What do the Apache Log4j Vulnerability, Security Community Outreach Efforts, Cognitive Infrastructure, Resilience, Anti-Fragility, John Boyd and Dune have in Common? The December 2021 OODA Network Member Meeting
To help members optimize opportunities and reduce risk, OODA hosts a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs.
A high-severity vulnerability, CVE-2021-23008, allows the bypass of Active Directory authentication if the attacker can hijack a Kerberos Key Distribution Center connection. The attacker uses a spoofed Kerberos Authentication Service Response, or authentication bypass is possible from a compromised AD server. In order for the protocol to work, the user
F5 Networks has warned users to patch four critical remote command execution (RCE) flaws. The company released an advisory detailing seven vulnerabilities, four of which are critical, two that represent a high risk, and one rated medium risk. The four critical flaws lie in F5’s BIG-IP and BIG-IQ enterprise networking
Last week, government agencies released a warning about a high-threat vulnerability in a line of BIG-IP products sold by the company F5. The agencies advised security professionals to implement a released patch to protect devices from the exploit, which could allow attackers to fully take control of the networking equipment,