SoylentNews

Freeman [soylentnews.org] writes:

https://arstechnica.com/information-technology/2020/12/nsa-says-russian-state-hackers-are-using-a-vmware-flaw-to-ransack-networks/ [arstechnica.com]

The National Security Agency says that Russian state hackers are compromising multiple VMware systems in attacks that allow the hackers to install malware, gain unauthorized access to sensitive data, and maintain a persistent hold on widely used remote work platforms.

The in-progress attacks are exploiting a security bug that remained unpatched until last Thursday, the agency reported on Monday [defense.gov]. CVE-2020-4006, as the flaw is tracked, is a command-injection flaw [owasp.org], meaning it allows attackers to execute commands of their choice on the operating system running the vulnerable software. These vulnerabilities are the result of code that fails to filter unsafe user input such as HTTP headers or cookies. VMware patched CVE-2020-4006 [vmware.com] after being tipped off by the NSA.

Original Submission