Top Threats

Hi All,

The NSA issued the following cybersecurity warning:

Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware®1 Access and VMware Identity
Manager2 products [1], allowing the actors access to protected data and abusing federated authentication. VMware
released a patch for the Command Injection Vulnerability captured in CVE-2020-4006 on December 3
rd 2020. NSA encourages National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network
administrators to prioritize mitigation of the vulnerability on affected servers.

------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------

To this point as well, any company utilizing SolarWinds Orion products to check the associated patches that you have or have not pushed. There is a Directive that came out that discloses more information.

------------------------------
Sean Heide
Research Analyst
CSA
------------------------------

Original Message:
Sent: Dec 14, 2020 03:21:35 AM
From: Michael Roza
Subject: NSA Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials

Hi All,

The NSA issued the following cybersecurity warning:

Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware®1 Access and VMware Identity
Manager2 products [1], allowing the actors access to protected data and abusing federated authentication. VMware
released a patch for the Command Injection Vulnerability captured in CVE-2020-4006 on December 3
rd 2020. NSA encourages National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network
administrators to prioritize mitigation of the vulnerability on affected servers.

------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------