Russian hackers exploiting VMware product flaws, warns NSA

Russian hackers exploiting VMware product flaws, warns NSA

Russian hackers exploiting VMware product flaws, warns NSA

The US National Security Agency (NSA) and the UK's NCSC have urged organisations to immediately plug a vulnerability affecting a number of VMware identity management products that is being exploited by Russian state-sponsored actors to gain access to sensitive data.

According to NSA, the vulnerability affects a number of VMware identity management products such as the VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware has already released security patches to plug the vulnerability and organisations are being advised to patch their VMware products at the earliest.

"The exploitation of this vulnerability first requires that a malicious actor have access to the management interface of the device. This access can allow attackers to forge security assertion markup language (SAML) credentials to send seemingly authentic requests to gain access to protected data," NSA said.

"NSA strongly recommends that NSS, DoD, and DIB system administrators apply the vendor-issued patch as soon as possible. If a compromise is suspected, check server logs and authentication server configurations as well as applying the product update. In the event that an immediate patch is not possible, system administrators should apply mitigations detailed in the advisory to help reduce risk of exploitation/compromise/attack."

Even though NSA says that the vulnerability is being actively exploited by Russian state-sponsored actors to access protected data on affected systems, the agency has not named any specific APT group that is responsible for the exploitation.

According to VMware, the vulnerability, assigned CVE-2020-4006, affects some versions of Workspace ONE Access, Identity Manager, and Workspace ONE Access Connector. Security patches for each of these identity management products can be downloaded here.

ALSO READ: NSA lists top 25 vulnerabilities routinely exploited by Chinese hackers

Copyright Lyonsdown Limited 2020

Top Articles

Hackers exploited critical flaws in Accellion FTA to steal client data

Accellion suffered a breach in December that compromised more than 100GB of sensitive data associated with the its enterprise customers.

Hacker stole 3.3m customer data records from Filipino loan firm Cashalo

Cashalo, a digital credit company in the Philippines, suffered a massive breach that compromised over 3.3 million customer data records.

A lack of manpower is exposing the world’s cyber-vulnerabilities

As well as investing in talent, the cyber security industry needs to promote transparency and global cooperation

Related Articles