![]() Initial discovery leads to a burst of patching that still doesn't reach every affected system, he tells Information Security Media Group. The advisory illustrates an all-too-common trajectory of vulnerabilities, says Kumar Saurabh, chief executive and co-founder of cybersecurity firm LogicHub. Attackers in one confirmed compromise detailed by the government advisory were able to gain entry into a sensitive network via a vulnerable instance of VMware Horizon and exfiltrate sensitive law enforcement data.Īny VMware system that has not been updated with the Log4Shell patch or that hasn't been modified with a workaround should be treated as already compromised, CISA and the Coast Guard Cyber Command say.Ĭheck out this joint #cybersecurity advisory from & Cyber detailing cyber threat actors exploiting a #Log4Shell vulnerability in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain access to victim networks. Some load malware with embedded executables that establish a remote connection with a command-and-control server. Multiple threat actors intent on taking advantage of this moment are using Log4Shell to penetrate unpatched VMware Horizon Systems and Unified Access Gateway products, the advisory says. A patch released by the Apache Software Foundation in December set off a global race between systems administrators and hackers - a sprint that some organizations dangerously have yet to complete (see: Serious Log4j Security Flaw: Race Underway to Discern Scope). ![]() Security researchers set off a firestorm late last year when they discovered a zero-day vulnerability in a popular open-source Java data-logging framework present in hundreds of millions of devices. ![]() See Also: Live Webinar | Best Strategies for Transferring Sensitive Financial DataĪ joint advisory from the Cybersecurity and Infrastructure Security Agency and the Coast Guard Cyber Command says advanced persistent threat actors are using the exploit to hack into unpatched VMWare virtual desktop software. System administrators who haven't yet patched the Log4Shell vulnerability could get a rude awakening in the form of state-sponsored hacking, warns the U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |