Cryptolaemus cybersecurity experts: The malware distribution process is the same used to distribute BazarLoader.
Yoroi-Cybaze: Huge vulnerability discovered in F5 BIG-IP technologies. The flaw, the CVE-2020-5902, is caused by gaps in the management of particular HTTP requests by the TMUI management interface (Traffic Management User Interface)
A dangerous vulnerability has been discovered in F5 BIG-IP technologies, largely used platforms in the enterprise sector for the creation of secure web infrastructures and architectures, load balancing and termination of encrypted connections. It has been denounced by Yoroi-Cybaze cyber security experts. The flaw, known with the identifier CVE-2020-5902, is caused by gaps in the management of particular HTTP requests by the TMUI management interface (Traffic Management User Interface). This could let a remote attacker without any authentication to execute arbitrary commands on the target system, enabling condition network intrusions and abusive access to corporate infrastructures. The manufacturer confirmed the problem through bulletin K52145254 indicating that the vulnerability exists on the appliance management plan and not on the interfaces dedicated to data traffic. In particular, the TMUI interfaces of the BIG-IP versions are vulnerable.
The cyber security experts: Plan urgently the application of the security patches. If it’s not possible, evaluate the application of the workarounds recommended by the Manufacturer, or disable access to the TMUI interface through “Self-IPs” and by unauthenticated sessions
The cyber security experts, considering the potential internet exposure of the TMUI management interfaces, the criticality of the infrastructures involved and the publication of technical details related to the vulnerability, strongly advise to plan urgently the application of the security patches made available, to ascertain the state of exposure Internet of interfaces. If it is not possible to update quickly the F5 BIG-IP technologies, is suggested to evaluate the application of the workarounds recommended by the Manufacturer, or disable access to the TMUI interface through “Self-IPs” and by unauthenticated sessions.