Security News > 2022 > June > CISA: Log4Shell exploits still being used to hack VMware servers
CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway servers using the Log4Shell remote code execution vulnerability.
Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data.
Today, in a joint advisory with the US Coast Guard Cyber Command, the cybersecurity agency said that servers have been compromised using Log4Shell exploits to gain initial access into targeted organizations' networks.
Today's advisory comes after VMware has also urged customers in January to secure Internet-exposed VMware Horizon servers against ongoing Log4Shell attacks.
Since the start of the year, VMware Horizon servers have been targeted by Chinese-speaking threat actors to deploy Night Sky ransomware, the Lazarus North Korean APT to deploy information stealers, and the TunnelVision Iranian-aligned hacking group to deploy backdoors.
Until you can install patched builds by updating all affected VMware Horizon and UAG servers to the latest versions, you can reduce the attack surface "By hosting essential services on a segregated demilitarized zone," deploying web application firewalls, and "Ensuring strict network perimeter access controls."
News URL
Related news
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)