Risky Business Wide World of Cyber: A deep dive on the F5 hack
28 snips
Oct 21, 2025 
In this discussion, cybersecurity experts Alex Stamos and Chris Krebs delve into the F5 hack and its implications. Stamos shares insights on why low-rated vulnerabilities can still pose serious threats. Krebs highlights the risks associated with private equity ownership of cybersecurity firms, underscoring potential exploitation. The two also address the importance of corporate response strategies post-breach and the role of AI in securing outdated codebases. Their dynamic dialogue sheds light on the evolving landscape of cybersecurity challenges and solutions.
AI Snips
Chapters
Transcript
Episode notes
Sealed Network Devices Magnify Small Bugs
- F5 patched many low-rated bugs that nevertheless could be highly exploitable on sealed network devices.
- Alex Stamos warns identical appliances without EDR make memory bugs reliable attack vectors.
Lock Down Management Interfaces
- Avoid exposing management interfaces of sealed network devices to the internet.
- VPN into management VLANs and limit exposure to the minimum time needed for maintenance.
Long Access Doesn’t Always Mean Malicious Updates
- F5 reported long-term intruder access including update infrastructure but no evidence of malicious updates shipped.
- Chris Krebs suggests attackers might not always deploy backdoors and may have other objectives or weren't ready.