Log in
Register
Cyber Forum
More options
Toggle width
Share this page
Share this page
Share
Share
Cyber Forum
Log in
Register
More options
Toggle width
Share this page
Share this page
Share
Share
Menu
Install the app
Install
Home
CyberWeekly Podcast
Breaking News! Podcast
Cyber Risk Rating
Forums
New posts
Forum list
Trending
Leaderboards
News Feeds
Resources
Latest reviews
Sophos X-Ops Intelix
Threat Reports
Members
Current visitors
My.CompTIA
Help Documents
Preference Center
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="MJ Shoer" data-source="post: 2734" data-attributes="member: 3"><p><h3><span style="color: rgb(250, 197, 28)">ACTIONABLE</span> <span style="color: rgb(226, 80, 65)">Severity: High</span> <span style="color: rgb(0, 168, 133)">TLP: Green </span><a href="https://forum.comptiaisao.org/resources/vmware-urges-customers-to-patch-vmware-horizon-servers-against-log4j-attacks.1338/" target="_blank">VMware Urges Customers to Patch VMware Horizon Servers Against Log4j Attacks</a></h3><p><strong>Summary</strong>:</p><p>“VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks” (<a href="https://securityaffairs.co/wordpress/127214/security/vmware-horizon-patches-log4j-flaws.html" target="_blank">Security Affairs, 2022</a>).</p><p></p><p>There are currently tens of thousands of VMware Horizon servers exposed to attacks according to Shodan scans.</p><p></p><p>Most recently, the Night Sky ransomware group has been exploiting Log4Shell (CVE-2021-44228) in vulnerable VMware Horizon systems. VMware has addressed their Log4Shell vulnerabilities with the release of 2111, 7.13.1, and 7.10.3, but many systems remain unpatched.</p><p></p><p><strong>Analyst Comments:</strong></p><p>“Recently, Microsoft posted a warning about a new campaign from a China-based actor it tracks as DEV-0401 to exploit the Log4Shell vulnerability on VMware Horizon systems exposed on the internet, and deploy Night Sky ransomware. The security team at the UK National Health Service (NHS) also announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install webshells” (<a href="https://securityaffairs.co/wordpress/127214/security/vmware-horizon-patches-log4j-flaws.html" target="_blank">Security Affairs, 2022</a>).</p><p></p><p>These webshell are quite dangerous, allowing threat actors to exfiltrate data from systems and even deploy ransomware. By using VM Blast Secure Gateway, threat actors can move laterally through the target organizations network, which is important for ransomware distribution.</p><p></p><p><strong>Mitigation</strong>:</p><p>VMware is strongly urging customers to patch their Horizon servers to defend against these active attacks. Multiple VMWare products, including VMware Horizon products, are impacted by remote code execution vulnerabilities via Apache Log4j (CVE-2021-44228, CVE-2021-45046).</p><p></p><p>The risk that cybercriminal groups and nation-state actors could exploit Log4j vulnerabilities in future attacks is still high.</p><p></p><p>Customers should examine <a href="https://www.vmware.com/security/advisories/VMSA-2021-0028.html" target="_blank">VMSA-2021-0028</a> and apply the guidance for Horizon.</p><p></p><p><strong>Source</strong>:</p><p><a href="https://securityaffairs.co/wordpress/127214/security/vmware-horizon-patches-log4j-flaws.html" target="_blank">https://securityaffairs.co/wordpress/127214/security/vmware-horizon-patches-log4j-flaws.html</a></p></blockquote><p></p>
[QUOTE="MJ Shoer, post: 2734, member: 3"] [HEADING=2][COLOR=rgb(250, 197, 28)]ACTIONABLE[/COLOR] [COLOR=rgb(226, 80, 65)]Severity: High[/COLOR] [COLOR=rgb(0, 168, 133)]TLP: Green [/COLOR][URL='https://forum.comptiaisao.org/resources/vmware-urges-customers-to-patch-vmware-horizon-servers-against-log4j-attacks.1338/']VMware Urges Customers to Patch VMware Horizon Servers Against Log4j Attacks[/URL][/HEADING] [B]Summary[/B]: “VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks” ([URL='https://securityaffairs.co/wordpress/127214/security/vmware-horizon-patches-log4j-flaws.html']Security Affairs, 2022[/URL]). There are currently tens of thousands of VMware Horizon servers exposed to attacks according to Shodan scans. Most recently, the Night Sky ransomware group has been exploiting Log4Shell (CVE-2021-44228) in vulnerable VMware Horizon systems. VMware has addressed their Log4Shell vulnerabilities with the release of 2111, 7.13.1, and 7.10.3, but many systems remain unpatched. [B]Analyst Comments:[/B] “Recently, Microsoft posted a warning about a new campaign from a China-based actor it tracks as DEV-0401 to exploit the Log4Shell vulnerability on VMware Horizon systems exposed on the internet, and deploy Night Sky ransomware. The security team at the UK National Health Service (NHS) also announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install webshells” ([URL='https://securityaffairs.co/wordpress/127214/security/vmware-horizon-patches-log4j-flaws.html']Security Affairs, 2022[/URL]). These webshell are quite dangerous, allowing threat actors to exfiltrate data from systems and even deploy ransomware. By using VM Blast Secure Gateway, threat actors can move laterally through the target organizations network, which is important for ransomware distribution. [B]Mitigation[/B]: VMware is strongly urging customers to patch their Horizon servers to defend against these active attacks. Multiple VMWare products, including VMware Horizon products, are impacted by remote code execution vulnerabilities via Apache Log4j (CVE-2021-44228, CVE-2021-45046). The risk that cybercriminal groups and nation-state actors could exploit Log4j vulnerabilities in future attacks is still high. Customers should examine [URL='https://www.vmware.com/security/advisories/VMSA-2021-0028.html']VMSA-2021-0028[/URL] and apply the guidance for Horizon. [B]Source[/B]: [URL]https://securityaffairs.co/wordpress/127214/security/vmware-horizon-patches-log4j-flaws.html[/URL] [/QUOTE]
Name
Verification
Post reply
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
Top
Bottom
Home
Forums
Threat Reports
My.CompTIA
Menu