Team IT Security (TSEC) Nachrichtenportal Logo

📰 Best Practices to Configure BIG-IP LTM Systems to Encrypt HTTP Persistence Cookies


Nachrichtenbereich: 📰 IT Security Nachrichten
🔗 Quelle: cisa.gov

CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software solutions designed to manage and secure network traffic. A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network.  
 

CISA urges organizations to encrypt persistent cookies employed in F5 BIG-IP devices and review the following article for details on how to configure the BIG-IP LTM system to encrypt HTTP cookies.

...

Sharing is caring on Social Media

Reddit
Telegram
LinkedIn
Xing
Twitter
Whatsapp
Facebook
Flipboard

📰 Best Practices to Configure BIG-IP LTM Systems to Encrypt HTTP Persistence Cookies


📈 105.13 Punkte
📰 IT Security Nachrichten

🕵️ Big BIG-IP LTM up to 12.1.5.1/13.1.3.4/14.1.2.7/15.1.0.5 Traffic Management Microkernel resource consumption


📈 39.24 Punkte
🕵️ Sicherheitslücken

🕵️ Bugtraq: Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through


📈 38.66 Punkte
🕵️ Sicherheitslücken

🕵️ Bugtraq: Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through


📈 38.66 Punkte
🕵️ Sicherheitslücken

📰 Lettuce Encrypt, Encrypt We Must: Hobby projects change name after Let's Encrypt fires off trademark complaints


📈 36.65 Punkte
📰 IT Security Nachrichten

🕵️ CVE-2022-33968 | F5 BIG-IP up to 13.1.x/14.1.5.0/15.1.6.0/16.1.3.0/17.0.0.0 LTM Monitor/APM SSO out-of-bounds (K23465404)


📈 33.1 Punkte
🕵️ Sicherheitslücken

🕵️ F5 BIG-IP LTM up to 12.1.3.6/13.0.1 TMM denial of service


📈 33.1 Punkte
🕵️ Sicherheitslücken

🕵️ F5 BIG-IP on VIPRION Log /var/log/ltm Password information disclosure


📈 33.1 Punkte
🕵️ Sicherheitslücken

🕵️ F5 BIG-IP Log /var/log/ltm Password Information Disclosure


📈 33.1 Punkte
🕵️ Sicherheitslücken

🕵️ Vuln: F5 BIG-IP LTM Products CVE-2016-5745 Security Bypass Vulnerability


📈 33.1 Punkte
🕵️ Sicherheitslücken

🕵️ Vuln: F5 BIG-IP LTM Products CVE-2016-5745 Security Bypass Vulnerability


📈 33.1 Punkte
🕵️ Sicherheitslücken

🔧 Demonstrating Persistence vs. Non-Persistence in Kubernetes with MongoDB


📈 30.77 Punkte
🔧 Programmierung

🕵️ CVE-2025-36504 | F5 BIG-IP Next/BIG-IP Next SPK/BIG-IP Next CNF/BIG-IP HTTP/2 allocation of resources (K000140919)


📈 27.34 Punkte
🕵️ Sicherheitslücken

🔧 Managing Data with Docker Compose Volumes: Best Practices for Persistence and Sharing


📈 26.96 Punkte
🔧 Programmierung

🔧 Mastering Java Persistence: Best Practices for Cloud-Native Applications and Modernization


📈 26.96 Punkte
🔧 Programmierung

🔧 Introducing LTM-2: A Leap Forward in Workflow Management


📈 26.96 Punkte
🔧 Programmierung

🔧 Introducing LTM-2: A Leap Forward in Workflow Management


📈 26.96 Punkte
🔧 Programmierung

📰 Fortnite : Entkommt der gefährlichen Insel: Neuer LTM gestartet!


📈 26.96 Punkte
📰 IT Nachrichten

🔧 Data Persistence (Cookies, Sessions, Tokens, LocalStorage and SessionStorage)


📈 26.94 Punkte
🔧 Programmierung

🔧 Battle of the Cookies: Regular Cookies vs. HTTP-Only


📈 25.9 Punkte
🔧 Programmierung

🐧 RansomEXX Trojan attacks Linux systems - recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems.


📈 24.66 Punkte
🐧 Linux Tipps

🕵️ CVE-2025-41399 | F5 BIG-IP Next/BIG-IP Next SPK/BIG-IP Next CNF/BIG-IP Control Transmission Protocol denial of service (K000137709 / Nessus ID 235473)


📈 24.56 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-45886 | F5 BIG-IP/BIG-IP Next/BIG-IP Next SPK/BIG-IP Next CNF ZebOS BGP denial of service (K000137315)


📈 24.56 Punkte
🕵️ Sicherheitslücken

📰 How to configure the Let’s Encrypt email notification when a cert is skipped, renewed, or error


📈 24.51 Punkte
📰 IT Security Nachrichten

📰 How to configure Nginx with Let’s Encrypt on CentOS 8


📈 24.51 Punkte
📰 IT Security Nachrichten

📰 Due to the 2020.02.29 CAA Rechecking Bug, we unfortunately need to revoke 2.6% of active Let’s Encrypt TLS/SSL certificates. We are in the process of notifying some Let's Encrypt users that their certificates will be revoked on 04 March 2020.


📈 24.43 Punkte
📰 IT Security Nachrichten

📰 CISA Urges Encryption of Cookies in F5 BIG-IP Systems


📈 23.92 Punkte
📰 IT Security Nachrichten

📰 Best Practices for Using Cookies and Cookie Consent


📈 23.13 Punkte
📰 IT Security Nachrichten

🔧 React Cookies: A Complete Guide to Managing Cookies in React Applications


📈 23.12 Punkte
🔧 Programmierung

🔧 Third-Party-Cookies bleiben länger: Darum verschiebt Google das Aus der Drittanbieter-Cookies


📈 23.12 Punkte
🔧 Programmierung

📰 Third-Party-Cookies vor dem Aus: Auch Google verbannt Drittanbieter-Cookies


📈 23.12 Punkte
📰 IT Nachrichten

📰 Ein Internet ohne Cookies? Google verabschiedet sich von Third-Party-Cookies


📈 23.12 Punkte
📰 IT Security Nachrichten

📰 Mozilla Firefox keeps cookies kosher with quarantine scheme, 86s third-party cookies in new browser build


📈 23.12 Punkte
📰 IT Security Nachrichten

📰 Avast (seemingly periodically) gives me notifications that it found tracking cookies on my PC. Upon clicking, I'm taken to the premium page. I used to clear my cookies when this happened, but now I think it could be a corporal scam. I'm using Avast F


📈 23.12 Punkte
📰 IT Security Nachrichten

🐧 Chrome 69 will keep Google Cookies when you tell it to delete all cookies


📈 23.12 Punkte
🐧 Linux Tipps