Disir
Platinum Member
- Sep 30, 2011
- 28,003
- 9,610
- 910
THROUGHOUT 2020, AN unprecedented portion of the world's office workers have been forced to work from home as a result of the Covid-19 pandemic. That dispersal has created countless opportunities for hackers, who are taking full advantage. In an advisory today, the National Security Agency said that Russian state-sponsored groups have been actively attacking a vulnerability in multiple enterprise remote-work platforms developed by VMware. The company issued a security bulletin on Thursday that details patches and workarounds to mitigate the flaw, which Russian government actors have used to gain privileged access to target data.
Institutions have scrambled to adapt to remote work, offering employees secure remote access to enterprise systems. But the change comes with different risks and has created new exposures versus traditional office networks. Flaws in tools like VPNs have been especially popular targets, since they can give attackers access to internal corporate networks. A group of vulnerabilities affecting the Pulse Secure VPN, for example, were patched in April 2019, but US intelligence and defense agencies like the Cybersecurity and Infrastructure Security Agency issued warnings in October 2019, and again in January and April, that hackers were still attacking organizations—including government agencies— that had not applied the patch.
I wonder how many do not have the patch as of yet.
Institutions have scrambled to adapt to remote work, offering employees secure remote access to enterprise systems. But the change comes with different risks and has created new exposures versus traditional office networks. Flaws in tools like VPNs have been especially popular targets, since they can give attackers access to internal corporate networks. A group of vulnerabilities affecting the Pulse Secure VPN, for example, were patched in April 2019, but US intelligence and defense agencies like the Cybersecurity and Infrastructure Security Agency issued warnings in October 2019, and again in January and April, that hackers were still attacking organizations—including government agencies— that had not applied the patch.
The NSA Warns That Russia Is Attacking Remote Work Platforms
A vulnerability in VMWare has prompted a warning that companies—and government agencies—need to patch as soon as possible.
www.wired.com
I wonder how many do not have the patch as of yet.