Malicious cyber actors continue to use Log4Shell in VMware Horizon systems

32

Actions to be taken today:
• Install fixed builds and update all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds are not applied promptly after VMware released updates for Log4Shell in December 2021, Treat all affected VMware systems as compromised.
• Minimize the Internet-facing attack surface by hosting critical services in a segregated demilitarized zone (DMZ), ensuring tight access controls at the network edge, and deploying regularly updated web application firewalls (WAFs) in front of publicly facing services

The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber ​​Command (CGCYBER) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about cyber threat actors, including government-sponsored Advanced Persistent Threat (APT) actors Continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to…



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.