NCSC (National Cyber Security Centre) - Weekly Threat Report @ncsc #cybersecurity

Weekly Threat Report - 10th July 2020

F5 security devices affected by vulnerability

The NCSC is aware of a remote code execution vulnerability affecting the F5 BIG-IP Traffic Management User Interface (CVE-2020-5902).

Organisations affected by the vulnerability should follow vendor best-practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest patches as soon as practicable. If this is not possible, the vendor has provided temporary mitigations. If you implemented the temporary mitigations before 8 July 2020 - they have been modified. You should replace those with the updated version.

Further information and advice for this vulnerability can be found on F5’s website and a report into exploitation of this vulnerability has been published by the NCC Group.

The NCSC also recommends that all administrators update all credentials to access their affected F5 device(s) and to revoke and reissue any certificates they are using on the device(s), such as for TLS inspection or VPN servers, etc.

Additionally, users should follow best practices for securing the management interface. Further information is available at the following F5 webpages:

• https://support.f5.com/csp/article/K13309

• https://support.f5.com/csp/article/K13092

Casino app “Clubillion” leaks users’ personal information

Researchers at vpnMentor have revealed that an unsecured Elasticsearch database leaked data on millions of global gambling app users.

The leaking database was hosted on AWS. The research team found that the unsecured data included personal information such as emails, private messages and IP addresses. Unlike other unsecured databases that have been discovered this one was receiving millions of new lines of data daily. The database was reported to Clubillion and AWS and finally secured in early April.

Leaked personal information is often exploited by cyber criminals. It can be used, for example, to target individuals in phishing campaigns where more personal or financial information may be sought. Advice on staying secure online can be found on the Cyber Aware pages, we have advice on recovering a hacked account and if you have received a suspicious email you can report it to the NCSC.

Organisations using cloud services should follow the NCSC's Cloud security guidance on how to configure, deploy and use cloud services securely.

Topics Cyber threat

Personal data

PhishingDevices

Cyber attack

National Cyber Security Centre Weekly Threat Reports

ASKET Cyber Security Resources