CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. [CISA Cybersecurity Alerts]
Podcast |
CyberWire Daily
Publisher |
The CyberWire
Media Type |
audio
Podknife tags |
Cybersecurity
Tech News
Technology
Categories Via RSS |
Daily News
News
Tech News
Technology
Publication Date |
May 19, 2022
Episode Duration |
00:03:20
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP.  AA22-138A Alert, Technical Details, and Mitigations F5 Security Advisory K23605346 and indicators of compromise F5 guidance K11438344 for remediating a compromise Emerging Threats suricata signatures Palo Alto Networks Unit 42 Threat Brief: CVE-2022-1388. This brief includes indicators of compromise.  Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical F5 BIG-IP Vulnerability. This blog includes indicators of compromise. Note: due to the urgency to share this information, CISA and MS-ISAC have not yet validated this content. Randori’s bash script. This script can be used to identify vulnerable instances of BIG-IP. Note: MS-ISAC has verified this bash script identifies vulnerable instances of BIG-IP.  All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP.  AA22-138A Alert, Technical Details, and Mitigations F5 Security Advisory K23605346 and indicators of compromise F5 guidance K11438344 for remediating a compromise Emerging Threats suricata signatures Palo Alto Networks Unit 42 Threat Brief: CVE-2022-1388. This brief includes indicators of compromise.  Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical F5 BIG-IP Vulnerability. This blog includes indicators of compromise. Note: due to the urgency to share this information, CISA and MS-ISAC have not yet validated this content. Randori’s bash script. This script can be used to identify vulnerable instances of BIG-IP. Note: MS-ISAC has verified this bash script identifies vulnerable instances of BIG-IP.  All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP. 

AA22-138A Alert, Technical Details, and Mitigations

F5 Security Advisory K23605346 and indicators of compromise

F5 guidance K11438344 for remediating a compromise

all.rules">Emerging Threats suricata signatures

Palo Alto Networks Unit 42 Threat Brief: CVE-2022-1388. This brief includes indicators of compromise. 

advisory-critical-f5-big-ip-vuln.html">Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical F5 BIG-IP Vulnerability. This blog includes indicators of compromise. Note: due to the urgency to share this information, CISA and MS-ISAC have not yet validated this content.

Randori’s bash script. This script can be used to identify vulnerable instances of BIG-IP. Note: MS-ISAC has verified this bash script identifies vulnerable instances of BIG-IP. 

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

Learn more about your ad choices. Visit megaphone.fm/adchoices

This episode currently has no reviews.

Submit Review
This episode could use a review!

This episode could use a review! Have anything to say about it? Share your thoughts using the button below.

Submit Review