The cybersecurity authorities of the United States of America ordered last week that all federal agencies correct flaws in software exploited by hackers. They are believed to be linked to foreign governments.
"These vulnerabilities pose an unacceptable risk to federal network security," said Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), in a statement. CISA's "emergency directive" gives agencies five days to update the software This does not apply to Pentagon computer networks, which are not under CISA jurisdiction. This does not apply to Pentagon computer networks, which are not under CISA's jurisdiction.
The vulnerabilities in question lie in a type of software made by VMware, whose products are widely used in the US government. On April 6, the California-based technology giant issued a fix for the flaws in software that would allow hackers not only remotely access files, but also install themselves on the network itself. Two days after the patch was released, the hackers discovered an alternative way to hack into computers using the vulnerabilities, according to CISA. This event forced VMWare to release updates of software to address these newly discovered vulnerabilities, which CISA ordered the agencies to address.
The agency did not identify the hackers or which systems they have served as.
As a rule, CISA officials use their emergency authority to compel agencies to address serious shortcomings in their systems. software when spies or criminals can attack your security. In the last 3 years, this agency has already made use of its resources 10 times, including in response to the call "campaign of hackers" SolarWindswhich is believed to have been carried out by Russian agents. This ended up going unnoticed by US authorities for a long time, resulting in a security breach of at least nine federal agencies, including those dealing with national security, such as the departments of Homeland Security and Justice.
https://edition.cnn.com/2022/05/18/politics/software-bug-warning-vmware/index.html
