US Cyber Command, CISA warn of hackers exploiting critical VMware flaw

Hackers have been leveraging a critical flaw in the software that Silicon Valley vendor VMware uses to manage virtual machines in large data centers, U.S. Cyber Command warned on Saturday.

The flaw allows an attacker to execute code remotely and potentially infiltrate sensitive computing environments that run on VMware’s widely used server management software.

Security fixes have been available since May 25, but the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and Cyber Command, a U.S. military unit, urged users to update their software after researchers discovered at least one public exploit for the vulnerability.

“Please patch immediately!” the command tweeted on Saturday. VMware itself issued an urgent advisory telling clients to apply the patch on May 25.

As corporations and government agencies increasingly use cloud computing to consolidate data, the value of flaws in code built by VMware and other vendors has only grown.

Bad Packets, a Chicago-based threat intelligence provider, reported mass online scanning for the VMware vulnerability on June 3. Not long after that, security researcher Kevin Beaumont said hackers hit a simulated network he set up to detect exploitation of the flaw.

The VMware exploit is the latest case of a critical bug in popular enterprise software offering an opening for an array of capable hackers. Over the last year, federal officials have had to respond to persistent hacking operations that are only exacerbated when organizations fail to update their software.

In recent months, for example, two China-linked hacking groups have been exploiting the Pulse Connect Secure VPN software in activity affecting U.S. government agencies and the defense, transport and telecommunications sectors.