Internet-facing attack surfaces should be minimized by hosting essential services on a segmented demilitarized zone. The alert added that the organizations should always keep software up to date and prioritize patching known exploited vulnerabilities. “The malware can function as a C2 tunneling proxy, allowing a remote operator to pivot to other systems and move further into a network,” the agencies noted, adding it also offers a “graphical user interface (GUI) access over a target Windows system’s desktop.” Log4Shell tracked as CVE-2021-44228 (CVSS score: 10.0), is a remote code execution vulnerability affecting the Apache Log4j logging library that’s used by a wide range of consumers and enterprise’s services, websites, applications, and other products.Īfter breaching the networks, they deployed various malware strains providing them with the remote access needed to deploy additional payloads and exfiltrate hundreds of gigabytes of sensitive information. The exploits were targeted by not only run-of-the-mill criminal hackers but also state-sponsored hacking groups as well.Īttackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data. The initial vulnerabilities, including subsequent others, allow hackers to access affected systems. Log4Shell first emerged in December and actively targeted vulnerabilities found in Apache Log4j, open-source software used by numerous companies. CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability.ĬISA, along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks.
0 kommentar(er)
