U.S. Issues Emergency Order After Breach of F5 Security Tools

By Kim S. Nash

Hello. U.S. officials on Wednesday ordered government agencies to patch products from security company F5, saying nation-state hackers had compromised the software.

F5 specializes in application security and is a major provider to the private and public sectors, claiming about 85% of the Fortune 500 among its customers.

The nation-state, which the officials didn’t name, broke into the systems used to create some of F5’s products and stole data, potentially including source code, open vulnerabilities and customer configurations, the company said. Read our full story.

More news below.

‏‏‎ ‎

CONTENT FROM: ZSCALER

Act Now: Protect Against Cisco ASA Zero-Day Threat!

According to CISA’s Emergency Directive, Zero Day vulnerabilities in Cisco ASA firewalls and VPNs are being actively exploited, posing severe risks to enterprises. In reality, all VPNs and firewalls represent significant risk as attackers use AI to scan and exploit these exposed legacy devices, bypass authentication, and launch sophisticated attacks. Act now to secure your business.

Zero-day protection starts with zero trust architecture.

More Cyber News

PHOTO: HECTOR RETAMAL/AGENCE FRANCE-PRESSE/GETTY IMAGES

Chinese criminals made more than $1 billion from those annoying texts. Your highway toll payment is now past due, one text warns. You have U.S. Postal Service fees to pay, another threatens. You owe the New York City Department of Finance for unpaid traffic violations. The texts are ploys to get unsuspecting victims to fork over their credit-card details.

Making the fraud possible: an ingenious trick allowing criminals to install stolen card numbers in Google and Apple Wallets in Asia, then share the cards with partners in the U.S. making purchases. (WSJ)

U.K. tech outsourcer Capita drew a fine of about $18.8 million for security failings that led to the exposure of personal data for 6.6 million employees, and people at customer and supplier sites. Capita in 2023 took 58 hours to respond to a high-priority cyber alert and understaffed its security operations center, the U.K. Information Commissioner's Office said. (Sky News)

In the 1 terabyte of data the hackers stole were pension and human-resources files, financial details and prison records, the watchdog said.
The ICO originally wanted to fine Capita more than $60 million but considered the company's cybersecurity improvements, admission of liability and other factors in coming to a settlement for a lower amount.

Clothing retailer Mango is warning customers of a data breach that happened through a business partner that supplies marketing services. Spain-based Mango didn't name the supplier. (Bleeping Computer)

Heart-pump recall: Johnson & Johnson is recalling its Impella heart-pump controllers after the Food and Drug Administration found cybersecurity problems with the device that could let hackers interfere with their operation. The company plans to disable network capabilities of the devices rather than take them off the market.

Johnson & Johnson and the FDA said they aren't aware of any hacks of the devices. (MedTech Dive)

Ransomware attack: MuniOS.com, a popular platform for hosting bond-offering documents for state and local governments has been offline for several days after a ransomware strike, Bloomberg reported, citing people familiar with the matter.

About Us

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.

Unsubscribe |

Newsletters & Alerts |

Privacy Notice |

Cookie Notice

Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.