CISA Updates Advisory on Cyber Actors Continued Exploitation of Log4Shell in VMware Horizon Systems

CISA has updated the joint CISA-United States Coast Guard Cyber Command CGCYBER Cybersecurity Advisory AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon, originally released June 23, 2022. The advisory now includes IOCs provided in Malware Analysis Report...

Security Bulletin: Content Manager OnDemand for Multiplatforms is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary Apache Log4j is used by Content Manager OnDemand for Multiplatforms as part of its logging infrastructure. CVE-2021-44228 This fix includes Apache Log4j V2.17.1. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code o...

A week in security (June 27 – July 3)

Last week on Malwarebytes Labs: Ransomware review: June 2022 AstraLocker 2.0 ransomware isn’t going to give you your files back YTStealer targets YouTube content creators ZuoRAT is a sophisticated malware that mainly targets SOHO routers Amazon Photos vulnerability could have given attackers acce...

Patchable and Preventable Security Issues Lead Causes of Q1 Attacks

Eighty-two percent of attacks on organizations in Q1 2022 were caused by the external exposure of a known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18...

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

The Cybersecurity and Infrastructure Security Agency CISA and Coast Guard Cyber Command CGCYBER released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway UAG servers. The VMware Horizon is a...

Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware

We analyzed cases of a Log4Shell vulnerability being exploited in certain versions of the software VMware Horizon. Many of these attacks resulted in data being exfiltrated from the infected systems. However, we also found that some of the victims were infected with ransomware days after the data...

CISA Log4Shell warning: Patch VMware Horizon installations immediately

CISA and the United States Coast Guard Cyber Command CGCYBER are warning that the threat of Log4Shell hasnt gone away. Its being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerabili...

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

The U.S. Cybersecurity and Infrastructure Security Agency CISA, along with the Coast Guard Cyber Command CGCYBER, on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks...

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

CISA and the United States Coast Guard Cyber Command CGCYBER have released a joint Cybersecurity Advisory CSA to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat APT actors, have continued to exploit CVE-2021-44228 Log4Shell in VMware Horizon®...

Security vulnerabilities: 5 times that organizations got hacked

Businesses and governments these days are relying on dozens of different Software-as-a-Service SaaS applications to run their operations — and it’s no secret that hackers are always looking for security vulnerabilities in them to exploit. According to research by BetterCloud, the average company...

Security Bulletin: Multiple vulnerabilities have been identified in Apache Log4j shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228)

Summary Multiple vulnerabilities have been identified within the Apache Log4j library that is used within IBM Tivoli Netcool/OMNIbus Common Integration Libraries. These vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote...

Announcing Metasploit 6.2

Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes. Since Metasploit 6.1.0 August 2021 until the latest Metasploit 6.2.0 release we’ve added: 138 new modules 148 enhancements and features 156 bug fixes Top modules Each...

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

A rapidly evolving IoT malware dubbed “EnemyBot” is targeting content management systems CMS, web servers and Android devices. Threat actor group “Keksec” is believed behind the distribution of the malware, according to researchers. “Services such as VMware Workspace ONE, Adobe ColdFusion,...

Researchers Find New Malware Attacks Targeting Russian Government Entities

An unknown advanced persistent threat APT group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022. "The campaigns ... are designed to implant a Remote Access Trojan RAT that can be used to...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228Apache Log4j Remote Code Execution） all log...

Put SecOps in the Driver’s Seat with Custom Assessment and Remediation

When zero-day threats emerge, time is of the essence. Security teams struggle to manage and respond to a range of challenges that often require custom approaches outside of existing vulnerability and security programs. Recently, many companies scrambled to mount their defenses against the Log4She...

Closing the Gap Between Application Security and Observability

Infosec Insiders columnist Daniel Kaar, global director application security engineering at Dynatrace. When it’s all said and done, application security pros may come to look upon the Log4Shell vulnerability as a gift. Potentially one of the most devastating software flaws ever found, Log4Shell...

Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor

The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped aka Manuscrypt implant against targets located in its southern counterpart. "The attacker used the Log4j vulnerability on VMware Horizon products that wer...

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

Recently reported VMware bugs are being used by hackers who are focused on using them to deliver Mirai denial-of-service malware and exploit the Log4Shell vulnerability. Security researchers at Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and...

Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang

The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to...