Attackers exploiting unpatched F5 BIG-IP devices

By

Crypto miners and webshells dropped.

A critical vulnerability in F5 data centre and enterprise network products that was revealed on July 1 this year is being actively exploited remotely, security researchers have observed.

Attackers exploiting unpatched F5 BIG-IP devices

Security vendor NCCGroup's Research and Intelligence Fusion Team (RIFT) has monitored the exploits since July 3 when it saw the first attacks, 

Threat actors are dropping Monero crypto-currency miner malware, webshells that can be used as remote attack platforms, and other more complex payloads.

If administrators were slow to patch, it is likely that their devices have already been hacked.

A patch against the vulnerability is available but NCCGroup advised that F5 customers that patched after July 4 US time should "assume compromise and conduct a forensic examination of the server."

The same goes for sites that applied mitigations after July 4 US time; these should check for signs of exploitation before log files are rotated and the data in them is overwritten.

The flaw lies in the Traffic Management User Interface configuration utility which does not properly implement access controls.

Just days after security vendor Positive Technologies discovered the flaw, a simple, one-line exploit for it was made public and did the rounds on social media.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?