Russian hackers exploiting VMware product flaws, warns NSA

Russian hackers exploiting VMware product flaws, warns NSA

Russian hackers exploiting VMware product flaws, warns NSA

The US National Security Agency (NSA) and the UK’s NCSC have urged organisations to immediately plug a vulnerability affecting a number of VMware identity management products that is being exploited by Russian state-sponsored actors to gain access to sensitive data.

According to NSA, the vulnerability affects a number of VMware identity management products such as the VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware has already released security patches to plug the vulnerability and organisations are being advised to patch their VMware products at the earliest.

“The exploitation of this vulnerability first requires that a malicious actor have access to the management interface of the device. This access can allow attackers to forge security assertion markup language (SAML) credentials to send seemingly authentic requests to gain access to protected data,” NSA said.

“NSA strongly recommends that NSS, DoD, and DIB system administrators apply the vendor-issued patch as soon as possible. If a compromise is suspected, check server logs and authentication server configurations as well as applying the product update. In the event that an immediate patch is not possible, system administrators should apply mitigations detailed in the advisory to help reduce risk of exploitation/compromise/attack.”

Even though NSA says that the vulnerability is being actively exploited by Russian state-sponsored actors to access protected data on affected systems, the agency has not named any specific APT group that is responsible for the exploitation.

According to VMware, the vulnerability, assigned CVE-2020-4006, affects some versions of Workspace ONE Access, Identity Manager, and Workspace ONE Access Connector. Security patches for each of these identity management products can be downloaded here.

ALSO READ: NSA lists top 25 vulnerabilities routinely exploited by Chinese hackers

Copyright Lyonsdown Limited 2021

Top Articles

The benefits of external threat hunting

Have you heard of external threat hunting or threat reconnaissance? If you have, you’re in the 1 per cent of the 1 per cent.

From growing supply chain attacks to ransomware gangs putting lives at risk

From ransomware pile-ons to commoditized supply chain TTPs, the threat landscape is set to evolve at a worrying pace in the year ahead.

Restricting company information - hide the truth or lie about it?

It seems like a cliché: a person’s life changes when they’re exposed to a previously concealed or distorted truth. In theory, all information is freely available – and, therefore, is…

Related Articles

[s2Member-Login login_redirect=”” /]