Weekly Comments

An obscure coding bug may allow attackers to exploit F5’s BIG-IP load balancer, leading to follow-up attacks such as data thefts and man-in-the-middle attacks. The flaw cannot be patched as it is not a security vulnerability but a coding error when writing BIG-IP’s iRules. iRules are the routines written to direct incoming web traffic towards the correct web server. These iRules are created using the Tool Command Language (Tcl), which when coded improperly can lead to injection attacks. An expression that is not enclosed during Tcl scripting allows for substitutions in statement and commands such that arbitrary user input is interpreted as code and executed. As some iRules parse data from incoming web requests, an attacker can launch a remote attack by submitting a command or piece of code as part of a web request to compromise the device hosting the BIG-IP software. The attack may leave no evidence as the compromised device will not record adversaries’ actions. Over 300,000 web-facing BIG-IP implementations may suffer from the coding flaw and it is possible for threat actors to mass scan the Internet to identify and exploit vulnerable instances. Organisations using F5’s BIG-IP load balancer are encouraged to evaluate their Tcl scripts and fix scripting errors to avoid potential exploitation.
References:
K15650046: Tcl Code Injection Security Exposure
Attackers Could Use This Coding Bug to Turn Big-IP Load Balancers Against Organizations
More Weekly Cyber Newsanalysis and insights

Two Unsecured Databases Expose Personal Data, Medical Records

Hacktivists Deface University Webpages

S$16,000 Fine after Employee Data Compromised in Ransomware Attack

Over 100,000 Affected in Airline Phishing Attack

Phishing Campaign Targets Chinese Government and State Enterprises

Financial Services Giant Suffers Credential Stuffing Attacks
Ensign Consulting
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services
Ensign Labs
Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence