![CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. [CISA Cybersecurity Alerts]](https://megaphone.imgix.net/podcasts/58ab7ae0-def8-11ea-b34c-b35b208b0539/image/f873f2ed2bf2868969a07ebae4846fbf.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. [CISA Cybersecurity Alerts]
CyberWire Daily · N2K Networks
Audio is streamed directly from the publisher (pdst.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP.
AA22-138A Alert, Technical Details, and Mitigations
F5 Security Advisory K23605346 and indicators of compromise
F5 guidance K11438344 for remediating a compromise
Emerging Threats suricata signatures
Palo Alto Networks Unit 42 Threat Brief: CVE-2022-1388. This brief includes indicators of compromise.
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical F5 BIG-IP Vulnerability. This blog includes indicators of compromise. Note: due to the urgency to share this information, CISA and MS-ISAC have not yet validated this content.
Randori’s bash script. This script can be used to identify vulnerable instances of BIG-IP. Note: MS-ISAC has verified this bash script identifies vulnerable instances of BIG-IP.
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at [email protected] or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices