30 Apr 2021

Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks

A high-severity vulnerability, CVE-2021-23008, allows the bypass of Active Directory authentication if the attacker can hijack a Kerberos Key Distribution Center connection. The attacker uses a spoofed Kerberos Authentication Service Response, or authentication bypass is possible from a compromised AD server.  In order for the protocol to work, the user

Read More
11 Mar 2021

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs

F5 Networks has warned users to patch four critical remote command execution (RCE) flaws. The company released an advisory detailing seven vulnerabilities, four of which are critical, two that represent a high risk, and one rated medium risk. The four critical flaws lie in F5’s BIG-IP and BIG-IQ enterprise networking

Read More
07 Jul 2020

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

Last week, government agencies released a warning about a high-threat vulnerability in a line of BIG-IP products sold by the company F5. The agencies advised security professionals to implement a released patch to protect devices from the exploit, which could allow attackers to fully take control of the networking equipment,

Read More