07.07.22
Corvus Threat Intel

July 7, 2022: Did you already forget about Log4j? Well, threat actors haven’t.

Cybercriminals have continued to exploit vulnerable VMWare Horizon and United Access Gateway servers that did not apply patches or workarounds for Log4j (CVE-2021-44228). This includes suspected state-sponsored APT groups as well as ransomware operators. Yesterday’s 0-day is today’s compromise.  

Recommendations

CISA recommends all organizations with affected systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities using the IOCs provided in this CSA (https://www.cisa.gov/uscert/ncas/alerts/aa22-174a).

[RELATED POST] August 1, 2022: Confluence Critical Vulnerability, Macros, & MSPs

August 1, 2022: Confluence Critical Vulnerability, Macros, & MSPs

From apps to MSPs, threat actors continue to find ways to gain entry into victims’ networks. 

[RELATED POST] July 25, 2022: DOJ Fund Recovery, the Dark Web Bargain Bin, VBA Macros Update

July 25, 2022: DOJ Fund Recovery, the Dark Web Bargain Bin, VBA Macros Update

Updates from Microsoft, new research on attack vectors, and good news from the Department of Justice.