Russian hackers exploiting VMware product flaws, warns NSA

Russian hackers exploiting VMware product flaws, warns NSA

Russian hackers exploiting VMware product flaws, warns NSA

The US National Security Agency (NSA) and the UK's NCSC have urged organisations to immediately plug a vulnerability affecting a number of VMware identity management products that is being exploited by Russian state-sponsored actors to gain access to sensitive data.

According to NSA, the vulnerability affects a number of VMware identity management products such as the VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware has already released security patches to plug the vulnerability and organisations are being advised to patch their VMware products at the earliest.

"The exploitation of this vulnerability first requires that a malicious actor have access to the management interface of the device. This access can allow attackers to forge security assertion markup language (SAML) credentials to send seemingly authentic requests to gain access to protected data," NSA said.

"NSA strongly recommends that NSS, DoD, and DIB system administrators apply the vendor-issued patch as soon as possible. If a compromise is suspected, check server logs and authentication server configurations as well as applying the product update. In the event that an immediate patch is not possible, system administrators should apply mitigations detailed in the advisory to help reduce risk of exploitation/compromise/attack."

Even though NSA says that the vulnerability is being actively exploited by Russian state-sponsored actors to access protected data on affected systems, the agency has not named any specific APT group that is responsible for the exploitation.

According to VMware, the vulnerability, assigned CVE-2020-4006, affects some versions of Workspace ONE Access, Identity Manager, and Workspace ONE Access Connector. Security patches for each of these identity management products can be downloaded here.

ALSO READ: NSA lists top 25 vulnerabilities routinely exploited by Chinese hackers

Copyright Lyonsdown Limited 2021

Top Articles

WhatsApp's New Privacy Policy Deadline Has Arrived

At the start of 2021, WhatsApp announced its privacy policy updates, sparking outrage and backlash from its consumers as WhatsApp will share personal information with its parent company, Facebook.

Overcoming the security challenge in remote working environments

The pandemic has changed the way we work. Remote working is no longer a nice-to-have for organisations, but a necessity especially if they want to attract the best talent.

President Biden pens Executive Order to boost US cybersecurity

US President Joe Biden signed an Executive Order this week to boost the cyber security of federal government systems and data.

Related Articles