CISA Detect Vulnerabilities In VMWare Products

Uploaded on 2022-05-23 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The US cyber security agency has told officials to update, or remove, a lot of digital service company VMWare Inc. products as hackers are using insecure versions to hack into targeted organisations. VMWare  is a leading company in virtualization technology and an innovator in cloud and business mobility

VMware View is used in small businesses up to major enterprise and institutional concerns. Occasionally, some client machines will randomly disconnect from the VMware View server. Several glitches may cause this and there are just as many solutions to such disconnect problems.

The Cybersecurity and Infrastructure Security Agency (CISA) has said that hackers had reverse engineered current updates made to VMWare products and were using the information to hack into unpatched older devices.
The affected products include VMware Workspace ONE Access, which is meant to provide one-stop access to various digital services, and VMware vRealize Automation, which helps manage and automate complex IT processes.

CISA says unpatched VMWare devices should be considered to be compromised and should be checked straight away.

The CISA says in its Advisory notice on its website, “Malicious cyber actors were able to reverse engineer the vendor updates to develop an exploit within 48 hours and quickly began exploiting these disclosed vulnerabilities in unpatched devices. “Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit CVE-2022-22972 and CVE-2022-22973, which were disclosed by VMware on May 18, 2022.” 

VMWare has blogged told its customers in a blog post that, "It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments." 

The most common hardware-based cause of random disconnection from VMware View stems from malfunctioning network interface cards. If you experience a single virtual client disconnect, check the NIC on that machine before looking for other causes.

CISA Director Jen Easterly said in a statement that “These vulnerabilities pose an unacceptable risk to federal network security,” said CISA Director Jen Easterly. “CISA has issued this Emergency Directive to ensure that federal civilian agencies take urgent action to protect their networks. “We also strongly urge every organisation, large and small, to follow the federal government’s lead and take similar steps to safeguard their networks,” she said.

CISA:      Reuters:      VMWare:     Chron:       Euronews:      IT News:     VOI:   National Cybersecurity News

You Might Also Read: 

CISA, NSA And The Dual Hat:
 

« Canada Bans China From Its 5G Networks
European Union Agrees New Cyber Security Legislation »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Leonardo

Leonardo

Leonardo (formerly Finmeccanica) is a global high-tech company in Aerospace, Defence, Security & Information Systems including Cybersecurity & ICT solutions.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

Vector Informatik

Vector Informatik

Vector Informatik is a specialist in automotove electronics and provides services, embedded software and tools for securing embedded systems against cyber-attacks.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

Lionfish Cyber Security

Lionfish Cyber Security

Lionfish Cyber Evolution & Empowerment Model™ empowers SMBs to prepare and protect themselves against cyber threats using a unique combination of on-demand training, support and managed services.

Melius Cyber Security

Melius Cyber Security

Melius Cyber Security has developed a world-leading SaaS platform, Cyber Safe Plus, built around continuous assessment and improvement through vulnerability scanning and penetration testing

HunCERT

HunCERT

HunCERT's mission is to assist Hungarian Internet Service Providers in applying appropriate procedures to address the risks of computer network incidents and to respond to such incidents.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

Panoptic Cyber

Panoptic Cyber

Panoptic Cyber are a team of elite Armed Forces Veterans who hold a wealth of experience in Information Security, Cyber Security, Data Protection and Risk Management.

Edera

Edera

Edera is changing the way containers are run and secured, making isolation a reality and fundamentally transforming computing in the process.

SignalRed

SignalRed

SignalRed provides the cutting edge next-generation penetration testing and secure development solutions to startups and large enterprises.