Cybersecurity authorities in the United States of America last week ordered all federal agencies to fix software flaws exploited by hackers. These are believed to be linked to foreign governments.
"These vulnerabilities pose an unacceptable risk to the security of the federal network," Jen Easterly, director of the U.S. Cyber Security and Infrastructure Agency (CISA), said in a statement. CISA's "emergency directive" gives agencies five days to update vulnerable software, or as a last resort, remove it entirely from their networks. This does not apply to Pentagon computer networks, which are not under CISA's jurisdiction.
The vulnerabilities in question are in a type of software made by VMware, whose products are widely used in the US government. The California-based tech giant issued a patch on April 6 for the software flaws that would allow hackers to not only remotely access files, but to install themselves on the network itself. Two days after the patch was released, hackers discovered an alternative way to break into computers using the vulnerabilities, according to CISA. This event forced VMWare to release software updates to patch these newly discovered vulnerabilities, and which CISA ordered agencies to address.
The agency did not identify the hackers or which systems they served as.
As a rule, CISA officials use their emergency authority to force agencies to address serious software flaws when spies or criminals might attack their security. In the past three years, this agency has used its resources 10 times, including in response to the so-called SolarWinds " hacking campaign," which is believed to have been carried out by Russian agents. This ended up going unnoticed by U.S. authorities for a long time, resulting in a security breach of at least nine federal agencies, including those dealing with national security, such as the departments of Homeland Security and Justice.
https://edition.cnn.com/2022/05/18/politics/software-bug-warning-vmware/index.html
