CISA issues emergency directive ordering agencies to inventory F5 products, apply patches addressing vulnerability

The Cybersecurity and Infrastructure Security Agency is asking agencies through an emergency directive to inventory their use of hardware and software from cyber firm F5 and apply patches to impacted products.

“A nation-state affiliated cyber threat actor has compromised F5’s systems and exfiltrated files, which included a portion of its BIG-IP source code and vulnerability information. The threat actor’s access to F5’s proprietary source code could provide that threat actor with a technical advantage to exploit F5 devices and software,”...