AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Vmware horizon hackers servers under exploit11/18/2023 ![]() ![]() This made it very hard and time consuming for security teams to discover, track and patch all instances of the flaw on their networks, especially since they depended on fixes being released by a wide range of software vendors. The security team of the UK National Health Service (NHS) said that it detected an unknown threat actor using the Log4Shell vulnerability to hack VMWare Horizon servers and plant web shells for future attacks. However, security experts warned at the time that the issue will likely have a long-term impact since Log4j was used in millions of Java-based corporate applications and third-party products. According to multiple security researchers who spoke with ZDNet, evidence suggests the attackers used CVE-2019-5544 and CVE-2020-3992, two vulnerabilities in VMware ESXi, a hypervisor solution. The vulnerability was originally reported in late November as a zero-day and was patched in Log4j on December 6, triggering an industry-wide patch and mitigation response. The Log4Shell vulnerability, tracked as CVE-2021-44228, is a critical remote code execution flaw in a widely used Java logging library called Log4j. Log4Shellis a vulnerability with a CVE-2021-44228 and a CVSS score of 100. Not the first time the flaw is being detected. The Log4j vulnerabilities are present on versions7.x and 8.x of the VMware Horizon servers. “During remote support, CISA confirmed the organization was compromised by malicious cyber actors who exploited Log4Shell in a VMware Horizon server that did not have patches or workarounds applied.” The long tail of Log4Shell On September 24, 2021, VMware confirmed reports that CVE-2021-22005 is being exploited in the wild. The VMWare Horizon Connection Server is often used as an internet-facing gateway to an organization’s virtual desktop environment (VDI). As mentioned earlier, the exploit is being conducted on VMware Horizon servers that have not been patched. “From May through June 2022, CISA provided remote incident support at an organization where CISA observed suspected Log4Shell PowerShell downloads,” the agency said in a report this week. ![]() The agency published indicators of compromise (IOCs) collected from incidents it investigated as recently as June, highlighting the long-lasting impact of this vulnerability that’s over six months old. Iran state-sponsored hackers are actively exploiting the critical Log4j vulnerability to deploy backdoors on vulnerable VMware Horizon servers in efforts to collect sensitive information from. ![]() Tracked as CVE-2021-21985 (CVSS score 9. Hackers are mass-scanning the Internet in search of VMware servers with a newly disclosed code-execution vulnerability that has a severity rating of 9.8 out of a possible 10. The US Cybersecurity and Infrastructure Security Agency (CISA) has been investigating attacks exploiting the Log4Shell vulnerability in third-party products like VMware Horizon and Unified Access Gateway (UAG). The development follows the publication of a proof-of-concept (PoC) RCE exploit code targeting the VMware vCenter bug. UK’s National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits. ![]()
0 Comments
Read More
Leave a Reply. |