CISA has released a new report that outlines attacks that are still using the Log4Shell vulnerability (CVE-2021-44228) and targeting VMware Horizon and Unified Access Gateway (UAG) servers. Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data. This report outlined attacks where APT actors were remotely accessing unpatched versions of VMware and implanting loader malware on compromised systems with embedded executables enabling remote Command and Control (C2). In one of the confirmed attacks, threat actors were seen moving laterally around the network and stealing sensitive files.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security