The US secret service NSA sees Russian actors behind attacks on a security hole in VMware products
NSA recommendations on IT security should be treated with caution, but the advice to quickly install a major VMware update is probably safe.
The National Security Agency (NSA) warns against attacks on VMware products. In the web interface of various products of the manufacturer of virtualization systems a command injection gap was recently closed. An update has been provided VMware on the third December. If you use the corresponding products, you should update them as soon as possible.
According to NSA, the attacks leave a web shell on the vulnerable systems, which allows permanent access. The affected VMware products run an HTTPS web interface on port 8443 by default, which is vulnerable to the vulnerability.
Gap can only be exploited with valid access data
To exploit the gap, valid access data for the affected system is required. Therefore, the attackers probably already knew access data for the affected systems that they obtained by other means, or they found out about them through brute force attacks.
says NSA reports that Russian state-supported actors are behind the observed attacks. The NSA does not provide any evidence for this allegation or further details about the attackers. In general, attributing hacker attacks is difficult and it is often unclear who is behind attacks.
Irrespective of this, the recommendation of the US Secret Service to install the security update from VMware as soon as possible is of course reasonable. Furthermore, you should – as always – make sure to use passwords that are as secure as possible and, above all, unique.
Read the original article here.