Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
An unknown threat group has been observed attacking VMware Horizon servers running versions with Log4j vulnerabilities.
1 Min Read
The UK's National Health Service (NHS) Digital has issued an advisory warning of attackers actively targeting Log4j vulnerability CVE-2021-44228 in VMware Horizon servers to establish persistence.
Officials say the threat group is unknown. The observed attacks target the Log4j vulnerability in the Apache Tomcat service, which is embedded within VMware Horizon.
Their attack activity likely contains a reconnaissance phase, in which they use the Java Naming and Directory Interface (JNDI) via Log4Shell payloads to call back to malicious infrastructure, the NHS wrote in its advisory.
"Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service," officials explained.
The attacker could then use this Web shell to conduct malicious actions such as deploying more malware, exfiltrating data, or launching a ransomware attack. In the advisory, the NHS noted more VMware systems may be vulnerable and companies should review the VMSA-2021-0028 security advisory: VMware Response to Apache Log4j Remote Code Execution Vulnerability
Read more details here.
About the Author(s)
You May Also Like
More Insights
Webinars
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
