This month brought several high-severity security events affecting key vendors we rely on for protection. F5, Cisco, and SonicWall disclosed serious vulnerabilities and compromises. Password managers including LastPass, Bitwarden, and 1Password were also targeted, and Microsoft reported a critical ASP web server flaw.

Prompt action and user education remain essential to safeguarding your organization.

F5, Cisco and Sonicwall:

• F5, a leading firewall vendor, discovered that attackers had accessed its environment for over a year. The company issued an advisory with more than 24 high-severity patches. All F5 appliances should be updated immediately, with enhanced monitoring in place.
• SonicWall reported that attackers accessed all customer firewall backups, including encryption keys and configurations. Anyone with SonicWall firewalls should immediately change all passwords and rotate VPN keys.
• Cisco disclosed that attackers exploited zero-day flaws to breach ASA and Firepower firewalls and switches. Users should update firmware, change passwords, and rotate VPN encryption keys immediately.

LastPass, Bitwarden and 1Password:

This month we learned about attackers exploiting user fears with convincing phishing emails posing as password manager alerts. These fake updates install legitimate remote management tools that evade detection and allow full system control.

Microsoft ASP:

Microsoft disclosed a high severity vulnerability with the highest severity rating of 10 for it’s web hosting technology ASP. The vulnerability would let attackers to access credentials and file data.

Prosper Data Breach:

Hackers stole personal data including SSNs and government IDs from 17.6 million Prosper users. Affected users should check for exposure and place credit freezes with all three major bureaus.

What do I need to do?

• Confirm that any F5, Cisco or Sonicwall firewalls have had their administrative passwords changed, encryption keys rotated, and had the latest security updates applied. Additional ongoing monitoring should also be considered
• Staff should be reminded of the risks associated with email phishing scams and should be made aware of the latest attempts targeting password managers. Regular end user security awareness training is recommended.
• Confirm that any Windows web server in use have been patched. It is also recommended to have a Web Application Firewall (WAF) in front of any public facing web servers.

• Users impacted by the Prosper data leak and should enable a Credit Freeze with all 3 major credit bureaus.
  • Equifax Credit Freeze:  https://www.equifax.com/personal/credit-report-services/credit-freeze/
  • Experian Credit Freeze: https://www.experian.com/freeze/center.html
  • TransUnion Credit Freeze: https://www.transunion.com/credit-freeze

Additional Resource and Details:

• F5: https://www.securityweek.com/f5-hack-attack-linked-to-china-big-ip-flaws-patched-governments-issue-alerts/
• MS ASP: https://www.securityweek.com/highest-ever-severity-score-assigned-by-microsoft-to-asp-net-core-vulnerability/
• Cisco: https://www.securityweek.com/cisco-firewall-zero-days-exploited-in-china-linked-arcanedoor-attacks/
• Cisco: https://www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-flaw-to-deploy-rootkit-on-switches/
• Prosper: https://www.securityweek.com/prosper-data-breach-impacts-17-6-million-accounts/
• LastPass/Bitwarden/1Password: https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/

As always if you have any questions or concerns about this latest security disclosure, please feel free to reach out.