December 18, 2020
U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform
VMware, which the
U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks.
On Dec. 7, 2020, the NSA said “Russian state-sponsored malicious cyber actors are exploiting a vulnerability in
VMware Access and
VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication.”
Original release date: December 13, 2020 | Last revised: December 14, 2020
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners in the public and private sectors to assess their exposure to this compromise and to secure their networks against any exploitation.”
Russian State-Sponsored Malicious Cyber Actors Exploit Known Vulnerability in Virtual Workspaces
The National Security Agency (NSA) released a Cybersecurity Advisory today detailing how Russian state-sponsored actors have been exploiting a vulnerability in VMware® products to access protected data on affected systems. This advisory emphasizes the importance for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) system administrators to apply vendor-provided patches to affected VMware® identity management products and provides further details on how to detect and mitigate compromised networks. Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace Infographic
The products affected by this vulnerability are the VMware® Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector, with specific product versions also identified in the VMware® advisory. The exploitation of this vulnerab
By Justin Katz
Dec 09, 2020
The National Security Agency today announced vulnerabilities in cloud software are being exploited by Russia-sponsored threat actors to access protected data.
A vulnerability in VMware Access and VMware Identity Manager products allows attackers access to protected data. VMware released a patch for the Command Injection Vulnerability captured in CVE-2020-4006 on Dec. 3.
The attack requires a hacker to have credentials to obtain access to the management interface, according to the Dec. 7 NSA statement. Once inside, hackers can leverage the flaw to forge additional credentials to obtain protected data.
NSA s advisory stresses the importance of patching by National Security System, Department of Defense and defense industrial base administrators.