The Record reports:
The federal government has issued an emergency directive ordering all civilian agencies to update products from F5 after the security company said a nation-state actor had long-term persistent access to source code and information about undisclosed vulnerabilities during a breach discovered in August.
The Cybersecurity and Infrastructure Security Agency (CISA) said it “has identified a significant cyber threat targeting federal networks utilizing certain F5 devices and software.”
“A nation-state cyber threat actor poses an imminent risk, with the potential to exploit vulnerabilities in F5 products to gain unauthorized access to embedded credentials and Application Programming Interface (API) keys,” the agency said.
… The emergency directive orders all agencies to apply the latest updates for all at-risk F5 virtual and physical devices and downloaded software by October 22. All federal agencies need to report back to CISA about their F5 deployments by October 29.
Read more at The Record.
