Making the Switch: Understanding the Limitations of Outdated Telecom Solutions
Confronting the Limitations of Legacy Systems In the rapidly evolving realm of telecommunications, businesses are often constrained by outdated systems
Our hand-picked technology partners amplify our ability to architect and implement multi-vendor solutions, enabling seamless, secure, and efficient integration of cloud and next-generation networks into a single easy-to-manage solution.
Featured Partner
Gain invaluable customer insights to provide personalized experiences your customers want.
Enhance your data security and network connectivity with our trusted team of experts, available 24/7.
Move your manufacturing business forward with expert custom solutions and optimized applications.
Innovative solutions keep security, budget and enhanced experiences top of mind.
Seamlessly transition to most up-to-date technology while keeping your patients’ health data safe.
Confronting the Limitations of Legacy Systems In the rapidly evolving realm of telecommunications, businesses are often constrained by outdated systems
Top 10 Considerations When Choosing a NOCaaS Managed Services Provider Picking a NOCaaS (Network Operations Center as a Service)
The Rise of NOC as a Service and Its Crucial Role in Network Vigilance Organizations are struggling now more than
SALT LAKE CITY, September 1, 2023 — Today, Lightstream, a trailblazer in Secure Digital Transformation, Zero Trust security methodology, next-generation
With a looming recession and uncertainty growing, more organizations are looking for ways to cut spending and increase efficiencies. Many
VMWare Infrastructure Actively Exploited to Compromise Organizations. CISA, the Cybersecurity and Infrastructure Security Agency, has issued an emergency directive highlighting an escalation of successful attacks against commonly deployed enterprise components of VMWare virtual infrastructure. The directive points to an escalation of successful attack against a series of VMWare vulnerabilities that are exploited independently, or in combination, to fully compromise VMWare infrastructure in these organizations. While VMWare has issued patches for these vulnerabilities, attackers have quickly reverse engineered them to develop and weaponize exploits now appearing in the wild.
The attacks highlighted require network access, but successful attackers have utilized 3rd party network access and web exposed servers to compromise vulnerable VMWare components and gain full access.
Business Impact
Exploitation of this set of vulnerabilities gives attackers complete control over the VMWare virtual infrastructure. This means that critical business systems can be manipulated, destroyed, or silently monitored by attackers. If your organization depends on VMWare components highlighted below your business is likely at risk of compromise.
Security Impact
The CVE numbers for the critically impacted vulnerabilities are CVE-2022-22954, CVE-2022-22960, CVE-2022-22972, CVE-2022-22973; however, the primary point of attack has been CVE-2022-22954 which has a CVSS score of 9.8 (originally published 4/11/22) and results in a potential Remote Code Execution (RCE). It is recommended that any exposed components to the Internet should be assumed compromised and disconnected/investigated immediately. VMWare customers should also immediately deploy additional monitoring of their VMWare infrastructure and monitor for IOCs.
VMWare Infrastructure Actively Exploited to Compromise Organizations Urgent Actions Required
Recommendations
The vulnerabilities are present in the following VMWare components: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. These should be placed under heightened security monitoring, patches urgently applied (if not already done) and threat hunt activity should be initiated using the available Indicators of Compromise (IOCs). This situation highlights the criticality of operating a vulnerability management program.
Register for Lightstream Insights
©2024 Lightstream Managed Services, LLC. All Rights Reserved.