Security News
Russian state-sponsored hackers have been exploiting a vulnerability that VMware patched recently in some of its products, the National Security Agency warned on Monday. The vulnerability is tracked as CVE-2020-4006 and it has been found to impact the VMware Workspace ONE Access identity management product and some related components, including Identity Manager on Linux, vIDM Connector on Windows and Linux, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.
The National Security Agency warns that Russian state-sponsored threat actors are exploiting a recently patched VMware vulnerability to steal sensitive information after deploying web shells on vulnerable servers. VMware released security updates to address the security bug on December 3rd after publicly disclosing the vulnerability two weeks ago and providing a temporary workaround that fully removes the attack vector and prevents exploitation.
VMware on Thursday released patches for a Workspace ONE Access security flaw that was identified and reported by the National Security Agency. Formerly VMware Identity Manager, Workspace ONE Access delivers multi-factor authentication, single sign-on, and conditional access functionality for SaaS, mobile and web applications.
VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. Zero-day reported by the NSA. While initially, the company didn't disclose the identity of the organization or researcher who reported the vulnerability, VMware acknowledged the US Defense Department's intelligence agency contribution in an update to the security advisory made on Thursday.
Over at Lawfare, Susan Hennessey has an excellent primer on how Trump loyalist Michael Ellis got to be the NSA General Counsel, over the objections of NSA Director Paul Nakasone, and what Biden can and should do about it. The NSA general counsel is not a Senate-confirmed role.
Cyber Privacy: Who Has Your Data and Why You Should Care is the title of a new book from April Falcon Doss, a former associate general counsel for intelligence law at America's NSA. Doss spoke to The Register about her concerns with pervasive data collection and its potential for harm. Explaining why she wrote the newly published book, Doss said: "I spent years immersed in and I was constantly discovering new areas of data collection, new ways in which data is being used, new concerns for individuals, and I thought, you shouldn't have to be a data expert to understand these things."
It's said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software. On Wednesday, Reuters reporter Joseph Menn published an account of US Senator Ron Wyden's efforts to determine whether the NSA is still in the business of placing backdoors in US technology products.
The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others. These so-called back doors enable the NSA and other agencies to scan large amounts of traffic without a warrant.
The bug exists in the Citrix Application Delivery Controller and Gateway, a purpose-built networking appliance meant to improve the performance and security of applications delivered over the web. Microsoft bugs are well-represented, including the BlueKeep RCE bug in Remote Desktop Services, which is still under active attack a year after disclosure.
The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers. This advisory provides Common Vulnerabilities and Exposures known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.