploiting the disclosed vulnerabilities in unpatched devices.”

    Read 12 remaining paragraphs | Comments

    • chevron_right

      Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating

      news.movim.eu / ArsTechnica · Monday, 9 May, 2022 - 20:46

    Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating

    Enlarge

    Researchers are marveling at the scope and magnitude of a vulnerability that hackers are actively exploiting to take full control of network devices that run on some of the world's biggest and most sensitive networks.

    The vulnerability, which carries a 9.8 severity rating out of a possible 10, affects F5’s BIG-IP, a line of appliances that organizations use as load balancers, firewalls, and for inspection and encryption of data passing into and out of networks. There are more than 16,000 instances of the gear discoverable online, and F5 says it’s used by 48 of the Fortune 50. Given BIG-IP's proximity to network edges and their functions as devices that manage traffic for web servers, they often are in a position to see decrypted contents of HTTPS-protected traffic.

    Last week, F5 disclosed and patched a BIG-IP vulnerability that hackers can exploit to execute commands that run with root system privileges. The threat stems from a faulty authentication implementation of the iControl REST , a set of web-based programming interfaces for configuring and managing BIG-IP devices.

    Read 5 remaining paragraphs | Comments