Security News

The recently identified vulnerability in the Log4j Java logging package has created headaches for security professionals around the world. Log4j vulnerability reduced security professionals' trust in open-source tools.

An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States. Security analysts at SentinelLabs who have been tracking the activity chose that name due to the group's heavy reliance on tunneling tools, which help them hide their activities from detecting solutions.

A "Potentially destructive actor" aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group "TunnelVision" owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus as well as Charming Kitten and Nemesis Kitten.

Contextualizing supply chain risks in a SaaS environmentIn the wake of the SolarWinds and Kaseya attacks, third-party cybersecurity risks remain top of mind for security leaders. The four types of remote workers your security awareness program must addressNo matter how much technology you acquire or how many specific technical controls you install, when it comes to your information security awareness program, the most important control to tune within your environment is your people.

Attackers have been trying to exploit the vulnerability to compromise systems around the world to deliver cryptominers and ransomware or to establish persistent access for a future attack. According to Rotem Iram, co-founder and CEO of cyber managing general agent At-Bay, the Log4j exploitation risk isn't as high as first thought.

VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. Microsoft also warned two weeks ago of a Chinese-speaking threat actor tracked as DEV-0401 who deploys Night Sky ransomware on Internet-exposed VMware Horizon servers using Log4Shell exploits.

In a warning issued on Thursday, the Dutch National Cybersecurity Centre says organizations should still be aware of risks connected to Log4j attacks and remain vigilant for ongoing threats. "It is expected that malicious parties will continue to search for vulnerable systems and carry out targeted attacks in the coming period," the Dutch cybersecurity agency said.

Threat actors have weaponized a newly discovered bug in SolarWinds Serv-U file-sharing software to launch Log4j attacks against networks' internal devices, Microsoft warned on Wednesday. SolarWinds fixed the vulnerability in Serv-U version 15.3, released on Tuesday.

Attackers looking to exploit recently discovered Log4j vulnerabilities are also trying to take advantage of a previously undisclosed vulnerability in the SolarWinds Serv-U software. It affects version 15.2.5 and previous versions of Serv-U, and has been patched by SolarWinds in version 15.3.

SolarWinds has patched a Serv-U vulnerability discovered by Microsoft that threat actors actively used to propagate Log4j attacks to internal devices on a network. Microsoft says they discovered the vulnerability during their monitoring of the Log4j attacks.