Russian hackers exploiting VMware product flaws, warns NSA

Russian hackers exploiting VMware product flaws, warns NSA

Russian hackers exploiting VMware product flaws, warns NSA

The US National Security Agency (NSA) and the UK’s NCSC have urged organisations to immediately plug a vulnerability affecting a number of VMware identity management products that is being exploited by Russian state-sponsored actors to gain access to sensitive data.

According to NSA, the vulnerability affects a number of VMware identity management products such as the VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware has already released security patches to plug the vulnerability and organisations are being advised to patch their VMware products at the earliest.

“The exploitation of this vulnerability first requires that a malicious actor have access to the management interface of the device. This access can allow attackers to forge security assertion markup language (SAML) credentials to send seemingly authentic requests to gain access to protected data,” NSA said.

“NSA strongly recommends that NSS, DoD, and DIB system administrators apply the vendor-issued patch as soon as possible. If a compromise is suspected, check server logs and authentication server configurations as well as applying the product update. In the event that an immediate patch is not possible, system administrators should apply mitigations detailed in the advisory to help reduce risk of exploitation/compromise/attack.”

Even though NSA says that the vulnerability is being actively exploited by Russian state-sponsored actors to access protected data on affected systems, the agency has not named any specific APT group that is responsible for the exploitation.

According to VMware, the vulnerability, assigned CVE-2020-4006, affects some versions of Workspace ONE Access, Identity Manager, and Workspace ONE Access Connector. Security patches for each of these identity management products can be downloaded here.

ALSO READ: NSA lists top 25 vulnerabilities routinely exploited by Chinese hackers

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]