Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

Summary Actions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021,treat all affected VMware systems as...

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

CISA and the United States Coast Guard Cyber Command CGCYBER have released a joint Cybersecurity Advisory CSA to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat APT actors, have continued to exploit CVE-2021-44228 Log4Shell in VMware Horizon®...

ManageEngine ADSelfService Plus has been abused in the wild due to a zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT actor is attempting to exploit a zero-day vulnerability in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution that poses a high risk to critical infrastructure companies,...

FBI-CISA-CGCYBER Advisory on APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

The Federal Bureau of Investigation FBI, CISA, and Coast Guard Cyber Command CGCYBER have released a Joint Cybersecurity Advisory CSA detailing the active exploitation of an authentication bypass vulnerability CVE-2021-40539 in Zoho ManageEngine ADSelfService Plus—a self-service password manageme...