Security News

Accenture and VMware announced an expanded partnership and the launch of a dedicated business group that will help organizations adopt a 'cloud first' strategy - accelerating migration to the cloud, building modern apps more rapidly, and using the cloud as a foundation for innovation and new business models, ultimately realizing greater value. Supported by approximately 2,000 Accenture cloud professionals trained in VMware products and services, the Accenture VMware Business Group will help clients tap into the powerful capabilities and elasticity of the cloud - which has become essential to quickly scaling business services, operating efficiently and enabling innovation at scale.

Confluera announced interoperability with VMware Carbon Black that will further expand Confluera XDR's security ecosystem coverage to include VMware Carbon Black Cloud Workload Protection. "Leveraging the VMware Carbon Black Cloud, Confluera can help customers trace attackers in real-time and analyze detections and alerts across endpoints and workloads for next-generation incident analysis and remediation."

VMware and Cisco have shared information on the impact of the SolarWinds incident, and VMware has responded to reports that one of its products was exploited in the attack. The NSA advisory on the exploitation of the VMware vulnerability also mentions SAML abuse and security blogger Brian Krebs reported learning from sources that the SolarWinds attackers also exploited the VMware flaw.

VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied further exploitation attempts. VMware also disputed media reports that a zero-day vulnerability in multiple VMware products reported by the NSA was used as an additional attack vector besides the SolarWinds Orion platform to compromise high-profile targets.

VMware released a software update to plug the security hole on Dec. 3, and said it learned about the flaw from the NSA. The NSA advisory came less than 24 hours before cyber incident response firm FireEye said it discovered attackers had broken into its networks and stolen more than 300 proprietary software tools the company developed to help customers secure their networks. On Dec. 13, FireEye disclosed that the incident was the result of the SolarWinds compromise, which involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for users of its Orion network management software as far back as March 2020.

The NSA reckons Russian government hackers are actively abusing a critical security hole in VMWare's software to infiltrate victims' networks. "Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication," a cybersecurity notice [PDF] published on Monday warns.

Active attacks against a flaw in VMware's Workspace One Access continue, three days after the vendor patched the vulnerability and urged customers to fix the bug. Those VMware products are two of 12 impacted by a command-injection vulnerability, tracked as CVE-2020-4006, and patched on Friday.

The US National Security Agency on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data. Specifics regarding the identities of the threat actor exploiting the VMware flaw or when these attacks started were not disclosed.

Russian state-sponsored hackers have been exploiting a vulnerability that VMware patched recently in some of its products, the National Security Agency warned on Monday. The vulnerability is tracked as CVE-2020-4006 and it has been found to impact the VMware Workspace ONE Access identity management product and some related components, including Identity Manager on Linux, vIDM Connector on Windows and Linux, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

The National Security Agency warns that Russian state-sponsored threat actors are exploiting a recently patched VMware vulnerability to steal sensitive information after deploying web shells on vulnerable servers. VMware released security updates to address the security bug on December 3rd after publicly disclosing the vulnerability two weeks ago and providing a temporary workaround that fully removes the attack vector and prevents exploitation.