Make sure you’ve patched your F5 BIG-IP gear. Exploit code for scary bug pair is so trivial, it fits in a tweet
In Brief Exploit code for the pair of nasty vulnerabilities in F5 Networks’ BIG-IP application delivery controllers is now doing the rounds, so make sure you’re all patched up.
Miscreants are scanning the internet for machines to attack, judging from reports by infosec bods running honeypots. Any vulnerable kit facing the ‘net is likely to be probed at some point this week, if not already, to see if it can be hijacked.
The flaws in question, CVE-2020-5902 and CVE-2020-5903, lie within the controllers’ Traffic Management User Interface. Successful exploitation results in full admin control over the device.
Now exploit code is being merged into the Metasploit framework for anyone to use, and proof-of-concept code to extract files or execute arbitrary commands, which neatly fits into a tweet, is being shared all over the web…
F5 Big-IP CVE-2020-5902 LFI and RCE
LFI
https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
or /etc/hosts
or /config/bigip.licenseRCE
https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=whoamihttps://t.co/3Ete09oVP6 pic.twitter.com/zBAfdIZBa2— Jin Wook Kim (@wugeej) July 6, 2020
Folks are urged to patch their installations as soon as possible. Thousands of potentially vulnerable deployments are said to be facing the internet.
Uncle Sam sounds the alarm on Tor
The US government’s Cybersecurity Security and Infrastructure Security Agency has shared some insights into the Tor network, warning – for those who have been living under a rock – “cyber threat actors can use Tor software and network infrastructure for anonymity and obfuscation purposes to clandestinely conduct malicious cyber operations.”
Possible remediation ranges from issuing an outright block on both incoming and outgoing traffic from the IP address of all known Tor nodes, to simply collecting and keeping on hand a list of nodes so that they can be blocked as needed.
DDoS attacks soaring amid lockdown
A report from distributed denial-of-service (DDoS) defense company NexusGuard reckons that over the past quarter DDoS attacks have risen 542 per cent. The reason given for the surge is pretty simple: with everyone under lockdown, miscreants have nothing else to do.
The data, based on NexusGuard’s own work with its customers, also shows network flooding are growing smaller in scope: attackers are sending lower volumes of traffic through each botnet machine in order to prevent ISPs from spotting their actions.
VPN SDK bug detailed
Bug hunter 0xSha has unearthed an annoying hole in a software development kit (SDK) used by BitDefender and other security suites to provide VPN functionality.
Dubbed ZombieVPN, the vuln appears to be a privilege-escalation flaw in that malicious code running on a Windows PC with the AnchorFree SDK installed can exploit the bug to gain SYSTEM-level control. The vulnerability has been patched in the SDK, and is designated CVE-2020-12828. Check your antivirus suite for updates if it uses AnchorFree.
Zoom wraps up 90 day plan
Zoom CEO Eric Yuan said his video-conferencing wunderkind has officially concluded its 90-day security overhaul program in which it brought in a number of outside orgs and consultants to shore up its defenses after a number of privacy and security slip-ups.
Looking ahead, the CEO said Zoom will carry out regular audits and continue its enhanced bug bounty program, among other measures. ®
READ MORE HERE