One month after the details of the initial Apache Log4j vulnerability became known, attacks on applications running vulnerable versions of the tool continue, including a recent wave of attacks targeting VMware Horizon servers by an unidentified threat group.

VMware Horizon server versions 8.x and 7.x are vulnerable to two of the Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046). Officials with the UK’s National Health Service Digital said an attack group was taking advantage of these two flaws to install webshells on compromised servers to maintain persistence. Using webshells is an increasingly popular technique for attackers looking for an easy way to maintain persistence on Internet-facing servers that they compromise. They are simple, small files that can easily go unnoticed on a server and give an attacker remote access and the ability to execute other commands on the computer. Since the beginning of the Log4j saga in …

Source link

Leave a Reply