22 Dec 2021

What do the Apache Log4j Vulnerability, Security Community Outreach Efforts, Cognitive Infrastructure, Resilience, Anti-Fragility, John Boyd and Dune have in Common? The December 2021 OODA Network Member Meeting

To help members optimize opportunities and reduce risk, OODA hosts a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs.

Read More
30 Apr 2021

Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks

A high-severity vulnerability, CVE-2021-23008, allows the bypass of Active Directory authentication if the attacker can hijack a Kerberos Key Distribution Center connection. The attacker uses a spoofed Kerberos Authentication Service Response, or authentication bypass is possible from a compromised AD server.  In order for the protocol to work, the user

Read More
11 Mar 2021

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs

F5 Networks has warned users to patch four critical remote command execution (RCE) flaws. The company released an advisory detailing seven vulnerabilities, four of which are critical, two that represent a high risk, and one rated medium risk. The four critical flaws lie in F5’s BIG-IP and BIG-IQ enterprise networking

Read More
07 Jul 2020

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

Last week, government agencies released a warning about a high-threat vulnerability in a line of BIG-IP products sold by the company F5. The agencies advised security professionals to implement a released patch to protect devices from the exploit, which could allow attackers to fully take control of the networking equipment,

Read More