![]() It has been nearly a month since the turmoil caused by Log4Shell, and yet another week of Log4Shell panic continues. In other instances, the attackers bypassed Cobalt Strike and targeted the Tomcat server in VMware Horizon to drop the Web shell.SecPro #32: Log4Shell – VMware Exploits on the Rise There is also considerable fear that attackers have already exploited the flaw to gain access to many organizations that simply have not discovered the intrusions yet.Īttackers in some instances exploiting the vulnerability in the Tomcat service to execute a PowerShell script for dropping the Cobalt Strike reverse-shell tool on infected systems. ![]() The company also released updates for numerous other products that contained vulnerable versions of Log4j. VMware issued an updated version of VMware Horizon server that addressed the vulnerability back in December 2021 urging organizations using the technology to upgrade to the fixed version, citing the severity of the Log4j flaw and the potential for abuse. Attackers could use the Web shell to carry out a range of malicious activities, including deploying ransomware and other malware, and to steal data from compromised healthcare systems and networks. In a January alert, NHS Digital, said it had observed an unknown threat actor exploiting the Log4J RCE vulnerability in the Apache Tomcat service embedded within VMware Horizon to install a Web shell on compromised systems. ![]() The UK NHS was one of the first to warn about attacks targeting VMware Horizon servers containing the Log4j vulnerability (CVE-2021-44228). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |