Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

NSA Warns That Russian Hackers Are Targeting Virtual Workspaces

The agency urges administrators to prioritize mitigation of a vulnerability affecting six VMware products.

State-sponsored hackers from Russia were able to access protected data by exploiting a vulnerability in remote workspace platforms, according to the National Security Agency.

The NSA is not disclosing the victim entity or the nature of the data accessed. 

“Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication,”  reads an advisory NSA issued Monday. “NSA encourages National Security System, Department of Defense, and Defense Industrial Base network administrators to prioritize mitigation of the vulnerability on affected servers.”

VMware issued an updated patch Dec. 3 for the vulnerability, which affects six of its products and is ranked “important” in severity.  

According to the NSA, the vulnerability allowed attackers to make a command injection that led to the installation of a web shell and the generation of authentication assertions that were sent to Microsoft’s Active Directory Federation Services. Microsoft’s ADFS then granted access to the protected data.

“It is critical when running products that perform authentication that the server and all the services that depend on it are properly configured for secure operation and integration,” reads the NSA advisory. “Otherwise, [Secure Assertion Markup Language] assertions could be forged, granting access to numerous resources. If integrating authentication servers with ADFS, NSA recommends following Microsoft’s best practices, especially for securing SAML assertions and requiring multi-factor authentication.” 

The NSA noted that a password is necessary to access the web-based management interface of a device and thereby exploit the vulnerability and encouraged administrators to ensure those are strong and unique to lower the associated risks. 

The VMware advisory pointed to a description in the MITRE ATT&CK database of known ways attackers go about finding the necessary passwords.

“A variety of methods exist for compromising accounts, such as gathering credentials via Phishing for Information, purchasing credentials from third-party sites, or by brute forcing credentials (ex: password reuse from breach credential dumps),” according to MITRE.

The NSA warned that typical methods used for detecting intrusions connected to the vulnerability would not work because the activity happens within an encrypted transport security layer tunnel. But the agency said administrators can see indications of compromise in server logs—“an ‘exit’ statement followed by any 3-digit number, such as ‘exit 123,’” for example—and should follow incident reporting protocol if they do. 

Source: https://www.nextgov.com/cybersecurity/2020/12/nsa-warns-russian-hackers-are-targeting-virtual-workspaces/170544/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Cyber Security

Malware leveraging flaws in edge routers has been spying on military contracting websites, according to research from Lumen’s Black Lotus Labs. Malware leveraging flaws...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO