Warning of the risk of attacks on agencies and organizations through VMware software vulnerabilities

The National Cyber ​​Security Monitoring Center (NCSC) has warned state agencies, organizations and enterprises about the danger of cyberattacks on the systems of units through serious security gaps in the section. VMware software.

New vulnerabilities discovered in VMware products allow attackers to remotely insert and execute code (Artwork: Internet).

Warning information about the risk of attacking agencies and organizations through vulnerabilities in VMware is sent to specialized units by the National Cyber ​​Security Monitoring Center (NCSC) under the Department of Information Security, the Ministry of Information and Communications. Responsible for IT ministries, ministerial-level agencies, Government agencies; Department of Information and Communications; State corporations, corporations; Joint Stock Commercial Banks; financial institutions and systems of units in charge of information security on February 24.

The security vulnerabilities “CVE-2021-21972”, “CVE-2021-21973” and “CVE-2021-21974” in VMware products (vCenter, ESXi, Cloud Foundation) have been published by this software company. February 23, 2021. These vulnerabilities allow attackers to remotely insert and execute code.

In particular, the “CVE-2021-21972” vulnerability in VMware vCenter Server has a serious impact. Through preliminary assessment of National Cyber ​​Safety Monitoring Center experts, exploit codes of this security vulnerability will soon be published on the Internet.

Using these exploit codes, hackers can attack VMware vCenter servers, thereby controlling information systems of agencies and organizations in malicious attack campaigns.

According to estimates, there are currently about 6,748 systems using VMware vCenter which are operating publicly on the Internet, of which there are more than 150 systems in Vietnam.

In order to ensure information security for the unit’s information system, contributing to ensuring the safety of Vietnam’s cyberspace, the National Cyber ​​Security Monitoring Center recommends agencies, organizations and joint ventures. industry checks, reviews and verifies information systems that are likely to be affected by the above-mentioned security vulnerabilities and has plans to deal with and fix them.

Units are also recommended to update and upgrade to the latest VMware version to fix the critical security vulnerability “CVE-2021-21972” and other newly discovered security vulnerabilities.

In addition, agencies, organizations and businesses need to strengthen supervision and be ready to deal with signs of network exploitation and attacks.

For agencies, organizations with good technical personnel can test to penetrate the system through this vulnerability.

In case of need, you can contact the support contact point of the Department of Information Security (Ministry of Information and Communications): National Cyber ​​Security Monitoring Center at 02432091616 and email address ais @ mic.

In the first month of 2021, the organization of inspection, assessment, monitoring, and assurance of network safety and security for information systems serving e-government continued to be promoted. The National Cyber ​​Security Surveillance Center under the Department of Information Security, the Ministry of Information and Communications recorded 326 cyber attacks causing incidents on information systems in Vietnam in January 2021, up 3, 49% compared with December 2020 and increase 15.19% over the same period in January 2020.

To ensure cyberinformation security, the Ministry of Information and Communications continues to strengthen monitoring, proactively scanning on Vietnam’s cyberspace, evaluating and statistics, and continuing to promote propaganda and warning in all localities. mass media for users to know and avoid.


Zalo users object to the collection of images and personal data

Zalo users object to the collection of images and personal data

More and more Zalo users share posts regarding their claims about the right to use personal data. They do not want Zalo to collect images and data when using this social network.


Leave a Reply

Your email address will not be published. Required fields are marked *