NSA identifies Russia-supported exploitation of VMware's virtual office environment platform
The National Security Agency (NSA) has issued a warning about a security vulnerability in VMware's virtual workspace software, which could potentially allow access to protected data using compromised credentials.
In a recent advisory, Neal Ziring, technical director of NSA Cybersecurity, highlighted the issue, stating that a malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system.
The vulnerability affects the on-premises version of VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware customers are advised to visit VMSA-2020-0027 for more information on the issue.
Ed Amoroso, CEO of TAG Cyber and former CSO at AT&T, praised the public-private information sharing as a means to reduce enterprise risk. Jamil Jaffer, senior vice president at IronNet, concurred, noting the potential damage could be contained, but also highlighted the public and direct nature of the Russian involvement disclosure.
Jaffer also mentioned that the threat can be limited by using a strong password. Customers are encouraged to apply the latest product updates, security patches, and mitigations made available for their specific environment.
VMware issued a patch for the vulnerability on December 3. Customers are also advised to sign up for the Security-Announce mailing list to stay informed about future updates.
NSA officials declined to provide any specifics on the scope of the damage but confirmed efforts to help protect relevant parties. Ziring did not provide details on the time or scope of the attacks.
The advisory from NSA is part of their mission to provide cybersecurity guidance to partners in the Department of Defense (DOD), National Security System (NSS), and Defense Industrial Base (DIB).
It's important to note that the organization that found and reported the vulnerability allegedly exploited by Russian state actors is not explicitly named in the provided search results. However, the disclosure of the specific Russian technique demonstrates NSA's willingness to disclose capabilities due to the threat posed by the vulnerability.
Customers are advised to contact third-party operating system vendors to determine additional actions they should take to secure their systems. In light of this development, it is crucial for organisations to remain vigilant and take necessary measures to protect their data from potential threats.
Read also:
- Auto Industry Update: Geotab, C2A, Deloitte, NOVOSENSE, Soracom, and Panasonic in Focus
- Preparations Underway for the 2022 FIFA World Cup: Impact on Sports Betting Industry
- Russia's harmful cyber operations, directed at the UK, face strong criticism from Estonia
- Health Risk Warning: The Harmful Effects of Sitting Too Much, Exploring Sedentary Lifestyles
