CISA Detect Vulnerabilities In VMWare Products

Uploaded on 2022-05-23 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The US cyber security agency has told officials to update, or remove, a lot of digital service company VMWare Inc. products as hackers are using insecure versions to hack into targeted organisations. VMWare  is a leading company in virtualization technology and an innovator in cloud and business mobility

VMware View is used in small businesses up to major enterprise and institutional concerns. Occasionally, some client machines will randomly disconnect from the VMware View server. Several glitches may cause this and there are just as many solutions to such disconnect problems.

The Cybersecurity and Infrastructure Security Agency (CISA) has said that hackers had reverse engineered current updates made to VMWare products and were using the information to hack into unpatched older devices.
The affected products include VMware Workspace ONE Access, which is meant to provide one-stop access to various digital services, and VMware vRealize Automation, which helps manage and automate complex IT processes.

CISA says unpatched VMWare devices should be considered to be compromised and should be checked straight away.

The CISA says in its Advisory notice on its website, “Malicious cyber actors were able to reverse engineer the vendor updates to develop an exploit within 48 hours and quickly began exploiting these disclosed vulnerabilities in unpatched devices. “Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit CVE-2022-22972 and CVE-2022-22973, which were disclosed by VMware on May 18, 2022.” 

VMWare has blogged told its customers in a blog post that, "It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments." 

The most common hardware-based cause of random disconnection from VMware View stems from malfunctioning network interface cards. If you experience a single virtual client disconnect, check the NIC on that machine before looking for other causes.

CISA Director Jen Easterly said in a statement that “These vulnerabilities pose an unacceptable risk to federal network security,” said CISA Director Jen Easterly. “CISA has issued this Emergency Directive to ensure that federal civilian agencies take urgent action to protect their networks. “We also strongly urge every organisation, large and small, to follow the federal government’s lead and take similar steps to safeguard their networks,” she said.

CISA:      Reuters:      VMWare:     Chron:       Euronews:      IT News:     VOI:   National Cybersecurity News

You Might Also Read: 

CISA, NSA And The Dual Hat:
 

« Canada Bans China From Its 5G Networks
European Union Agrees New Cyber Security Legislation »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

CYQUEO

CYQUEO

CYQUEO is your professional partner and system integrator. We secure your organization against advanced cyber threats.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

Eco Recycling (Ecoreco)

Eco Recycling (Ecoreco)

Eco Recycling is India's first and leading professional E-waste Management Company that has set industry benchmarks with its innovative & environment friendly disposal practices.

Blueskytec (BST)

Blueskytec (BST)

Blueskytec has applied its experience of over three decades of working in the field of embedded systems and encryption to provide a scalable and appropriate technology for cyber-physical devices.

Cyber Command - Estonian Defence Forces

Cyber Command - Estonian Defence Forces

The main mission of the Cyber Command is to carry out operations in cyberspace in order to provide command support for Ministry of Defence’s area of responsibility.

CNS Group

CNS Group

CNS Group provides industry leading cyber security though managed security services, penetration testing, consulting and compliance.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.

Liquid C2

Liquid C2

Liquid C2 offers leading solutions to streamline workplace operations, secure cloud storage, rapid data recovery, and scale growth.

Mesh Security

Mesh Security

Mesh Security transforms security data, tools, and infra for enterprise-wide visibility and control.