![]() Hackers at Iran's Ministry of Intelligence and Security (MOIS), which are tracked as MuddyWater, have also recently been using Log4Shell to compromise organizations in Israel but via unpatched server software from an Israeli vendor that includes Log4J, according to Microsoft. VMwares Horizon virtualization platform has become an ongoing target of attackers exploiting the high-profile Log4j flaw to install backdoors and cryptomining malware. The Cybersecurity and Infrastructure Security Agency (CISA) in September warned organizations to patch VMware Horizon's Log4Shell flaws, some nine months after VMware released its Log4Shell patches for Horizon servers. The exploit used in this attack was initially published on GitHub on December 13. Organizations should have patched this flaw months ago. The US Treasury sanctioned Lazarus in 2019 for crypto and banking system heists that it said helped raise revenues to fund North Korea's nuclear weapons and ballistic missile programs. ![]() Lazarus, also tracked as Hidden Cobra and APT38, is known for stealing hundreds of millions in cryptocurrency from crypto firms. In VMware Horizon servers to establish web shells, the threat actors are actively targeting and exploiting the Log4Shell vulnerabilities. The vulnerability, dubbed PrintNightmare and tracked as CVE-2021-34527, is located in the Windows Print Spooler service and the public exploits available for it are being improved. Scared of the dark? You won't be if you get one of our favorite flashlights Days later, threat actors were installing Cobalt Strike implants in multiple VMware Horizon servers. This article has been indexed from The Hacker News A 'potentially destructive actor' aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. How to convert your home's old TV cabling into powerful Ethernet lines Log4Shell vulnerabilities in VMware Horizon were exploited to create web shells in January 2022, less than a month after the vendor issued security updates following initial Log4j vulnerability disclosures. This company successfully switched to a four-day workweek. ![]() This tech CEO fired two engineers for having second full-time jobs, warns they're part of a new trend ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |