By Raphael Satter
WASHINGTON (Reuters) -The U.S. cybersecurity watchdog agency on Wednesday ordered federal officials to update or remove a slew of products made by digital services company VMWare Inc, saying hackers were actively using vulnerable versions of the products to break into targeted organizations.
The Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory that hackers had managed to reverse engineer recent updates made to VMWare products and were using the knowledge to target old versions and hack into unpatched devices.
The affected products include VMware Workspace ONE Access, which is meant to provide one-stop access to various digital services, and VMware vRealize Automation, which helps manage and automate complex IT processes.
VMWare, which spun off from Dell Technologies Inc last year, did not immediately return a message seeking comment.
CISA Director Jen Easterly said in a statement that the vulnerabilities in old versions of the VMWare products posed “an unacceptable risk to federal network security.”
“We also strongly urge every organization large and small to follow the federal government’s lead and take similar steps to safeguard their networks,” she said.
(Reporting by Raphael Satter; Editing by Leslie Adler and Jonathan Oatis)