Feds are warning that adversaries are exploiting a weeks-old bug in VMware s Workspace One Access and Identity Manager products. Those products are two of 12 impacted by a command-injection vulnerability, tracked as CVE-2020-4006, and patched on Friday. Russian-state threat actors are now leveraging the vulnerability to launch attacks to pilfer protected data and abuse shared authentication systems, the U.S. National Security Agency says. On Monday, the NSA urged IT security teams to review and harden configurations and monitoring of federated authentication providers.
Source: https://threatpost.com/nsa-vmware-bug-under-attack/161985/