Submitted by: Daryl Haegley Director, Mission Assurance & Cyber Deterrence at the DOD and (CS)²AI Fellow
By Alyza Sebenius 12/07/20
The U.S. National Security Agency warned that Russia’s hackers are exploiting a flaw in products made by the software company VMware Inc.
The NSA said in a Monday advisory that Russia was using the flaw to “access protected data” and urged administrators of national security and defense systems, as well as defense contractors, to patch their networks and take other measures to reduce the risk of attack.
In a written statement, a VMware representative said that the company “responded to a new security issue” and that it “has provided the appropriate updates and patches to mitigate this issue.” The company encouraged “all customers to apply the latest product updates, security patches and mitigations made available for their specific environment.”
Speaking at an event last month, the NSA’s cybersecurity lead, Anne Neuberger, said that Russia can weaponize publicly known digital flaws in as few as 48 hours -- making prompt patching important.
The NSA warning comes a few days after the Department of Homeland Security issued an alert about Iranian hackers -- saying that they are becoming more sophisticated and improving their offensive arsenal, leading to the possibility of “cyber-enabled kinetic attacks” in the future.
Iranian actors are defacing web pages, taking sites offline by flooding them with traffic, stealing personal data and conducting influence operations on social media, according to a Dec. 3 notice by the Department’s Cybersecurity and Infrastructure Security Agency.