WASHINGTON – The U.S. Cybersecurity Watchdog Agency on Wednesday ordered federal officials to update or remove a number of products made by digital services company VMware Inc., saying hackers are actively using vulnerable versions of products to hack into targeted companies.
The Cybersecurity and Infrastructure Security Agency (CISA) says in a statement that hackers have been able to reverse engineer recent updates to VMware products and use knowledge to target older versions and hack into un patched devices.
Affected products include VMware Workspace ONE Access, aimed at providing one-stop access to various digital services, and VMware vRealize Automation, which helps manage and automate complex IT processes.
CISA states that any unpatched VMWare devices still accessible from the Internet should be considered compromised.
VMware, which was launched by Dell Technologies Inc. last year, said in a blog post to its customers, “It’s very important that you take immediate steps to patch or mitigate these issues by installing on-premises.”
CISA Director Jane Easterly said in a statement that vulnerabilities in older versions of VMWare products created “an unacceptable risk to federal network security”.
“We strongly urge every organization – large and small – to follow the lead of the federal government and take similar steps to secure their networks,” he said. (Reporting by Rafael Satter; Editing by Jonathan Otis and Richard Pulin)