AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Vmware horizon hackers servers under exploit11/18/2023 ![]() ![]() ![]() Log4Shell vulnerabilities in VMware Horizon were exploited to create web shells in January 2022, less than a month after the vendor issued security updates following initial Log4j vulnerability disclosures. "And while patching is vital, it won't be enough if attackers have already been able to install a web shell or backdoor in the network. At 1518 ET another Managed Antivirus detection for Cobalt Strike on another host was identified. "Log4J is installed in hundreds of software products and many organizations may be unaware of the vulnerability lurking in within their infrastructure, particularly in commercial, open-source or custom software that doesn't have regular security support," commented Sean Gallagher, Sophos senior security researcher. On September 24, 2021, VMware confirmed reports that CVE-2021-22005 is being exploited in the wild. The worst part about the early days of Log4J was that VMware released remediation steps rather than actual patches to the log4j libraries. In addition, the researchers uncovered evidence of reverse shell deployment designed to collect device and backup information. "While z0Miner, JavaX, and some other payloads were downloaded directly by the web shells used for initial compromise, the Jin bots were tied to the use of Sliver, and used the same wallets as Mimo - suggesting these three malware were used by the same actor," the researchers say. The vulnerability is an exploit for CVE-2021-44228, a critical arbitrary remote code execution flaw in the Apache Log4j 2.14, which has been under active and high-volume exploitation since December 2021. Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.Ī PowerShell URL connected to this both campaigns suggests there may also be a link, although that is uncertain. 1107 Vulnerability scanning tools automated scanning tools, 593 databases, 593 defenses, 593 hackers, 591 Nessus, 593 SATAN, 593 scripting language. The actor is taking advantage of the presence of the Apache Tomcat service embedded within the VMware Horizon. Cyber security 101: Protect your privacy from hackers, spies, and the government ![]()
0 Comments
Read More
Leave a Reply. |