Federal cyber authorities have mandated federal agencies to identify and apply security updates to F5 devices following a breach by a nation-state attacker. This emergency directive, issued by the Cybersecurity and Infrastructure Security Agency (CISA), requires agencies to act by Oct. 22 and marks the second directive issued in only three weeks. F5 disclosed unauthorized access to its systems on Aug. 9, exposing critical data including segments of BIG-IP source code and internal vulnerability details.
CISA is monitoring the situation and reports no current compromises of federal agencies. However, thousands of F5 products in use could pose a significant risk, with potential downstream effects on critical infrastructure and government operations. The directive requires agencies to apply F5’s security patches, disconnect unsupported devices, and report all instances of F5 products in their networks. While CISA has not confirmed how attackers accessed F5’s systems, the urgent response indicates the seriousness of the threat to federal cybersecurity.
👉 Pročitaj original: CyberScoop
