Security News
VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied further exploitation attempts. VMware also disputed media reports that a zero-day vulnerability in multiple VMware products reported by the NSA was used as an additional attack vector besides the SolarWinds Orion platform to compromise high-profile targets.
VMware released a software update to plug the security hole on Dec. 3, and said it learned about the flaw from the NSA. The NSA advisory came less than 24 hours before cyber incident response firm FireEye said it discovered attackers had broken into its networks and stolen more than 300 proprietary software tools the company developed to help customers secure their networks. On Dec. 13, FireEye disclosed that the incident was the result of the SolarWinds compromise, which involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for users of its Orion network management software as far back as March 2020.
The NSA reckons Russian government hackers are actively abusing a critical security hole in VMWare's software to infiltrate victims' networks. "Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication," a cybersecurity notice [PDF] published on Monday warns.
Active attacks against a flaw in VMware's Workspace One Access continue, three days after the vendor patched the vulnerability and urged customers to fix the bug. Those VMware products are two of 12 impacted by a command-injection vulnerability, tracked as CVE-2020-4006, and patched on Friday.
The US National Security Agency on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data. Specifics regarding the identities of the threat actor exploiting the VMware flaw or when these attacks started were not disclosed.
Russian state-sponsored hackers have been exploiting a vulnerability that VMware patched recently in some of its products, the National Security Agency warned on Monday. The vulnerability is tracked as CVE-2020-4006 and it has been found to impact the VMware Workspace ONE Access identity management product and some related components, including Identity Manager on Linux, vIDM Connector on Windows and Linux, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.
The National Security Agency warns that Russian state-sponsored threat actors are exploiting a recently patched VMware vulnerability to steal sensitive information after deploying web shells on vulnerable servers. VMware released security updates to address the security bug on December 3rd after publicly disclosing the vulnerability two weeks ago and providing a temporary workaround that fully removes the attack vector and prevents exploitation.
VMware on Thursday released patches for a Workspace ONE Access security flaw that was identified and reported by the National Security Agency. Formerly VMware Identity Manager, Workspace ONE Access delivers multi-factor authentication, single sign-on, and conditional access functionality for SaaS, mobile and web applications.
VMware has patched a zero-day bug that was disclosed in late November - an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems. VMware has also revised the CVSS severity rating for the bug to "Important," down from critical.
VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. Zero-day reported by the NSA. While initially, the company didn't disclose the identity of the organization or researcher who reported the vulnerability, VMware acknowledged the US Defense Department's intelligence agency contribution in an update to the security advisory made on Thursday.