Threat actors continue to try to exploit vulnerabilities in the open-source Apache log4j2 library, collectively known as Log4Shell, security researchers say, meaning IT teams have to work faster to find and fix evidence of bugs in their software .

The latest alert comes from Microsoft, which announced on Monday that attackers from a China-based ransomware operator, dubbed DEV-0401, had already started patching the CVE-2021-44228 vulnerability in internet-connected systems on Jan. 4 exploit running VMware Horizon. “Our investigation shows that successful intrusions into these campaigns led to the deployment of the NightSky ransomware,” Microsoft said in its cumulative blog on Log4Shell.

Microsoft’s report follows a Jan. 5 warning from the UK’s National Health Service that attackers are actively targeting Log4Shell vulnerabilities in VMware Horizon servers to set up web shells. The attack will likely consist of a reconnaissance phase in which the…

Source link

Leave a Reply