A cybersecurity expert said VMWare is a natural target.

The UK’s National Health Service (NHS) has issued an alert on Log4Shell attacks on VMware software.

The Cyber ​​Alert Service says an unknown threat group is attempting to exploit a log4j vulnerability in VMware Horizon servers to establish a presence on affected networks. If successful, attackers could steal data or deploy ransomware.

VMware confirmed the exploit attempts.

“The attack likely consists of an reconnaissance phase in which the attacker uses the Java Names and Directory Interface (JNDI) via Log4Shell payloads to call back malicious infrastructure,” the NHS alert said. “Once a vulnerability is identified, the attack uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the (VMware) Blast Secure Gateway service.”

The web shell can then be used by an attacker to execute a variety of…

Source link

Leave a Reply