Security News
If your organization is running VMware Horizon and Unified Access Gateway servers and you haven't implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency has advised on Thursday. According to the CISA, cyber threat actors, including state-sponsored advanced persistent threat actors, have continued to exploit Log4Shell in unpatched, internet-facing VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations.
The U.S. Cybersecurity and Infrastructure Security Agency, along with the Coast Guard Cyber Command, on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and servers," the agencies said.
CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway servers using the Log4Shell remote code execution vulnerability. Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data.
An advanced persistent threat actor codenamed ToddyCat has been linked to a string of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to deploy the China Chopper web shell and activate a multi-stage infection chain.
Microsoft says support for Windows Subsystem for Linux distros can now be added to any machine running Windows Server 2022 by installing this month's Patch Tuesday updates. "You can now use Windows Subsystem for Linux 2 type distros on Windows Server 2022," Loewen said.
Microsoft says support for Windows Subsystem for Linux distros can now be added to any machine running Windows Server 2022 by installing this month's Patch Tuesday updates. "You can now use Windows Subsystem for Linux 2 type distros on Windows Server 2022," Loewen said.
An advanced persistent threat group, dubbed ToddyCat, is believed behind a series of attacks targeting Microsoft Exchange servers of high-profile government and military installations in Asia and Europe. "The first wave of attacks exclusively targeted Microsoft Exchange Servers, which were compromised with Samurai, a sophisticated passive backdoor that usually works on ports 80 and 443," wrote Giampaolo Dedola security researcher at Kaspersky, in a report outlining the APT. Researchers said ToddyCat a is relatively new APT and there is "Little information about this actor."
An advanced persistent threat group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. At the time, the hacking group exploited the ProxyLogon Exchange flaws that allowed them to gain remote code execution on vulnerable servers to deploy China Chopper web shells.
An advanced persistent threat group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. At the time, the hacking group exploited the ProxyLogon Exchange flaws that allowed them to gain remote code execution on vulnerable servers to deploy China Chopper web shells.
This month's Windows Server updates are causing a wide range of issues, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service enabled. One of the more severe problems is the servers freezing for several minutes after a client connects to the RRAS server with SSTP. Windows Remote Desktop and VPN connectivity issues.