By Raphael Satter
WASHINGTON (Reuters) – The U.S. Cybersecurity Agency on Wednesday ordered federal officials to update or remove a number of products from digital services company VMWare Inc., saying hackers were actively using vulnerable versions of the products to break into targeted organizations.
The Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory that hackers managed to reverse engineer recent updates made to VMWare products and used the knowledge to target old versions and hack into unpatched devices.
Affected products include VMware Workspace ONE Access, which aims to provide one-stop access to various digital services, and VMware vRealize Automation, which helps manage and automate complex IT processes.
CISA said all unpatched VMWare devices that are still accessible via the Internet should be considered compromised.
VMWare, which spun off from Dell Technologies Inc. last year, told its customers in a blog post, “It’s…