{"id":445044,"date":"2022-05-19T13:56:53","date_gmt":"2022-05-19T11:56:53","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=445044"},"modified":"2022-05-19T14:04:03","modified_gmt":"2022-05-19T12:04:03","slug":"hackers-are-actively-exploiting-a-critical-vmware-vulnerability","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/445044-hackers-are-actively-exploiting-a-critical-vmware-vulnerability.html","title":{"rendered":"Hackers are actively exploiting a critical VMware vulnerability"},"content":{"rendered":"<p>Security researchers report that attackers are exploiting unpatched VMware vulnerabilities to infect enterprise networks with malicious code.<\/p>\n<p>In a <strong><a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-138b\">report<\/a><\/strong> released yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) attributed these attacks to advanced persistent threat actors \u2014 organised hacker groups usually backed by a nation-state.<\/p>\n<p>The vulnerabilities let attackers trigger a server-side template injection that allows remote code execution or escalation of privileges to root.<\/p>\n<p>Root access, in turn, allows attackers to wipe logs, escalate permissions, and move laterally to other systems.<\/p>\n<p>CISA\u2019s report listed CVE-2022-22954 and CVE-2022-22960 as the vulnerabilities that threat actors have exploited in VMware services.<\/p>\n<p>VMware patched these vulnerabilities on 6 April. However, CISA said attackers reverse-engineered the patches within two days to develop an exploit, which they then launched against unpatched devices.<\/p>\n<p>Because of this, CISA has advised Federal Civilian Executive Branch agencies to implement the updates outlined in VMware\u2019s <strong><a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0014.html\">Security Advisory VMSA-2022-0014<\/a><\/strong>.<\/p>\n<p>If there is a delay in updating the affected software, these agencies should remove the compromised software from their networks until they can correct it.<\/p>\n<p>\u201cDue to the rapid exploitation of these vulnerabilities, CISA strongly encourages all organisations with affected VMware products accessible from the internet\u2014that did not immediately apply updates\u2014to assume compromise and initiate threat hunting activities using the detection methods provided,\u201d CISA said.<\/p>\n<p>Alongside CISA\u2019s report, VMware <strong><a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0014.html\">disclosed<\/a><\/strong> the discovery and patching of two new vulnerabilities, CVE-2022-22972 and CVE-2022-22973.<\/p>\n<p>CVE-2022-22972 has a severity rating of 9.8 out of 10, while CVE-2022-22973 is rated at 7.8.<\/p>\n<p>Considering the speed at which attackers reverse engineered previous security patches, network administrators should be on high alert and actively investigate these vulnerabilities.<\/p>\n<hr \/>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/security\/444636-e-mail-attack-costs-company-r100-million.html\">E-mail attack costs company R100 million<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Attackers reverse-engineered a VMWare patch in two days and are gunning for enterprise networks, exploiting a security vulnerability with a 9.8 severity rating.<\/p>\n","protected":false},"author":341094,"featured_media":445050,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[78462,801,49767,13713],"class_list":["post-445044","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-malware","tag-security-vulnerabilities","tag-vmware"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/445044"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341094"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=445044"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/445044\/revisions"}],"predecessor-version":[{"id":445154,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/445044\/revisions\/445154"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/445050"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=445044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=445044"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=445044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}