Latest news
Newsletter

The U.S. is losing a cyberwar

Today: F5's disclosure that hackers had "long term" access to its systems is just the latest sign that the federal government is focused on the wrong problems, Salesforce does damage control on behalf of its CEO, and the latest enterprise moves.

Tom Krazit
The U.S. is losing a cyberwar
Photo by Tabrez Syed / Unsplash
4 min read

Welcome to Runtime! Today: F5's disclosure that hackers had "long term" access to its systems is just the latest sign that the federal government is focused on the wrong problems, Salesforce does damage control on behalf of its CEO, and the latest enterprise moves.

(Please forward this email to a friend or colleague! And if it was forwarded to you, sign up here to get Runtime each week.)

Big problems for BIG-IP

At this point, when it comes to the critical tech infrastructure that the U.S. government and private industry relies upon to handle just about every aspect of modern life, the most relevant question is no longer, "can it be hacked?" but rather, "when was it hacked?" And at a time when federal resources are being pulled away from cybersecurity efforts to terrorize cities that didn't vote for the current president, things are going to get worse before they get better.

F5 disclosed Wednesday that a nation-state hacker (China, according to Bloomberg) gained "long-term, persistent access" to the servers it uses to manage product development and security for its BIG-IP application management software. "Through this access, certain files were exfiltrated, some of which contained certain portions of the Company’s BIG-IP source code and information about undisclosed vulnerabilities that it was working on in BIG-IP," F5 said in a filing with the SEC.

  • BIG-IP is a collection of networking hardware and software that has been used to manage inbound and outbound traffic in data centers for decades, although in recent years F5 has pivoted to focus on delivering those capabilities in software across cloud environments.
  • That software sits at a critical juncture in a company or organization's network, because its job is to inspect just about everything that crosses the perimeter.
  • F5 also said that the hackers had gained access to "configuration or implementation information for a small percentage of customers," which could leave them vulnerable to an intrusion unless they change that configuration.

"In the hands of a hostile actor, this stolen data is a master key that could be used to launch devastating attacks, similar to the campaigns waged by Salt Typhoon and Volt Typhoon," said Robert Huber, chief security officer for Tenable, on LinkedIn. The two attacks he's referring to compromised telecom networks across the country, including those belonging to Verizon, AT&T, and T-Mobile.

  • The good news is that F5 said it hadn't found any evidence that the hackers had infiltrated its software supply chain, and the vulnerabilities in question don't appear to be "critical," according to the CVE scoring system.
  • The bad news is that given the hackers had undetected access to F5's systems for nearly an entire year, according to Bloomberg, which means attacks on BIG-IP customers could have taken place months ago before anyone knew where to look.
  • Most of the dozens of vulnerabilities disclosed by F5 on Wednesday appear to have been patched in updated versions of the affected software, but companies often upgrade to new versions at their own pace and might not have installed the latest version without knowing that the version they were running contained a vulnerability.

Software is written by people (for now), and as such there will always be flaws and vulnerabilities that vendors and customers will have to manage. But attacks on American software companies appear to be ramping up right as the Trump administration pulls staffers away from the Cybersecurity and Infrastructure Security Agency to focus on "border security and deportation work," according to a report last week from NextGov.

  • CISA can't prevent every hacker based in a country targeting the U.S. from succeeding, but it can do a lot more to encourage companies — with a carrot or a stick — to update their cybersecurity defenses.
  • And one of the first cybersecurity-related things the Trump administration did upon returning to power in January was to pull funding from the Cyber Safety Review Board, which was investigating the Salt Typhoon attacks.
  • "Why is this administration so determined to degrade the cyber defenses that keep this country safe?” Representative Lauren Underwood asked Homeland Security Secretary Kristi Noem during a hearing in May, and that remains a good question.

Dream a little dream

It seems doubtful that Salesforce co-founder and CEO Marc Benioff will consider Dreamforce 2025 among his favorite editions of the annual conference, which employs a bunch of furries to sell enterprise software. All anybody wanted to talk about going into the event was his interview with the New York Times last Friday in which he urged the Trump administration to illegally send troops into San Francisco, a city he once lived in and championed only to decamp for Hawaii at the onset of the pandemic.

Benioff tried to walk those comments back, but the damage was done. On Thursday longtime Bay Area venture capitalist Ron Conway resigned from the board of directors of the Salesforce Foundation charitable group, declaring "it saddens me immensely to say that with your recent comments, and failure to understand their impact, I now barely recognize the person I have so long admired," according to the Times.

Benioff also raised eyebrows Tuesday by trying to argue that while a very small percentage of Salesforce's customers are actually paying for its Agentforce AI platform, technically anyone using Slack will soon be using its agentic AI technology because Slack is now the "agentic OS for your enterprise." The company tried to make amends with investors on Wednesday by promising it will exceed its previous revenue target for 2030, a date so far into the future as to be meaningless.

Enterprise moves

David DeSanto is the new CEO of Anaconda, joining the open-source Python company after serving as chief product officer of GitLab.

Barry Libert is the new CEO of HiveMQ, joining the industrial AI company after serving as CEO of Anaconda (!).

David Azose is the new chief technology officer of Airtable, following several years in technology leadership roles at OpenAI and DoorDash.

Jon Jones is the new chief revenue officer at CoreWeave, taking on a newly created role at the neocloud after several years in sales leadership roles at AWS.

Christopher Monterio is the new chief financial officer at Adeptia, joining the data automation company after finance leadership roles at Suralink.

The Runtime roundup

HPE's stock fell more than 10% Thursday after it projected weaker than expected revenue guidance for its next fiscal year and several states signaled plans to challenge its acquisition of Juniper Networks.

Fresh off raising $1.5 billion in new funding, Nscale announced a new deal with Microsoft to deploy Nvidia GPUs for Microsoft's enterprise customers.

Thanks for reading — see you Saturday!

Published in: Newsletter, F5, Salesforce
Author
Tom Krazit

Tom Krazit

Tom Krazit has covered the technology industry for over 20 years, focused on enterprise technology during the rise of cloud computing over the last ten years at Gigaom, Structure and Protocol.

View articles

Read next

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Runtime.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.